CyberWire Daily - Rick Howard: Give people resources. [CSO] [Career Notes]
Episode Date: August 15, 2021Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West... Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement, Rick called up on the CyberWire to ask about doing a podcast and he was hired on to the team. Rick shares a proud moment through a favorite story. We thank Rick for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
My name is Rick Howard, and officially, I have three titles.
Chief Security Officer, Chief Analyst, and Senior Fellow at the Cyber Wire.
Unofficially, I'm an amateur geek, professional kibitzer, and a general purpose security wonk.
I grew up in South Dakota, and my dad was a gold miner, but I knew that I had no interest
in being a gold miner. So I needed a way out of that place, right?
And my way out was enlisting into the services.
I volunteered to join the Air Force.
I went in the early entry program my last year in high school,
which means I joined up during the Christmas break before high school ended.
And then what happened is I had a lot of people pull for me,
and they got me an appointment to the United States Army's Preparatory School.
It's a program to get me into West Point.
And that was the best thing that's ever happened to me,
and I was able to get a military academy appointment because of that.
And that was my ticket out of being a gold miner from my hometown.
I've been a geek my whole life, but not a full-time geek. I was never one of those
guys that pulled radios apart and put
them back together. I have no man skills. I love computer games, and I always thought that I was
going to figure out some way to be involved in the gaming industry somewhere because I played
them all the time. And my only way to do that while I was at the military academy was to pursue computer science as my degree. Because I had that background, that led me directly into
the communications fields in the U.S. Army, the Signal Corps, which led me into building networks
for tactical units in the Army, and then bigger networks as I moved up in the ranks, which finally led me into
cybersecurity, where I did my last job before I retired. I was the commander of the Army's
Computer Emergency Response Team, which basically let me coordinate offensive and defensive
operations for the U.S. Army. I was reading a fantastic book by Bruce Snyder, okay, Secrets and Lies. It's a really
great one. And I just happened to look at the back cover and realize that the headquarters of
the company that he founded, Counterpane, was just down the road from Felt-Belvoir where I was
stationed. So I called them and said, hey, you guys should give me a job. And they did did so that's how I got out into the commercial sector.
My job at Counterpain was to run the global SOC.
It was one of the first MSSPs that was ever put out there and we had a you know one of
those fantastic rooms where the big screens in the front and analysts in the back.
I was there at Counterbrain for a number of years. And then I got a call from an old buddy of mine that says they needed someone to come and run the commercial intelligence group, iDefense, that Verisign had just bought.
They needed someone who had some experience with intelligence to come in and run this commercial organization.
What a great job to have.
It was, I had all these researchers that did all kinds of interesting research on malware
and vulnerabilities.
But we also had this other side, this human intelligence side, where we had cybersecurity
professionals who spoke foreign languages like Chinese and Russian and Spanish and French.
And we put those folks out in the country to talk to
the black hats out there. They talked to us. So we sold that research to a bunch of government
organizations back in the day, and it was a lot of fun. So that's how I got to paddle out to
networks. And it was a fabulous job. All those people are really smart. And I thought I was going to retire, retire.
You know, I'm an old guy, right?
But I had come on the Cyber Wire Daily podcast, and I'm a huge podcast fan.
When I was thinking about what I was going to do after, I knew I wanted to do something fun.
On a lark, I called and said, hey, you should let me do a podcast for you.
And you guys said you should just come work for us.
So here I am, the chief security officer of a startup called the Cyber Wire, and I get to work on my own podcast.
And you guys give me this giant platform to present my ideas.
I can't be happier.
It's fantastic.
One of the things I like about the cybersecurity field is it's this profession is more than just the business bringing money. And you are actually have a mission that is trying to prevent bad things from happening to good people.
That's why I hope I remember that we gave that a shot.
I may have been successful, may not have,
but we certainly were trying
and I hope people remember that.
I have one more story that I'd like to say.
I was the network manager
at the Army's Command Center in the Pentagon during 9-11.
And I got there about a year before the event happened.
We had no resiliency built into any of our comm systems.
And this place was the Army headquarters.
All the orders for the Army around the world came out of this place.
And all the services were on one giant server that if it failed, everything would be dead.
So we spent a year making all of that better.
Triple, quadruple redundancies, lots of different places to fail over.
And our team did a fantastic job.
And then 9-11 happened.
job. And then 9-11 happened. Back then in the Pentagon, the command centers, the service command centers were all in different places. The Army, Air Force, Navy, Marines, they were all had
their own command centers. But because of the devastation of the planes hitting the building,
because of the redundancy that we had built in to our communication systems. The Army's communication center was the only one functioning
the day after the 9-11 attacks, right?
And I'm very proud of that.
Cyber threats are evolving every second, Thank you. suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.