CyberWire Daily - Christian Lees: it's not always textbook. [CTO] [Career Notes]

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. it to be is I actually wanted to be a farmer, believe it or not. I'm assuming not many people on this show say they want to be a farmer, but I guess I was fascinated by kind of like the heavy equipment and like they all had this very unique use case, but that did not take place. I'm not a You know, as a young person, I actually consider myself to be a bit of a late bloomer. For example, I did not go to college immediately after graduating from high school. I actually waited until I was roughly 23 and worked a lot of jobs.

Starting point is 00:02:19 And I quickly realized, I'm like, man, if I'm going to get ahead, I need to go to college. Of course, like any other freshman, I was like, man, if I'm going to get ahead, I need to go to college. Of course, like any other freshman, I was not sure what I wanted to do. I thought I wanted to be in medicine of some sort. A family friend gave me my first computer in college. And I was stoked, man. I'm like, oh, my gosh. Believe you me, this computer that was given to me is completely outdated.

Starting point is 00:02:45 I believe it's like a 486, you know, DX. I did not know how to work on it and I could not get it to print. And so I was forced to ask the person that gave it to me, like, why is it not printing? You know, and I marveled within like 10 seconds. He's like, oh, dude, you just got to hit F10. And I'm like, really? But it was at that moment where I'm like, oh, this is something good. I immediately went to computer science and I've never looked back.

Starting point is 00:03:15 I was actually offered a job from IBM Global Services. And I was like, wow, this is like three times more than I make as a student or four times more living on nothing. So I was really lucky to go directly into the workforce. and it was, you know, the entry level position. In fact, it was desktop support, but I loved it. I was so proud from that point. I fully knew that I'm at the bottom, right? I got to climb and it took me a while to find my way, but I was stoked. Just by pure luck in college, I was introduced to media outlets and I knew that I wanted to work towards information security. So I put in my time. I worked and I got exposure to a lot of different things. And when I left IBM Global Services, I knew that I really had a passion for telephony or network engineering.

Starting point is 00:04:08 I got offered a position at a new company called Level 3 Communications. I was on like cloud nine. At that point, I mean, of course we have to earn a salary, but I'm like, it doesn't even matter. I would pay them to be here and learn this and have exposure to this enterprise networking gear. So I took a position and I primarily helped companies or individuals turn up their co-location services or their dedicated private lines. So that's really where I cut my teeth on network engineering. I owe everything to that opportunity.

Starting point is 00:04:54 from that role i always kind of followed my north star ironically right about that time we hit the dot-com bust all of a sudden it happened 50 of the company was cut and i was just thankful to have a job you know but I was forced to take a role in change management and I was just beside myself, you know, I'm like, oh, I'm so overqualified for this. But in retrospect, oh my gosh, by pure luck, again, I was introduced to something that is so crucial in security. That's change management, right? Understanding the impact, making sure that it's been burned in. To this day, I think change management is a very difficult thing for organizations to comply with or do successfully. Listen, at that time, I was just kind of like really bummed out. I'm like, wow, I took a wrong

Starting point is 00:05:36 turn. What happened? But like everything else, this too passes, right? Stay neutral, stay calm, keep working upwards and onwards and sure enough everything's stabilized and and i i was just by pure luck again recruited in level three to um security engineering took a role as security engineering you know i just kept hungry and uh eventually uh i took another role at trustwave, leaving my favorite place on earth, Level 3 Communications. And even Trustwave, you know, I found myself all of a sudden, I'm like, did I make another wrong turn? Because I was really just focusing on PCI compliance for Fortune 100 brands and kind of a hybrid of pen testing, right? So my job was to grind on the infrastructure and convey to the brand why are they not TCI compliant?

Starting point is 00:06:33 And it was just grinding on infrastructure over and over. I mean, I could spend three or four days just finessing some sort of cross-site scripting, knowing it's there. Sometimes you don't find it, and sometimes you do. From Trustwave, it was the banking collapse in 2010, and I took a position at InfoArmor, and was like delighted I was going to be the CISO. Shortly after taking the job we lost our largest client essentially under a seed fund from Wamuu and I was like wow oh did I make another mistake but it turned out like it was amazing like what a great opportunity. I went to InfoArer it was like green fields i became the cso and help diversify the products and offer largely dark web alerts

Starting point is 00:07:34 i for some reason when i came on at informer as a cso i just felt not afraid of anything and i would pick up the phone and just explore opportunities with companies, you know, and learn like, you know, what's going on and fortunate enough to be able to apply that to our products. And, you know, hopefully it made a difference. If I get 50% of what I want, I'm lucky. You don't always get what you want. And when you don't get what you want, it doesn't mean it's over. For those of us that are pursuing a career in information security,

Starting point is 00:08:19 I always found it kind of interesting that, gosh, when you get there, there's so many flavors of security. Are you focused on web application security? Are you focused on network security? There's just so many different layers of security. And just so find what it is that you love and go after it. And don't let anyone be a naysayer. And use every moment you have and every opportunity to the best of your ability. It's not always textbook.

Starting point is 00:08:51 Define friction points in it. You may join security field not knowing what you're going to do. But by being that curious person and breaking things and putting it back together, you'll find you're the right way. And just never stop being curious. There's just not enough of us. Understand that you have to cut your teeth on things and sometimes you get stuff that you don't really want to do. You might think you're better, but just do it really well and the world will be your oyster. And now, a message from Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.

Starting point is 00:09:58 Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.

CyberWire Daily - Christian Lees: it's not always textbook. [CTO] [Career Notes]

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.