Throughout 2019, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity.
In this month’s feature, David Neuman, Global Chief Information Security Officer (CISO) of iHeartMedia, shares his story about:
Prior to that I was with the United States (US) Air Force as a Cyber Warfare Officer. I was responsible for the defence of Air Force Operations and the protection capabilities for air and space. I was fortunate to lead the Offensive and Defensive global planning at the Top Secret-level to help the Air Force impede threat actors and adversaries. My career journey started, though, as a blue-collar kid from Philadelphia. No one from where I grew up went to university. You made your own opportunities. Thus, I enlisted in the Air Force as a senior in high school to learn a trade, see the world, and earn an education. Within three years of enlistment, the US was engaged in first Gulf War. My four-year plan turned into a 28-year career that included radio and satellite communications, and electronic physical security. During my time with the Air Force I completed my degree, became an officer and served as the Commander of the Air Force’s first Cybersecurity Hunting unit. I want to emphasise to anyone reading this - it is a myth that you will stay in the same role for the duration of your career. Every two or three years you will change roles and or jobs, which leads to quite a unique set of experiences and challenges you may or may not have foreseen. I completed three combat tours over the span of my 34-year professional career. I am a product of my experiences in how I lead, my perspective of cybersecurity as a domain and how we get things done.” These are his insights. How would you characterise cybersecurity? How has this evolved over your career? “My career evolved with the Internet and communication technologies. I started in an era that predates the Internet. We had point-to-point systems and microwave links. Through this, I achieved a strong foundation and core basis in communication networks. I learned to approach everything analytically. This evolved when the Internet exploded. Coincidentally, the Air Force is the most dependent upon technology to conduct operations today more than ever before. As a result, we were most vulnerable. I would like to say I was at the right place at the right time in my career as I transitioned to a base in England where we setup a Local Area Network (LAN) shop. We were amid a transition from traditional communication technologies over to this new set of Internet protocols. I came back from a deployment and my boss at the time said 'we have this cybersecurity thing that seems to be coming very relevant - would you like to lead it? Absolutely!' I was locked-in and called upon my network to consume their knowledge and experiences in this new space. I read numerous books and had great commanders and leaders whom were enabling. By putting protection mechanisms in place, we were more capable to proactively identify malicious activities. As I fast forward, the cybersecurity space forced the Air Force to think about their landscape differently from the traditional sense of tanks, aircraft carriers and planes to ones and zeros. This better equipped me to understand how to effectively operationalise cybersecurity for business enablement and how to provide better protection mechanisms in a unique manner. It was not a simple path of growing up in IT or DevOps and falling into cybersecurity as a logical succession of requirements and needs to protect the information and technology we are responsible for in our enterprises. Rather, my path was more innocuous as we were applying cybersecurity tactics to various military operations.” What aspect of cybersecurity concerns you the most? “Artificial intelligence, human interface, virtual reality, blockchain and trusted transactions. We spend too much time on the past and less on the future challenges without enough agility to pivot or integrate the components. What does the workforce of tomorrow look like? We will need to disrupt ourselves if we are going to be prepared for challenges moving forward.” How did you identify and evaluate the next step in your cybersecurity journey? “This is in my nature. I always sought opportunities that presented a diverse set of challenges. I spent 28 years in the military, travelled to 13 countries with countless jobs, interacted with numerous cultures and nationalities. I loved this about the Air Force. I found these diverse challenges at EY. I had to change my vernacular to be successful in the private sector. Once we achieved the translation, we identified a definite need for the skills and experiences I brought from the military. My evaluation was more primal than what we may consider to be sophisticated. I am always seeking career opportunities that present complicated challenges. This is how my bucket of satisfaction is continuously filled via solving complex problems and working with incredibly talented teams. Cybersecurity is a true team sport that brings smart people together to solve complicated business problems. Now, as an even more experienced professional, I evaluate opportunities by asking:
What fuels your passion? Why do you do what you do? “The people – they are part of my DNA that was crafted over my many years in the military. I draw on my military experiences and leverage my network every day that all evolve around people. Today, what I find most satisfying is to give back to the community and those around me. Cybersecurity, like many professions, is a team sport. Over the last 30 years I have been fortunate to work for great teams with incredible leaders whom established the baseline for success. I am excited to help people think about their career and support them along their journey either directly or indirectly. There is always someone in your network that knows someone else that may have a career-related opportunity that is ripe for exploration. We often find young professionals seeking cybersecurity opportunities asking how they can become a something like a penetration tester. When this comes up in conversation, I tend to ask the simple question of 'why a penetration tester? Why that?' When the individual teases out their response, penetration testing may not be the area they want to pursue and rather a common misconception about cybersecurity. As leaders, we must help and support the person to think through and consider the other domains of cybersecurity. I also like to help my fellow military veterans transition to the private sector. One naval officer whom was primarily an aviator had started some vocational training in the security industry. He felt a draw but did not know how to get involved. They had a natural interest in the Internet-of-Things (IoT) with the core skills and capabilities but had not been able to tie the interest with an opportunity, and we are off to the races to match the skills and interests with the right opportunity. What drives me today is setting the conditions for the success of others. This will help bring organisations to great fruition. My only ask in return is for people to pay it forward. Get up every morning and ask what you will do for someone else. This will not only setup others for success but create stronger teams and a better planet in the process. I love watching and participating in the success of others and have been for the past 34 years with great satisfaction.” How would you suggest others new to the field get involved? “Make discovery part of your objective. Seek out those whom have experiences and are willing to share with you. Find those cybersecurity domains you are most passionate about. Talk to people whom have walked the path previously. Consider not just what is happening today, but also tomorrow. Become a forward thinker. What other areas are emerging as enabling or disruptive to organisations? AI, trusted transactions, blockchain, human interface. One thing is certain - change is constant. We did not have mobile devices growing up. What will this look like twelve years from now? Will we even have mobile devices? Challenge yourself to think about the future. This will help you identify your passion. Work hard to learn all you can and understand that failure is feedback. Do not be reluctant to take risks. Stretch your ambitions by working with creative thinkers and doers. Most importantly,
0 Comments
Leave a Reply. |
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |