CyberWire Daily - Mark Nunnikhoven: Providing clarity about security. [Cloud strategy] [Career Notes]
Episode Date: October 24, 2021Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others. Mark fell in love... with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture shift was an eye-opening experience. Mark always looks to learn something new and share that with others and that is evidenced as his includes teaching as a facet of his career. We thank Mark for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. I didn't know exactly what I wanted to do and I'm of the age when computers were just
becoming a thing.
And we were fortunate enough that my father was in the military and he saw the computer
revolution coming and got a old Commodore 128 for the family.
And from the moment that entered, it sort of crossed the threshold, I fell in love with
it.
I loved tinkering with it, programming it, pushing it to
its limits. So I knew for a very long time that I wanted to do something with computers. And what
that was changed depending on sort of the year, but it was always around computing.
Back in the day, as you remember, but some of the listeners might not,
computers were not nearly as polished.
You know, the interface was a basic language interpreter.
So you were programming right out of the gate.
And sure, when you're little, you're just, you know, using pre-made programs.
But very quickly, my father took me to some local user groups.
And, you know, there was great magazines at the time
where you're typing in code. And once I started to see that, you know, hey, I could kind of bend
this machine to my will, set me on a path. And so I was doing a lot of self-driven learning around
programming through my teenage years. Started with my first job when I was 15, working for
Bell Northern Research on a high school co-op and then a contract after
that, doing testing and some light programming on what eventually became a set-top box for cable
television, of all things. I had a lot of turbulent times on the personal side of things through high
school, which I actually ended up dropping out of high school a couple of turbulent times on the personal side of things through high school, which I actually ended
up dropping out of high school a couple of times. Eventually graduated, but same thing with
university and college. I kicked around a little bit. I did one year of what would be junior college
in the U.S. and then one year of university, but the college was in computer programming.
University was actually in cognitive science for the first year,
which I really, really loved.
But I didn't finish either of them.
At the time I was working, I was actually doing sales for IBM,
and that was going well.
I'm not really learning a ton in the first-year courses
because I've had this self-interest for so long,
and I just kind of ended up just staying in the working world from then on out,
though eventually I did go back to school
later on in life. From sales at IBM, I went into the Canadian federal government, and I spent a
little over a decade with the Canadian federal government. And as much as there are challenges
in a large bureaucracy, it was fantastic from the security experience, and that's really when things started to veer into the security world.
I had some experience, obviously I've been developing and writing code for a long time,
but when I got into the government,
there was, you know, you're legally mandated to pay attention to security,
which is a wonderful thing for a security practitioner looking back at it.
I don't have to convince them. They have to care.
And so I spent a decade there in a bunch of different roles. And the wonderful thing about
the Canadian public service is that once you're in, it's easy enough to bounce around from role
to role. So I spent some time in service delivery, in platform architecture, in security policy,
and about halfway through, I actually went back to school.
And instead of going back to get a bachelor's,
I went into a graduate program
to get a master's in cybersecurity.
When I finished my master's,
so that information security degree,
I specialized in forensics.
And so I was starting to do a lot of attack analysis.
And of course, if you're defending a nation state, you're seeing a lot of really in-depth, crazy attacks in a good way.
Well, at least a good way if you defend against them.
And a lot of interesting scenarios and sort of just a breadth of experience that I think would be really hard to replicate in a private company
or organization. I just loved it because there's always something new to learn. And that's really
what's driven me throughout my career is finding an opportunity where I can keep learning. A good
friend of mine called me and said like, hey, I've got a good opportunity that I think you'd be
really interested in here at Trend Micro. I sat down with my friend and we had a good chat. It's not that
common to leave the public service once you're in it, but the opportunity was too good to pass up.
I was going to be able to help build Trend Micro's cloud business out and it was eye-opening to say
the least. But just the cultural dynamic of going from a public service where it's a series of
lifetime employees, you know,
people rarely leave, to the private sector where we're concerned about how much business,
what's the revenue, what's the projections, and we have customers that we need to keep happy.
It was very, very different, but very positive in that difference.
What we're doing here at Lacework, and for me, what really got me is he said sort of the magic words.
He said, you know, we're looking at how to automate cloud security and we're looking at how to leverage data, a lot of data.
And being a nerd at heart, loving computers from an early age and loving math from an early age, I'm like, OK, there is a lot of cool stuff that we can do with that, especially trying to drive that automation.
And I've long felt part of the reason for moving out of the public service was that the cloud is an enabler to do security in a much more modern way.
You know, for me, that really comes down to two really simple things.
Did I learn something new?
And did I share something to help somebody else learn something new?
to help somebody else learn something new.
And that's really what drives me day after day.
And whether that's helping somebody on a team here at Lacework,
or whether that's sharing something out on social,
or making a video, or writing something up, or teaching a course.
And the dark days happen, especially over the last year and a half, I think for all of us.
Dark days tend to be where I'm meeting to meeting to meeting, and nothing's going right.
But what gets me out of those days normally is I
will try to carve out 15 to 20 minutes for myself and read a novel. If I can help someone understand
something a little bit better, if I can provide some clarity, and if I can do that consistently
over the course of my career, I think that's really what I'm
looking for. I know I've taught a number of courses and continue to teach. As much as it's
small, when you can explain a problem that someone's stuck on or help them reason through
a challenge, the reward you get from that, I think, is more than rewarding enough. And if
I can keep doing that every day, that's going to add up to a really fulfilling career for me.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life private
by signing up for Delete.me. Now at a special discount for our listeners. Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K
and enter code N2K at checkout.
That's joindeleteme.com slash N2K, code N2K.