CyberWire Daily - Tom Gorup: Fail fast and fail forward. [Operations] [Career Notes]
Episode Date: January 10, 2021Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity re...placing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as failure is just another opportunity to learn. We thank Tom for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
My name is Tom Gorup.
I'm Vice President of Security and Support Operations at AlertLogic.
I remember, I think I was 13 or 14 when I built my first website.
That's really where it all started, where that interest began.
Thinking about communicating with people on the other side of the world in milliseconds.
So the internet in and of itself and how it worked was fascinating to me. And I joined the Army shortly after high school with a different profession.
I actually went to work on computers to do a computer-related role in the Army and ended
up with an infantry position.
So I wouldn't say I lost interest.
It was always there. I always continued to dabble
in different types of technology and just play with things. But my career, the focus at the time
was infantry. So it was a grunt, the best way to say it. I was learning a lot more of leadership
fundamentals in the military, learning how to lead a team, to train a team. And as I was learning a lot more of leadership fundamentals in the military, learning how to lead a team, to train a team.
And as I was going through that process, I remember in Afghanistan, reading the CCNA study guide in my bunk.
There was no lab for me to test these things out on, no actual hands-on keyboard activities I could be doing. So just laying in the bunk reading.
I remember reading the first three or four chapters probably two or three times because I didn't understand any of it.
And I finally got to the security section and I was like, this makes sense.
I can take tactics that I've learned in the military and apply them to a computer network.
The difference is I'm not using machine guns and claymores.
I'm using antivirus and firewalls.
Once I got out of the military, I started going to school and trying to find where that passion sat and dabbling in different things.
And I realized, you know, I need more experience.
So I was seeking internship opportunities.
So a lot of late nights, I remember staying up three, four o'clock in the morning,
trying to figure out how to do different types of attacks and seeing what those attacks look like on the wire and how to take advantage.
Work ethic is an important aspect, I think, of the security industry.
If you want to be in security, it's not just a nine to five, you know, punch in, punch out type position.
If it weren't for the front end hard work, I wouldn't have had the opportunities that I had after that.
I built a security automation solution I called the Grunt, where we automated firewall blocks.
It was fairly basic in that sense, but I was able to integrate that into six or seven different
firewalls, automating a lot of work for our analysts and also driving us into that MDR
market, which was super early on.
Over time, I moved into director and co-founder of Brook Security because the SOC really didn't exist until before I got there.
And it was originally Rook Consulting.
We moved to Rook Security because our SOC had grown to be such a large player in our business.
So from there and then Rook Security sold to Sophos and I came over to AlertLogic as Vice President of Security and Support Operations here.
It's a lot more strategic thinking, which, again, coming from the military background, allows me to draw from when we did battle planning.
It all comes back to is communication, right?
How do we communicate the commander's intent and bring do I enable my team to execute against the higher level vision,
and how do I communicate that across different teams within AlertLogic?
So it shifted to a lot more communication and working well with others,
and that's all been building blocks leading up to where I'm at now.
to where I'm at now.
The things that I've learned were because of the experiences that I've had.
I think failure is a good thing.
We shouldn't shy away from failure.
And failure is just another opportunity to learn.
And you need to have that mindset,
especially if you're going to a new career
or doing something that you've never done before.
Fail fast and fail forward.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. Thank you.