Security / October 22, 2017

Why I Chose a Career in Cybersecurity: Choice, Challenge and the Chance to Play Paladin

When it comes to careers in tech, cybersecurity is the land of opportunity. What’s great about the space is that there’s not just one, but many jobs to choose from.

For example, do you like to break into stuff? You might want to join a small team who penetration tests systems and publishes findings. Or do prefer solo work? Maybe analyzing and reverse engineering pieces of malware could be your thing. Or how about auditing, compliance, understanding active and detective controls? There are so many different career opportunities.

The best incentive I can share: I’d work in information security (InfoSec) for free – and I may not be alone. With the large teams I’ve managed, the number one commonality was a love for what we do.

Cybersecurity Is the Great Enabler

When at Bloomberg, I remember my boss and I preparing to leave research and development (R&D) – a department of some 2,000 people who built and ran all customer software – to work, respectively, as the company’s first-ever chief security officer (CSO) and chief information security officer (CISO).

When we asked the head of R&D for his blessing, he said, “Why go to InfoSec? Nobody wants that job. Nobody likes security – those are the guys who say no. Programmers want the chance to create the next cool trading systems app or work on swaps.”

Thing is, I really liked InfoSec. I saw it as a place to work on different projects to understand what people do and to build things that would either help them do their jobs better or protect their data. While I understood his argument for wanting to write the next great app, I wasn’t deterred. For me, InfoSec is where human psychology and computer science intersect, where you can make a huge difference in even a large organization.

That was about 10 years ago. Now, cybersecurity is where folks want to be. It’s the great enabler. If you don’t have cybersecurity first, you won’t have anything else. It’s like brakes on a car. Without them, you’d never drive faster than three miles per hour. If people can’t trust putting their credit card information onto a web page, they won’t purchase from it. If they can’t trust the security of their personal data, they won’t use an application.

There Will Always Be an Adversary

The information communication technology (ICT) market – everything from routers to switches, computers, you name it – is huge. For 2017, analyst firm Gartner projected worldwide information technology (IT) spending to total $3.5 trillion. Next to ICT is InfoSec, a market Gartner predicts will reach $93 billion in spending in 2018.

I’ve often wondered, why two separate markets? Why not build InfoSec into ICT? During a recent conference in Israel, I asked an analyst her thoughts and she gave a great answer.

In short, she said it’s because ICT will always have an adversary – either outside bad guys trying to get in or unthinking insiders looking to take shortcuts. No matter how safe we build our technology, there will always be someone trying to break it, subvert it, attack it. While malicious attacks are a huge problem, subversion comes in many forms. It could be something as simple and seemingly innocuous as an employee changing a workflow to get out of the office 15 minutes earlier. Or downloading files to a USB drive and handing it to a colleague. Or using Dropbox instead of the company’s chosen file sharing system. People know they’re not supposed to do these things … but they’re easier, faster.

In my experience, InfoSec is:

  • 70 percent internal employees doing something they’re not supposed to – as in examples above.
  • 15 to 20 percent computer or server misconfiguration.
  • only about 10 percent fighting bad guys.

No matter the source, the fact that ICT will always have something or someone trying to break it – either to get data or save time – is a good reminder of why a career in this field is not only “du jour” cool, but also not going away. When you have an adversary, you’ll always need a Paladin. So, part of the InfoSec role is to constantly evolve to defeat the threat and enable the business, all at the same time.

I’m Hooked. Where Do I Start?

A few years ago, Dan Geer, a computer security analyst and risk management specialist, said, “I am gratified that ten days ago the U.S. National Academy of Sciences, on behalf of the Department of Homeland Security, concluded that cybersecurity should be seen as an occupation and not a profession because the rate of change is too great to consider professionalization. That rate of change is why cybersecurity is perhaps the most intellectually demanding occupation on the planet.”

What does it mean then to say you’re a cybersecurity pro? As a medical student, you have centuries’ worth of research available. Not so with cybersecurity. Not only has it not been around long enough, but it’s also changing at such a rapid pace that the best training is on the job. Or, to tweak an @thegrugq tweet, it’s those without college degrees in InfoSec who have invented what’s taught in college InfoSec courses.

So, where to start? While it’s not bad to be broad, it’s great to be focused. Regardless of your level of formal education, figure out what you like – pen testing, malware analysis, incident response – and work hard at it. Remember, InfoSec should be an enabler. Keep an open mind. Work to understand the why first and then what kind of threat incident will carry existential risk. Spend your time fighting those battles and it will pay off.

Why Gigamon?

It all started with a poker game. Long story short, I met a savvy tech investor who told me about a small company’s recent IPO. That was how Gigamon came on my radar, but why I chose to join the company was about the product – and I’d wished I’d known about it longer.

For years, I’d suffered from issues that the GigaSECURE Security Delivery Platform could have solved. For example, our tools worked great if all traffic was coming and going through the same pair of routers. When they could see everything, they reported properly and I could baseline and uncover anomalies. However, like at many large companies, we used asymmetric routing. Traffic could leave someone’s desk, go out to the internet and come back through a different pair of routers. When the tools only saw 50 percent of the traffic – the outbound, but not the inbound – their efficacy fell to zero. I’d been ripping and replacing hundreds of thousands of dollars’ worth of technology annually trying to find one that worked properly, and what I needed was the GigaSECURE Security Delivery Platform.

If you have any questions about a career in cybersecurity, please leave a comment below. I’d also suggest reading about the new Defender Lifecycle Model.

Back to top