Thanksgiving is a time for reflection. It provides us with a space for acknowledging all those many people and life experiences that one way or another enrich our lives, year after year. With the spirit of Thanksgiving in mind, we have gathered together the comments of some of the industry's leading professionals on who they are thankful for fueling their love of infosec. These persons are mentors in the truest sense of the word. Please enjoy!
Neira Jones, Consultant | @neirajones
Niccolo Machiavelli My hero is Niccolo Machiavelli (Born: May 3, 1469, Florence, Italy; Died: June 21, 1527, Florence, Italy). The Prince is in my opinion one of the best business advice books EVER. There is a wealth of knowledge and pragmatism offered in its pages, and I continuously refer to Machiavelli's wisdom contained therein. For instance, on change management, he provides the following insight: “It must be considered that there is nothing more difficult to carry out nor more doubtful of success nor more dangerous to handle than to initiate a new order of things; for the reformer has enemies in all those who profit by the old order, and only lukewarm defenders in all those who would profit by the new order; this lukewarmness arising partly from the incredulity of mankind who does not truly believe in anything new until they actually have experience of it.” Meanwhile, on social engineering (and human fallibility in general), he warns: “Men are so simple and yield so readily to the desires of the moment that he who will trick will always find another who will suffer to be tricked.” Human behavior doesn't ever change, does it? About the Mentor: To learn more about Machiavelli and his thinking, click here.
Mandy Huth, Director of Cyber Security | @cyberfortress
Julie Bernard "You have been in my head for over a year." That is what I told Julie Bernard when I saw her at a conference this year. I am grateful for her because she took a very abstract subject and turned it into an actionable process for me. In the security arena, we often get caught up in the newest technologies and/or integrations that provide us with the most information from which to work. These are critical components of a security strategy. However, without context, data volumes can feel overwhelming and disjointed. Julie is well aware of this reality. She presented an idea that originated from a detailed financial analysis, and she simplified it with context. The original scenario was that if you understand a malicious actor’s motivations, you can begin to add context to your data and proactively protect (what the bad actor believes is) your most valuable information. Julie used the example of looking beyond nation state espionage to a core issue, such as creating jobs for an expanding population that will create unprecedented unemployment and strain on the government. Following this example to its logical end, you can begin to understand what that state is looking for, such as a way to create more jobs by winning more business contracts, and why it would be important for it to protect its bidding process and data. Ultimately, I was able to take this concrete, uncomplicated example and apply it to my short- and long-term security strategies. Julie spent only 60 minutes discussing this subject, but she has been pivotal in my security planning for the next 365+ days! About the Mentor: Julie Bernard is the Principal in Cyber Risk Services in Deloitte. You can learn more about her by visiting her LinkedIn page here.
Bob Covello, Information Security Analyst | @BobCovello
Javvad Malik When I stop to think of all the folks who have motivated me in information security, the list is incredibly long. It includes just about every contributor to the security space, whether I know them personally or not; it includes all the podcasters who freely give so much time and energy to promote our often unappreciated field; and it includes all the authors and thought leaders. In fact, my list covers everyone with whom I have had a conversation, for many of my insights come from real-life experiences. One person who has gone out of his way to help me in the infosec field is Javvad Malik. His video “Benefits of being a CISSP” was truly helpful in my preparation for the CISSP exam. The humor and wit in it, not to mention in many of Javvad’s other works, showed me that information security does not have to focus on the fear of all that can go wrong. I wrote to him to thank him, and I was surprised when he responded. I contacted him at a later time to ask about the (ISC)2 Foundation's Safe and Secure Online program, and he took the time to help me get started with that endeavor, as well.
"Over the years, Javvad and I have become close friends despite our geographical distance. During that time, he has selflessly guided and inspired me in the infosec profession."
About the Mentor: Javvad Malik is a Security Advocate at Alien Vault. You can learn more about him by visiting his website here.
