CyberWire Daily - Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. Hello, my name is Larry Kashtarlar, and I am a Principal Security Intelligence Response Engineer at Akamai Technologies. If you look at my 1986 yearbook, I think it was my sixth grade class, it says computer scientist for my career path. So I had a love of computers when I was really young.

Starting point is 00:02:01 I guess I knew what field I wanted to get into right off the bat. My school in New York City, this is Brooklyn in the 1980s, was one of the first schools in New York to get computers. So I had a computer class where they were teaching us just basic programming. And then my family had relocated to Maine. And the first school I had gone to didn't have a computer course. This was Forest High School. Wasn't into computers at all. I kind of drifted away. I was struggling with being relocated and ended up moving away again and going to a school which had a computer science department. And I ended up signing up for programming courses. I had a roommate who was also in a computer science class and he didn't have a computer so he would come over and use mine

Starting point is 00:03:05 you know I'd let him use schoolwork and I remember losing track of my friend for about a week so I go to his room I knock on the door and my friend had discovered Linux and what happened was he had installed it on his computer and had just stopped leaving his room for a week. He says, you got to see this. And I'm like, OK. So I come in, he goes, it's Linux. And I'm like, what is that? He's like, it's Unix for your computer.

Starting point is 00:03:42 So then we went upstairs and I partitioned my hard drive to give me some space to take some Windows off and install Linux. And the Windows partition got smaller and smaller and just got deleted. And then I just started learning more about computer security and hacking. And we joined a Linux club at University of Southern Maine. And from there, it just sort of spiraled off into eventually I had left college and I had gotten a job at a local company called NetMain, which was a security company. And I was doing a lot of penetration testing there. That was really my proving ground for just learning about basic security. So that's where my career really started to gain roots.

Starting point is 00:04:23 So that's where my career really started to gain roots. You know, I was being paid, I think at the time, $7 an hour. And my wife, who was working at the hospital, was making $9 an hour. And she was working part-time there, but she was working a little bit less time than I was working full time. And she was making nearly what I was making. So I decided that I was going to leave and join Computer Sciences Corporation. And I had applied there because my friend Chalk had left and said, hey, you know, you know, you should come up here and get a job. You'll make more money. He's like, there's a lot more stuff to do and it's just a better environment. So I'm like, OK. So I applied. And the person interviewing me just happened to be one of the guys that my father had worked with when he had worked near or with BIW for years.

Starting point is 00:05:15 So I kind of knew the guy interviewing me. And I guess I answered everything spectacularly because he called me an hour later and offered me a job. NetMain sort of set me on the course. And then Computer Sciences Corporation gave me a field to hone my skills on and then jumped from that to going to out to California for a year and doubling my income and moving up in the ranks of Unix administrator. and moving up in the ranks of Unix administrator, and then finally getting a job at Akamai. And I was told I had a fan base in Akamai that were watching me, and they were cheering me on. I guess it was this plan concocted to eventually get me into the InfoSec group.

Starting point is 00:06:00 I guess it took years, but eventually I ended up getting pulled into the InfoSec group. They had a tabletop exercise at Akamai where they would pretend that, you know, a system was being broken into. And then they would sort of ask what sort of actions would you take? And it turned out that this meeting was kind of like an interview for me that I didn't know about. And so eventually, you know, after this tabletop exercise, which I guess I had a lot of input into, I got a phone call from the manager for the C-Certs. Hey, how would you like a job in information security group doing what you do at night? Come join my team. You'll be able to go to DEF CON. You'll go to conferences. You'll go to trainings. You'll work with customers on doing security. He's like, you're going to be focused on the security of the internet as a whole.

Starting point is 00:06:45 So you can do all sorts of research that you want to do. And you'll have a lot of fun. It'll be great. And I thought about it for a day. And I'm like, you know, I have to do this. This is my real passion. So I decided to join the InfoSec group. And it's been great since.

Starting point is 00:06:59 I've almost been at Akamai for, I think it's 22 years this August. Next month will be my 22nd year at Akamai for, I think it's 22 years this August. Next month will be my 22nd year at Akamai. There's so much more new technology now than there was 20 years ago. The computing world was way more simpler. You know, you had a server and a client, and now you have a server, client, the cloud, edge systems that are contacting the cloud, and the cloud is not really cloud. It's just someone else's computer. There's all sorts of frameworks now. You know, there's content management systems. There's just dozens of things that you can learn now and you can't expect to be

Starting point is 00:07:46 an expert in all of them. It's good to get familiar with as many as you can, but it's a lot to juggle. And it's when I was 25 years old and my wife was on second shift and all we had was a dog, it was easy to just say, well, I'm going to take this block of time and just read and do this stuff. Now it's like, well, I want to take my son go-karting today. And my wife wants to go out and have some beers and listen to live music tonight. So I'm going to go do that. I'm not going to sit on the computer because honestly, my family wouldn't let me anyway. So it's a big challenge. And as you get older, it probably gets harder because there's just more other distractions. and as you get older it probably gets harder because there's just more other distractions. I don't know, I hope people, you know, use my work to learn from and just enjoy and if it inspires somebody, you know, that's great. If somebody sees something that I've done and says, hey,

Starting point is 00:08:38 you know, I'd like to do something like that and it gets them into the field or it gets them excited about something or it gets them to find their own CVE and document it, you know, that's a win for me. Cyber threats are evolving every second, Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.

CyberWire Daily - Larry Cashdollar: Always learning new technology. [Intelligence response engineer] [Career Notes]

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.