CyberWire Daily - Adam Marrè: Learning to be a leader. [CISO] [Career Notes]
Episode Date: September 25, 2022Adam Marrè, CISO from Arctic Wolf sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world and so he chose to go into the FBI, there... he learned the skills that got him to where he is today. In his time at the FBI, he was able to do what he loved which was working with computers while gaining more knowledge on cybersecurity and became computer forensic certified. Ultimately he needed a change in the end and decided to leave the FBI, He was able to learn the leadership skills he needed to move past that career path and follow a new dream. He is now able to share his passion with the world and help people understand security to help protect themselves as well as helping people finding success in their careers and in their lives. We thank Adam for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hello, my name is Adam Marais.
I am the Chief Information Security Officer at Arctic Wolf.
So growing up, like many people of my vintage, I got into video games at a pretty young age.
And boy, I just loved, you know, the stories, the visuals, everything about video games. And even got into, you know, some of the underlying code and things like that at an early age.
some of the underlying code and things like that at an early age.
And in fact, I actually designed my own video game at, I think I was about seven years old,
and sent my design into Nintendo.
And they were kind enough to send me back a letter saying,
you know, we don't take designs from young children,
but sent me some swag.
But I was very interested in that.
And that's kind of what got me started, my interest in computers and networks and all of that.
But it was not until much later that I got interested in cybersecurity.
So back in those days, and this was, you know, the late 90s, early 2000 time frame,
they didn't have video game design degrees, at least widespread at all.
I mean, that wasn't even a thing.
So I actually went and got a degree in humanities.
And the reason I did that was because they allowed you to cobble together a degree from many different disciplines.
And so I was able to take coding classes, web design classes, as well as art and design and kind of put together a degree for myself.
Through some connections I had, I got an opportunity to try to be an intern.
I actually interviewed originally as a writer and designer at the video game studio that was in my local area.
And I was able to get an internship and I do today as a CISO.
But, you know, I talked to a lot of people who came up around the time I did.
And I think all of us or or most of us, have these
circuitous roots. I was working in video games as a developer leading a design team, and 9-11
happened. And the attacks of September 11th had a profound effect upon me. And I decided at that
time to really make a move to do something different.
I really felt compelled to change my trajectory to something that was more focused on protecting the nation, preventing something like this from happening again.
And as I studied things that I could possibly do, the FBI really jumped out at me as something that I was very interested in.
the FBI really jumped out at me as something that I was very interested in.
And so I started to make moves to be able to qualify for a job with the FBI.
Today, it would be much different. Back in those days, I didn't quite have the qualifications required.
Now they're much more interested in people who have a computer background.
So when I joined the FBI, I was assigned to a smaller satellite office
of a field office. There were only four agents in the office. So I was doing everything from
international terrorism investigations, counterintelligence, gang interdiction,
and including cyber. So I began cyber investigations almost immediately.
And including cyber.
So I began cyber investigations almost immediately.
And that just grabbed me.
I had such an interest in it from the very beginning because it combined my interest and love of computers and networks with everything I had been taught and was learning about investigations.
I eventually became computer forensic certified and was dealing with cases in large scale.
So that was really exciting for me to do, to participate in all those different kinds of investigations.
Really, it came to the point where I really wanted a new challenge.
I loved my time in the FBI. There was a situation that arose with my family where I wanted to change some of the way I was working and going into the
private sector really just seemed to be the answer to that. So I loved my FBI career. It was great.
I really wanted a new challenge and I really wanted the chance to work on the security program from the inside,
see if I could build a world-class, best-in-class security program.
So that was the challenge that I wanted, and it just so happens that one of the things I did as an FBI agent a lot was outreach to various companies.
We would offer to do a presentation to the company. So we would give
these presentations that were security awareness briefings. So I did a lot of these and I happened
to give a briefing to a company called Qualtrics and that turned into an opportunity to interview
with them. And then they ultimately offered me a job. I was one of the first security employees hired.
I think I was fourth or fifth to focus entirely on security.
And that gave me the opportunity to help build a program almost from the ground up.
And I learned a lot doing that.
And that led to, after four years of building that great security program there,
having the chance to join Arctic Wolf. The reason I was interested in Arctic Wolf is because
it's an amazing company that is focused on something that I saw was a huge gap in the
industry. It was just an opportunity I couldn't pass up to join as the chief information security
officer, where I would get to participate both as a leader of the business,
building the internal security team,
but also offer my expertise in an industry in a vertical
that I have a lot of experience in, and that's security operations.
Something I learned really starting when I was on the SWAT team in the FBI, that was probably where these lessons became the most readily apparent.
And that is that leadership is its own domain and set of skills,
aside from whatever it is you're doing.
So you can be a great individual contributor.
But once you start to have leadership roles, there's a whole different set of skills that you need to bring to bear.
And I really started, you know, when I was in the FBI, I really started to work on and hone those skills.
And so I really see leadership or management as taking the time to help your people find success.
And you do that by setting the direction of the team.
So whether that be a mission or overarching mission, I think if you really cover those
things, you give them the direction, you coach, and then you give them training and
experience in their career, you're going to have a world-class team.
As all of us know who work in cybersecurity, you're going to have those days where you just feel like you got punched in the face.
you know, you just feel like you got punched in the face.
How I handle that is really returning back to my principles and what I really believe in.
And I'm really passionate about security and helping people learn all the things they need to do to protect themselves. And I'm also passionate about people finding success in
their careers and in their lives. That helps me get through that adversity.
And then once you have a chance to stop and reflect,
you can look back and do a root cause analysis
or after action review and say,
what could we have done better?
And once you've done that a few times,
it really makes you resilient to adversity
because it really helps you get through
the intensity of the moment,
knowing that you have the systems in place that will help you get there.
And when you've done it enough times that it becomes habit
or you're confident that you're going to do it,
it really lowers that stress in the moment.
The most important thing that you can bring is a desire to work in the field.
Whatever it is that's motivating you, grab onto that, latch onto that.
We really need people.
So if you have that desire, come.
Bring everything.
Bring all of your life experience.
If this is a career change for you, bring your enthusiasm.
If it's what you're doing just right out of high school and into college,
bring that desire and then just be confident as you move forward.
Figure out what area interests you, get technical, deep dive as much as you can,
give it as much experience as you can, and then enter the field.
Don't be afraid, be confident from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their
families at home. Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.