1
OWN YOUR TRAJECTORY
So, what do you want to do in life? Where are you going? What do you want to do when you get there? These are of course obvious questions once you think of them. Are there any dreams, goals, wishes, or desires, you have?
When I was younger I thought the answer was found in becoming more technical. What could be more important than technology?
Thatâs as logical as answering, âWhere do you want to go on vacation?â with an answer of how you are going to get there. âI want to go on vacation by car,â or âI want to go on vacation by airplane.â What could be more important than how you get there? While I sincerely hope you enjoy the journey, where you are going is at least as important as how you are planning to get there.
Technology is not the answer. It is part of the solution. For geeks like me and perhaps you, it is a major part of the solution.
Geek is essential. Technical skills are critical. These âtechnicalâ skills vary enormously depending on your role. They will be much different if you are a freelance iPhone forensicator, in-house penetration tester for a government agency, contract Java developer, Intrusion Detection analyst for a large oil company, or CISO.
âGeek Skillsâ â our working definition â are the core skills our role or position requires. They are primarily technical, but can include non-technical skills. For example, if you hire technical people, they will certainly include finding and interviewing candidates. If you spend a lot of time teaching and speaking about Infosec, they will include presentation and audience management skills.
Your geek skills are essential, and you do need to continuously work on improving them. We can always get better. In our field where technology, user requirements, risks, and more are constantly changing, continually sharpening your skills is critical.
As an example, in the past year, I have taken a course on advanced enterprise forensics, listened to at least a few dozen webinars and podcasts on various security and technical topics, taken a math-heavy crypto class and have another one coming up, and also done an online course on improv (being in front of an audience does involve improv, so it is a core skill for me). Of course, there are times when Iâm overloaded and do far less.
Qualified Security Professionals
âGeek will only get you so farâ is going to be an understatement soon. We are not off in a silo alone anymore; we are a core part of the enterprise.
Basic business (and social) skills expected of others are expected of us more and more. These include communication, leadership, influence, teamwork, creativity, project management (finishing things we start) and much more.
âProfessionalâ and âProfessionalismâ are important terms. In the recent past, we could get away with behavior most of the enterprise could not. We were the nerds, the geeks, and most importantly, not integrated into the company. That is not true today.
Iâm not saying we need to âcomplyâ or âfit inâ (whatever exactly this may mean), but we are now integrated into the business ethos. Individualism is generally accepted for the creative people, and by and large we are and required to be creative in solving problems in our day to day work.
We are at a Time of Unprecedented Opportunity
The opportunities going forward for qualified security professionals are enormous today and that isnât going to change anytime soon. The skills needed are also morphing rapidly.
Youâll be learning things both I and many of the Infosec Rock Stars Iâve interviewed wished we had known years, often decades, ago!
Youâll be cutting years off your learning curve and propelling your career forward at a fascinating time in human history!
Information Security is not a âGeek Thingâ anymore and never really should have been. It is being discussed in coffee shops, pubs, and cocktail parties these days. There is enormous interest due to highly visible hacks and nation-state activity.
In the last few months, Iâve had Infosec students from several government agencies, numerous militaries (first, second and third world) as well as many major corporations. Trust me when say that Infosec is being discussed and invested in at the highest levels of government and business.
We absolutely have increased interest and activity in the Nation-State arena, for organizations of all sizes. Both career criminals and amateur crooks are thriving and many are making millions. Hacktivism, a fairly new concept, is growing.
Systems are becoming constantly more complex, and complexity is the enemy of security: the more complexity, the more potential attack surface. In some ways we are sitting targets. Attackers can come and go, but most of our information systems need to be constantly up and running.
Why the âRock Starâ Moniker?
Apart from the world of Rock and Roll, what is a Rock Star? We need some sort of a working definition.
Wiktionary defines Rock Star as âA person who is renowned or revered in his or her field of accomplishment.â4 Renowned means widely known, perhaps even a celebrity. This may mean world famous, industry famous, all the way down to widely known in their company or department. Plenty of Rock Stars are locally or niche specifically renown.
Revered means ârespected,â and unless you are scamming people, you need to be damn good at what you do, as well as effective at getting things done.
While giving my first few Infosec Rock Star talks, I asked my first dozen or more audiences what Rock Star meant to them. Here is what I got:
Widely known/celebrity â We discussed this above, and of course widely known and celebrity donât necessarily mean people stop you in the streets for signatures all the time. Rock Stars can be locally or niche specifically renown.
Respected â Rock Stars are respected, and respect is earned. It is earned for two primary reasons: for being an expert in your domain (Geek matters, you better be awesome!), and for getting results. For example, I just saw George Thorogood, perhaps best known for his song Bad to The Bone, perform last weekend. Musically, he was awesome, and he put on a great show. His pure music skills, which are his geek, were fantastic and his showmanship was superb. He delivered!
Confident â Confidence is interesting, and there are entire books on confidence. Simply put, if you are confident, you are more likely to succeed at what you attempt to do.
âWhether you think you can, or you think you canât, youâre right.â
â Henry Ford
Rock Stars are confident.
Successful â People mentioned both successful and rich, and I am grouping them together under successful. Success means different things to different people. It often includes a component of lots of money as well as more, but quite honestly, many people do not care about lots of money, which may be hard to believe.
Success is something one defines personally.
Passion â Take two people of equal ability trying to succeed in the same area, one passionate about what he or she is doing, and one merely interested. The passionate person will kick ass every time! You cannot compete long term against passion. In the arena of music, there may be musicians that have big hits who are only interested and semi-passionate, but long term, the musicians cranking out hits over decades are incredibly passionate about their music.
It doesnât matter why you are in Infosec. Maybe you started with passion like I did; maybe you needed a job and found one in Infosec; maybe you were attracted to Infosec because of the high pay and opportunities. What matters long term is that you have or develop passion.
Unique â Rock Stars are unique. There is only one Carly Simon, one Mick Jagger, one Bill Gates, one Madonna, one Bruce Schneier, one Steve Jobs. If you are a Rock Star, you are not another cog in the machine.
You are not easily replaced. Could the Rolling Stones replace Mick Jagger? Sure, but they would be a very different Rolling Stones then.
Creative â If a musician only plays songs they wrote decades ago and create nothing new, they are not a Rock Star, they are a Has Been. Just as musical Rock Stars create new music, we need to be creative in Infosec. The world is changing, and especially the world of technology. We are constantly doing things we havenât done before, often that have never been done before, and creativity is obviously required.
Eccentric or âOut Thereâ â Not all Rock Stars or technical people are eccentric, but many are, and we do have that reputation and are given wide latitude to be âdifferentâ by others. Creative people are expected to be somewhat âout there.â
Technical people are generally creative and respected; sometimes people actually use the word âwizardâ to describe us.
Egotistical â Unfortunately, we have the reputation, often at least partially deserved, of being egotistical. Often this manifests itself in thinkin...