John Walker, Consultant | @SBLTD
Steve Gold On the 12th of January 2015, Steve Gold sadly passed away following medical complications. When I was invited by Tripwire to honor a professional from our industry, Steve was the only name that sprang to mind. Steve was [is still] one of the most influential people I have ever met. He had a brain the size of a planet, and he was humble. He was a guy who always had time to share his considerable knowledge, and he did so with passion. To sum this great man up in only 100 words is simply impossible, as his depth, breadth, and enormity goes beyond words. About the Mentor: Steve Gold was a respected information security journalist. You can read an article honoring his life here.
Katie Moussouris, Chief Policy Officer | @k8em0
Dr. Robert (Bob) Bruen My first professional jobs involved working in my chosen field at the time: biochemistry and molecular biology. I met the late Dr. Robert (Bob) Bruen after I had decided to shift from bioinformatics to systems administration at the Whitehead Institute for Biomedical Research Genome Center (now known as the Broad Institute of MIT and Harvard), when he became my new boss. Bob was a great coach, guiding and advising me not only when I worked for him, but also by helping me navigate my next job's challenges with rock solid advice, both technical and political, as I entered into a senior position. It was that next job where I polished up the hacking skills I had first learned as a teen, this time testing the defenses of systems and networks I managed at MIT's Department of Aeronautics & Astronautics. Most profound in its lasting effect on my life and career was the fact that Bob believed in me, before anyone else did, even before any of my greater potential was proven. He saw himself in me, I think--both local kids who had made something of ourselves through hard work and even harder heads. In that sense, he was like a father to me, as he was to so many others. He believed in me before I did, often repeating to me with that slight Boston accent of his, each time I'd see him over the years "Katie, you can do whatever you want, just go for it!" For his wisdom and unconditional support, I cannot be more grateful. About the Mentor: Dr. Robert (Bob) Bruen was a researcher at the Massachusetts Institute of Technology. You can read his obituary here.
Bob Loihl, Principal Software Engineer
Sun Tzu I am thankful for Sun Tzu and his book The Art of War. It was written in 513 BC and is still relevant today. Genius. A testament to how little has changed in security. To be sure, the medium has changed and presents new challenges today than years ago, but the basic "game" is eternally and fundamentally the same. The book is filled with many apt teachings, but this is one to which I come back all the time. I find is a fundamental to my security mindset:
"If you know the enemy and know yourself, you need not fear the result of 100 battles. If you know yourself but not the enemy, for every victory gained you will also suffer defeat. If you know neither the enemy nor yourself, you will succumb in every battle."
About the Mentor: Sun Tzu was a Chinese military general, strategist, and philosopher. You can read more about his ideas and teachings here.
Graham Cluley, Cybercrime Researcher, Blogger and Public Speaker | @gcluley
Dr. Alan Solomon It's easy for me to choose my security mentor. It's Dr. Alan Solomon. If you weren't working in the field of computer security twenty years ago, then maybe you're not familiar with names like Alan Solomon, Fridrik Skulason, and John McAfee. (Ok, maybe you have heard of that last one, but I'm guessing many won't know him so much for his anti-virus work as his other headline-making antics.) These individuals, among others, were really some of the giants of the world of anti-virus when I first took an interest in what we now call malware. As I discussed in an interview for Tripwire, available here and here, Alan Solomon gave me my first proper programming job, dumping a pile of Windows manuals on my desk when all we had was a crash-prone version of Windows 3.0 to run on our 80386 turbo-boosted PCs. We didn't have Internet access, we didn't have email, and ".com" was a type of executable file rather than a website domain. But Alan knew everything there was to know about malware, which was primarily an MS-DOS problem at the time, and through his expertise and hilarious story-telling, he showed me that computer security didn't have to be dry and boring. The computer security industry isn't as fun as it was back then. Big business and a conveyor belt of cybercrime have changed it into a different beast. In some ways, it did need to change and grow up, but I'll always be grateful to the guy who gave me my first break and taught me lots about malware that is still just as true today. About the Mentor: Dr. Alan Solomon is a computer security veteran and is considered by many as a pioneer in the field of anti-virus. You can learn more about his company, "Dr. Solomon's Antivirus," here.
