CyberWire Daily - Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]
Episode Date: August 6, 2023Manuel Hepfer a cybersecurity researcher from ISTARI sits down to share his story with us. Manuel shares as a kid he was very interested in STEM, and in school he remembered a programming class that h...e fell in love which made him want to pursue a career in cyber. Studying at the University of Oxford he began working towards acquiring a degree in Cybersecurity and Strategic Management. He found research to be a passion and wanted to share his passion, he decided he wanted to publish, so Manuel published an article in MIT Sloan management review that's titled "Make Cybersecurity a Strategic Asset." He shares that finding a passion, like he did, is the key to working in cyber, saying "I think what I learned at the time is the value of discipline and self motivation. And now you can always come up with a lot of discipline and self motivation, but you'll run out of steam at some point if you're not very passionate about some of the things that you're doing." We thank Manuel for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hello, my name is Manuel and I'm a cybersecurity researcher at a company called Istari and a research affiliate at Oxford University.
As a kid, it was my dream,
and it's probably similar to a lot of these kids,
to become an astronaut at some point.
So that went well.
Obviously, that didn't happen. But I remember seeing photos of Earth from space,
and I thought that was pretty cool. So that must be a once in a lifetime opportunity.
But that didn't work out.
It was interesting in school, I had a lot of different interests. I mean,
I was interested in languages, I was interested in some of the more STEM oriented fields,
languages. I was interested in some of the more STEM-oriented fields. I had a big interest in computer science, which at the time, I guess, wasn't a big thing. But I remember I was choosing
an elective that was computer science in the broadest sense. And I was coding in a programming
language called Delphi, which I don't think exists anymore. But I remember
coding and I thought that was pretty cool because it gave you the opportunity to do things that
are probably pretty hard to do in the real world. So it almost felt like an endless
world of opportunity and possibilities. So I was studying a degree in Germany in a university in the southern part of Germany
that was a combined degree that combined computer science and business administration and management.
And the reason why I chose that particular subject is all of that technical stuff is
great and it's interesting, but I also wanted to apply that in the real world.
And we all know technology has profound implications
for society and for businesses.
And I wanted to explore that intersection
between technology and businesses a bit more.
So that's what I did my bachelor's degree in.
Before I ended up at Istari, I was doing a PhD in cybersecurity and strategic management over at the University of Oxford. And I spent four and a half years there at the business school,
again, interested in the intersection between business and technology,
figuring out how companies can build resilience to devastating cyber attacks.
Now, I knew at the time that there's a lot of great research out there
in computer science faculties all around the world about algorithms
and how you protect the information systems.
But when I started in 2016, I was missing that organizational managerial aspect of how do
you respond and recover to serious cyber attacks. So what I did empirically at the time was I
compared how three global companies had responded to the same cyber attack. For the people in the
world of cybersecurity, the cyber attack at the time was called NotPetya. It's still considered to be one of the most devastating cyber attacks ever.
And in each of these three companies, I got pretty good and deep access to the people there.
And there's a lot of great things that emerged from that research.
And I wanted to make that publicly available.
There's a lot of great research that's being done at universities,
but nobody ever knows about them because they're too theoretical. And I wanted to spread the word
because I felt like there's a lot of practical insights that I generated. So I published an
article in MIT's Loan Management Review that's titled, Make Cybersecurity a Strategic Asset.
So I remember being in the final stretches of my PhD.
I published an article, felt great.
I didn't know who was going to read it.
But then somebody had reached out to me, Istari,
which is a new company or was a new company at the time.
And I had never heard of that company before.
But that person had reached out to me and said,
hey, do you want to talk about your research? You know, that's really great. It's really interesting. and I had never heard of that company before, but that person had reached out to me and said,
hey, do you want to talk about your research?
You know, that's really great.
It's really interesting.
And as it turned out,
this article that I had published somehow ended up on the desk
of the leadership team of Temasek.
Now, Temasek is one of the world's largest investors.
They're based in Singapore.
It's a Singapore-based investment company.
And they really liked the article so
much so that they decided to send it out to about a dozen or CEOs of companies that they had invested
in. And they said, this is exactly what we need to be doing. And this is how we need to think about
cybersecurity. So the rest is history. I joined Astari on the back of that research. And ever
since then, I've been part of Istari for now two and a half years
and still being able to do research
into what drives and builds the resilience of companies
in the wake of a devastating cyber attack.
So what's helped me is that I seem to have found something that I'm really passionate about.
And if you have to work long hours or if you want to work long hours,
you better do that in a topic or a field that is really interesting and that you're very passionate about.
And I remember during my PhD, there was nobody who told me what to do.
It was pretty much down to me
to continue to get up in the morning.
Nobody had asked any questions
if I didn't turn up at the office
and I think what I learned at the time
is the value of discipline and self-motivation
and now you can always come up
with a lot of discipline and self-motivation
but you'll run out of steam at some point if you're not very passionate about some of the things that you're doing.
So I would say if there was one piece of advice is find the things you're passionate about.
I hope to be remembered by somebody who's been able to make an impact, made the world a little bit of a better place.
Now, in the world of cybersecurity, there is adversaries out there who are purposefully trying to create harm or cause harm.
And with the research that I'm doing, and I realize it's resonating with people and it's helping people and organizations improve the way that they do things.
I like to make an impact. I like to make an impact.
I like to help these people.
And this is also why at the time I was interested and so passionate about publishing that article
about some of the practical implications of my research.
So I hope to be remembered as somebody
who's been able to create change and a positive impact.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done.
Take control of your data and keep your private life private
by signing up for Delete.me.
Now at a special discount for our listeners.
Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K
and enter code N2K at checkout.
That's joindeleteme.com slash N2K, code N2K.