Sean Stalzer Spotlight

I got into cyber – through curiosity. I had a natural curiosity about how things worked which naturally leads a person to figure out how to break things.  When your job is to keep things running, and you know how things can break, you start thinking about how you keep things from breaking.  So, curiosity to learn and to fundamentally understand how technology works naturally led to a realization that the future was going to require defending those failure points from people seeking to do harm.  That, of course, is the foundation of cyber security today. 

For me, a positive cyber mindset is – one of humility and team/people focus.  I know many very smart cyber technologists.  The best ones know that they don’t know everything.  They know that working with others creates success.  They know when to ask for help.  That humility is easy to see when it is missing in a person, company or team.  Be humble.  Having a team focus is an important counterpart to humility.  Working with a diverse group of motivated, humble people affords you the chance to tap into the expertise of different folks and to realize that bigger problems can be solved, faster, when you operate as part of a team.   

My top tip to those interested in transitioning to a career in cybersecurity is – to be a life-long learner.  To be successful in cyber security is to firmly believe that the cyber security of today is not good enough for tomorrow.  China, Russia, Iran, North Korea, criminal groups, APTs do not ‘give up’ because you blocked an attack.  They do not give up because you implemented a new tool or applied a patch.  Instead, they pivot and attempt to breach your network or compromise your employees in a different way.  If you believe you are ‘done’ with cyber security, you will be breached.  If you believe your security is ‘good enough’ then you will be breached.  Always keep learning.  Always question your security.  Always be looking for ways to change and improve.  That said, I will caution that complexity also creates security risk.  So, I am not suggesting you keep layering solutions on top of solutions.  You need to evolve your security posture over time, and you need to do so with an eye toward security complexity and the risks that it can create. 

My recommended read – Battlefield Cyber by Michael McLaughlin and William Holstein is a solid collection of cyber security stories and information that I have been espousing for years.  It is wonderful to see them all collected in a single source that is easy to understand.  The second book that I like is more dated but still really good.  It is known as Among Enemies by Luke Bencie.  If you take your phone with you when you travel overseas, read this book.  If you ever thought your hotel safe, was safe, read this book.  If you ever thought you are more popular in another country than you are in your home state, read this book.  It is a very fast read and very eye-opening.  Despite being a decade old, the principles and stories are still relevant today. 

The skill that set me up for success – never accepting that something cannot be done.  Everything can be done if you are willing to do several things.  First, never give up.  Your company doesn’t pay you to say “can’t” or to stop working on an issue.  In cyber security, sometimes thousands or even millions of people could be impacted if you give up.  Second, know that you are simply not smarter than 350,000 hostile nation state actors.  Cyber security is a team sport.  Find the right team and work with them.  Third, believe in the power of diversity.  It is easy to get tunnel vision or think that there is only one right answer.  Build your cyber team with a diversity of experience, thought, and talent such that you multiply the power of your thinking and reach the best solution, faster.  Cyber problems can be complex, and the adversaries do not give up.  They pivot and try a different way of attacking.  Never accept that the problem cannot be solved.  With the right team and the right mindset, you can and will overcome some seemingly insurmountable challenges.   

I would tell my younger self – never forget the importance of empathy.  It may not be intuitively obvious in cyber security, but empathy is important.  The biggest risk and the strongest defense that you have are your front-line workers.  They work with vendors.  They answer external emails.  They access the most sensitive data.  While cyber security professionals live and breathe the massive risks and threats that exist in the world today, most other people have, at best, a very light appreciation for the shadowy world of cyber-crime or nation states plotting to take down the United States.  If you show up in a meeting or release a policy/mandate that comes off as heavy-handed, it not only can upset people but can confuse them or create a desire to simply ignore you.  Meet people where they are at.  Talk to them like they matter, because they do.  Educate them on the things we cyber professionals often take for granted.  And be empathetic to the fact that you are probably complicating a work process or changing the way they interface with folks and that causes stress.