CyberWire Daily - Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes]
Episode Date: May 26, 2024Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant t...o cybersecurity presently. Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our thanks to Richard for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.
My name is Richard Torres. I'm the Director of Security Operations at Syntex.
For some reason, I was just taken by all the police shows, SWAT, ModSquad.
And I grew up always wanting to be either in law enforcement or security.
And when I had the opportunity in high school, I joined the Air Force Junior ROTC. Several years
later, I wound up working as a senior drill instructor at a maximum security boot camp
for at-risk youths. The one thing that was very, very distinctive about juvenile justice is you don't have the same tools you have working with adults.
With adults, they're less concerned with treatment.
And with juveniles, the way the facility is set up, it's still very secure, but it's not run at all like a prison or a jail.
The idea was we have to create an environment that we could
be functional in. So it was very, very different than other security positions where you are
primarily focused on keeping certain things out. So it really gave me a different perspective on
security. After I left juvenile justice and taking with me some bumps and bruises, because as you
can imagine, it can be a very rough environment, I was fortunate enough to start work as a
private investigator.
And I did that for about five years working cases such as insurance fraud, injury claims, child custody cases.
And I worked in that field for about 10 years.
Where I lived was in central Florida.
There was only two real industries because it was more of a retirement area.
You either worked at a bank or a doctor's office because that's what they were, or you worked at the nuclear power plant.
So I went to work in nuclear power, specifically in nuclear security.
I started off as a security officer, which is part of the nuclear security response team.
Just think of a SWAT team that is dedicated to protecting nuclear power plants.
So I did that for 13 years.
And in that time, I was an alarm station operator, a response team leader.
I then became a senior instructor.
In 2008 is when I first started working in nuclear cybersecurity
because the federal government had just put out a rule saying that, you know,
all nuclear facilities in the country had to be compliant with these minimum cybersecurity
standards. So it was a new program. And I had the opportunity to work with some very smart,
And I had the opportunity to work with some very smart, very talented people in learning what cybersecurity really meant to a nuclear power plant.
So after about 10 years of that, I left there to work as a cybersecurity engineer consultant.
There, I got to work with multiple utilities in the US, Canada, UAE, and Japan
and help them set up things
like their incident response program.
So that was a really fascinating deviation
going from carrying a rifle and body armor
to now just carrying around a laptop and thumb drive.
Surprisingly, and I wasn't prepared for this when I started the job,
coming from physical security, diplomacy wasn't really a requirement. Going into cybersecurity,
I learned that diplomacy was at least half of my job. But when you're working
with folks that have been in an industry maybe for 20, 30 years, a lot of what they do is knowledge
of craft. And they have to feel comfortable sharing that with you saying, well, I just do it
because I've always known how to do it and they've trusted me. So that diplomacy really pays off when
you're trying to get honesty and be steered in the right direction.
So I left the nuclear industry and now work at Syntax, which is a managed cloud hosting firm.
And I'm the director of security, which includes compliance, physical security, engineering, governance and compliance, and so forth.
And the way I describe it is where you put your data in the cloud,
my team and I are responsible for making sure that that data is protected,
the facilities that that data lives in protected,
and the data, while it's traveling or at rest, is in a safe state so no one can do it harm.
Security is always a journey. It's never a destination. And along that journey, if you're
not getting smarter, if you're not getting stronger, if you're not understanding the threat landscape better day by day, it will overrun you and eventually you'll be behind the curve.
Most folks don't look at cybersecurity as something they can get into because they think it's a lot more complicated than it really is.
Entry level IT jobs are more about configuration and understanding network traffic.
more about configuration and understanding network traffic. Cybersecurity is really how you apply certain controls to make sure that what you're doing is safe and secure. It's not all that
complicated. So to people getting involved, getting into this field, if you have the opportunity to do
any internship or even to take an entry-level position that has security as part of the
job description or has security functions or duties, getting that level of experience is
going to be crucial. Because one of the hardest things to do is to take your book learning
and then apply it in the real world. Thank you. practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents
connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.