CyberWire Daily - Mark Nunnikhoven: Providing clarity about security. [Cloud strategy]
Episode Date: June 15, 2025Please enjoy this encore of Career Notes. Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity ab...out security for others. Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture shift was an eye-opening experience. Mark always looks to learn something new and share that with others and that is evidenced as his includes teaching as a facet of his career. We thank Mark for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
And now a word from our sponsor, Spy Cloud.
Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate
your organization.
Traditional defenses can't keep up.
Spy Cloud's holistic identity threat protection helps security teams uncover and automatically
remediate hidden exposures across your users from breaches, malware, and phishing to neutralize
identity-based threats like account takeover, fraud, and ransomware.
Don't let invisible threats compromise your business. Get your free corporate darknet exposure report
at spycloud.com slash cyberwire
and see what attackers already know.
That's spycloud.com slash cyberwire.
Hi, my name is Mark Nunnicoven,
and I'm the distinguished cloud strategist at Lacework.
I didn't know exactly what I wanted to do and I'm of the age when computers were just
becoming a thing.
And we were fortunate enough that my father was in the military and he saw the
computer revolution coming and got a old Commodore 128 for the family. And from the moment that
entered it sort of crossed the threshold, I fell in love with it. I loved tickering with
it, programming it, pushing it to its limits. So I knew for a very long time that I wanted
to do something with computers. And what that was changed depending on sort of the year,
but it was always around computing.
Back in the day, as you remember, but some of the listeners might not,
computers were not nearly as polished.
You know, the interface was a basic language interpreter.
So you were programming right out of the gate
and sure when you're little,
you're just using a pre-made programs.
But very quickly, my father took me to some local user groups
and there was great magazines at the time
where you're typing in code.
And once I started to see that,
hey, I could kind of bend this machine to my will,
set me on a path.
And so I was doing a lot of self-driven learning around programming through my teenage years,
started with my first job when I was 15, working for Bell Northern Research on a high school co-op
and then a contract after that, doing testing and some light programming on what eventually became
a set-top box for cable television of all things.
I had a lot of turbulent times on the personal side of things through high school,
which I actually ended up dropping out of high school a couple of times.
Eventually graduated, but same thing with university and college. I kicked around a little bit.
I did one year of what would be junior college in the US and then one year of university,
but the college was in computer programming.
University was actually in cognitive science for the first year, which I really, really
loved, but I didn't finish either of them.
At the time I was working, I was actually doing sales for IBM and that was going well.
I'm not really learning a ton in the first year courses because I've had this self-interest
for so long and I just kind of ended up just staying in the working world from then on
out though eventually I did go back to school later on in life.
From sales at IBM I went into the Canadian federal government, and I spent a little over
a decade with the Canadian federal government.
As much as there are challenges in a large bureaucracy, it was fantastic from the security
experience, and that's really when things started to veer into the security world.
I had some experience, obviously I've been developing and writing code for a long time, but when I got into the government
there was, you know, legally mandated to pay attention to security,
which is a wonderful thing for a security practitioner, looking back at it.
I don't have to convince them, they have to care!
And so I spent a decade there in a bunch of different roles and the wonderful thing about the Canadian Public Service is that once you're in, it's easy enough to bounce around from
role to role. So I spent some time in service delivery, in platform architecture, in security
policy and about halfway through, I actually went back to school and instead
of going back to get a bachelor's I went into a graduate program to get a master's in cyber
security.
When I finished my master's, so that information security degree, I specialized in forensics
and so I was starting to do a lot of attack analysis and of course if you're defending
a nation state you're seeing a lot of really in-depth crazy attacks in a good way, well at least a
good way if you defend against them. I had a lot of interesting scenarios and
sort of just a breadth of experience that I think would be really hard to
replicate in a private company or organization. I just loved it because
there's always something new to learn and that's really what's driven me
throughout my career is finding an opportunity where I can keep learning.
A good friend of mine called me and said like,
hey, I've got a good opportunity
that I think you'd be really interested in
here at Trend Micro.
I sat down with my friend and we had a good chat.
It's not that common to leave the public service
once you're in it,
but the opportunity was too good to pass up.
I was gonna be able to help build
a Trend Micro's cloud business out
and it was eye-opening to say the least.
But just the cultural dynamic of going from a public service
where it's a series of lifetime employees, you know,
people rarely leave to the private sector
where we're concerned about how much business,
what's the revenue, what's the projections, we have customers that we need to keep happy.
It was very, very different, but very positive in that difference.
What we're doing here at Lacework, and for me what really got me is he said sort of the magic
words. He said, you know, we're looking at how to automate cloud security and we're looking at how to leverage data, a lot of data. And being a
nerd at heart, loving computers from an early age and loving math from an early
age, I'm like, okay, there is a lot of cool stuff that we can do with that,
especially trying to drive that automation. And I've long felt part of
the reason for moving out of the public service was that the cloud is an
enabler to do security in a much more
modern way. You know for me that really comes down to two really simple things. Did I learn
something new and did I share something to help somebody else learn something new? And that's
really what drives me day after day and whether that's helping somebody on a team here at Lacework
or whether that's sharing something out on social or making a video or writing something up or you
know teaching a course.
And the dark days happen,
especially over the last year and a half,
I think for all of us.
Dark days tend to be where I'm meeting to meeting to meeting
and nothing's going right.
But what gets me out of those days normally
is I will try to carve out 15 to 20 minutes for myself
and read a novel. If I can help someone
understand something a little bit better, if I can provide some clarity and if I
can do that consistently over the course of my career, I think that's really what
I'm looking for. I know I've taught a number of courses and continue to teach
as much as it's small, when you can explain a problem
that someone's stuck on or help them reason
through a challenge, the reward you get from that, I think,
is more than rewarding enough.
And if I can keep doing that every day,
that's going to add up to a really fulfilling career for me. And now, a word from our sponsor, ThreatLocker.
Keeping your system secure shouldn't mean constantly reacting to threats.
ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not
approved, it doesn't run. Simple as that. It's a way to stop ransomware and other
attacks before they start without adding extra complexity to your day. See how
ThreatLocker can help you lock down your environment at www.threatlocker.com