Thom Langford, Chief Information Security Officer | @ThomLangford
Curtis Dalton I am fortunate enough to have a mentor whom I not only respect professionally but who is also a good friend. Curt Dalton joined the company I worked for as my boss, and we quickly built a strong rapport. He has always shown himself to be not only hugely knowledgeable, but also somewhat uniquely in this industry, he is open to challenges, change, and new ideas. When I began reporting to him, I was able to not only grow my professional know-how, but I also established something even more important: my opinions and philosophy of the information security industry. His encouragement and openness meant I grew far more in the four years I worked for him than I did in the previous 10. Since moving on, we have stayed in touch and have helped each other in our new roles on numerous occasions, although to be honest, he is still someone I consider to be my mentor. We only meet a couple of times a year now, but it is a wonderful time for advice, guidance, belly laughs, and a lovely bottle of Chateau Musar wine! You can follow him on Twitter @curtisedalton. About the Mentor: Curtis Dalton serves as SVP, Chief Information Risk & Security Officer at Pactera. You can learn more about him by visiting his LinkedIn page here.
Sarah Clarke, Consultant | @S_Clarke22
Graeme Cox Graeme Cox was probably the biggest influence on my infosec career. I was looking to specialize after managing network and server infrastructure for a university. His managed security services and consultancy firm DNS Ltd. (later bought by SecureWorks) took a chance on me. His support and vision, plus the incredible team he had recruited, broadened and changed my whole perspective on our world. Talk about a steep learning curve and hard work, but I was buoyed by some of the cleverest, kindest, and most innovative people I've ever had the pleasure to know. Graeme moved out of the infosec trade after selling the company, but we've kept in touch. He continues to be an incredible sounding board for big decisions, not the least of which was my decision to leave the corporate world and start up on my own. About the Mentor: Graeme Cox currently works as the CTO at KalliKids. You can learn more about him by visiting his LinkedIn page here.
Lori MacVittie, Principal Technical Evangelist | @lmacvittie
One of the first people to motivate me in the direction of security was a contributing editor at Network Computing Magazine, Greg Shipley. As a more senior editor and one whose primary “day job” was focused around security, his experience and guidance proved invaluable to me. Greg paid incredible attention to the details, and his depth of technical knowledge of all things security always inspired a desire to know as much about the topic as possible.
"Having been primarily a developer before joining the publication, the larger world of security was foreign territory to me until I met Greg. I’m grateful that he was there to help as a guide through it."
About the Mentor: Greg Shipley was the founder and CTO of Neohapsis until 2010.
Tony Martin-Vegue, Cyber Risk Manager and Host of the Standard Deviant Security Podcast | @tdmv
Jack Jones Jack Jones, author of a quantitative risk analysis method called FAIR, changed the face of information security risk management and is one of my biggest inspirations in the field. Many risk analysis methods prior to FAIR relied on inaccurate measurements and subjective reporting. Jones provided security risk managers a repeatable quantitative risk analysis methodology that was easy to learn and even easier to communicate results to management. Learning FAIR re-ignited my passion for security by taking risk management concepts I already knew and adding in elements to help the analyst measure information risk. More and more companies are adopting the FAIR framework, and we all owe Jones a debt of gratitude for bringing these concepts to the mainstream. About the Mentor: Jack Jones serves as a Risk Management Executive at RiskLens. You can learn more about him by visiting his LinkedIn page here. From all of us at The State of Security, we hope everyone has a Happy Thanksgiving. And don't forget to thank the mentor who helped inspire your interest in the field of security! Title image courtesy of ShutterStock
