CyberWire Daily - Solving hard problems and pursuing your passions. [Career Notes]
Episode Date: July 5, 2020CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and ho...w he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. My name is Matt DeVoe.
I'm the CEO of OODA LLC.
I was writing a lot of my own programs. I grew up in a very rural area, so I didn't have exposure to some of the early BBS systems. And I actually, with my first computer, did not have
a disk drive or any storage medium. So I would spend all my time programming all of the available
memory on that Commodore 64 with different applications
and had written a menu application that would let me jump
between the different sections.
And then I would cry every time we lost power,
which was quite frequently because I would lose everything
that I had coded into the device the minute it was powered off.
I was lucky, again, I was in a very rural area.
There were 19 people in my graduating class,
and there was nothing offered from a computer science perspective.
But when I expressed interest, my high school math teacher
actually would go in the summer to learn how to teach computer science
and then would come back and teach me.
And then the interest kind of adapted over time.
When I got to college, I was focused on not only computer science,
but also national security studies.
I became very interested in how things work and taking them apart.
And that was kind of my early entree into true hacking
and looking at other people's programs and other people's systems.
And I happened to see this convergence between the two topics that I love.
If you think back to the early 90s,
really the combination of political science and computer science
was all around statistics and analysis.
I saw this new career field, or at least I hoped,
based on what I saw was an increasing use of computer technology
and critical things.
So critical infrastructure, society, finance, etc.
And then the inherent vulnerability of those systems, because I was capable of hacking them.
The friends that I was meeting were capable of hacking them.
And then if you combine that with my national security focus, I saw this as a new national security thread.
I saw this as a new national security threat.
So I started writing on that topic back in 1992 and attracted a tremendous amount of attention to myself
because I was one of the early people to kind of highlight the risks
of what would become information warfare or cyber war.
So I was viewed a little bit by some of the folks
in the national security circles and intelligence community as well,
as kind of the equivalent of the kid building an atomic weapon in his garage. I was coming to the
same conclusions and researching the same things that they had identified at the same time as this
key national security risk that they were trying to keep under wraps for the most part.
There was quite a bit of friction at the time.
For example, in 1993, I graduated from undergrad
and went straight into grad school
and got a master's or was pursuing a master's
in national security studies and political science.
And the political science team at my graduate school
basically told me that the topic of information warfare
was not valid from a thesis perspective. So it would have been easy to give up at that point, but I was persistent and I had
folks who were advocating for me and telling me, look at issues of command and control warfare,
or look at this, or they were kind of giving me pointers to kind of redirect my research.
It also gave me some great career firsts. I built a red team that emulated the adversary
during classified coalition military exercises.
And during that, red team was the first person
to hack into systems on an aircraft carrier
while it was at sea.
We did that with a nuclear submarine.
There were these very headline invoking,
although the work we were doing at the time
wasn't covered in the press.
But internally, at the classified level within DoD,
these were significant wake-up calls.
My favorite part is solving hard problems.
I like being in the room when we're confronting something
that seems almost unconfrontable,
and working through the process of how do we adequately address that.
So I really thrive on that kind of red teamer perspective
of give me something that you think
is one of your most difficult things to achieve
or most difficult realities that you face
and let's build some approaches
for how you are able to take advantage of it.
able to take advantage of it.
If you have the interest and the passion, by all means, we have the need. Within the community, we have a workforce that just doesn't have the numbers by way
of the professionals in it.
So I would encourage folks, if you have the interest, get involved.
You have to engage in self-learning.
Certifications are great. It's great to get kind of on-the-job experience. But I always like to look at the folks
who built a basement lab or set up their own AWS cloud infrastructure and were hacking against that.
So I would encourage them to take advantage of the opportunities that exist
for that self-directed learning as well.
that exist for that self-directed learning as well.
For me, the real value is in the success of the people that I mentor.
I taught at Georgetown for 14 consecutive years.
So I'd cycled 600 students through there and I take great pride in seeing how they are going out and solving some of these problems.
So for me, I think the real legacy, you real legacy is a combination of the things that you accomplished in the
way that you were able to drive the industry, but then also the footprint that you leave
behind that is going to be able to confront these issues on an ongoing basis. Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of
signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected. Delete.me's team does
all the work for you
with detailed reports
so you know exactly what's been done.
Take control of your data
and keep your private life private
by signing up for Delete.me.
Now at a special discount for our listeners,
today get 20% off your Delete.me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off is to go to joindelete me.com slash N2K and enter code N2K at checkout.
That's joindelete me.com slash N2K code N2K.