a real human being writing about infosec, coding and other stuff. maybe.
02 May 2019 - mrtn
After listening to the interview with Marcus J. Carey, curiosity led me to buy yet another book.
The book is a 14 question interview, that is conducted with lots of security folks that are widely known in the industry.
Before reading anything but Marcus’ own answers, i’d like to chime in with my own.
1) If there is one myth that you could debunk in cybersecurity, what would it be?
One thing that i hear a lot is, that folks think they are not important and got nothing to hide. That’s bullshit. Simply appearing as someone else online might be extremely useful for a bad actor - and could ruin a big chuck of everyones lives.
2) What is one of the biggest bang-for-the-buck actions that an organization can take to improve their cybersecurity posture?
Roll out 2FA. Yes, even SMS as a second factor is way better than no second factor.
3) How is it that cybersecurity spending is increasing but breaches are still happening?
Maybe we are only noticing breaches now, that went undetected earlier? Even if that would not be the case, todays cyber is more complicated and heterogenous than ever before. The perimeter-thinking can not be applied if you consider cloud, byod policies, folks remoting full-time etc. Just with the hyperconnected-ness of todays IT, it gets too complicated to graps. At least for a single person or even a single (security) team.
4) Do you need a college degree or certification to be a cybersecurity professional?
I guess that depends on where you live and where you look for work. I did my bachelors degree in computer science which has served my quite well. On the other hand, I’m kinda lazy when it comes to self study so the schedule with regular lectures and tests helped me there.
5) How do you get started in the cybersecurity field, and what advice would you give to a beginner pursuing a career in cybersecurity?
I’m interested in security since i first read about malware, worms etc. I casually followed the field - mostly through podcasts and reading books - until 2016. Up until them, I became a Software Engineer and looked for a new job. With the new job, I had to freedom to switch my focus to InfoSec completely.
6) What is your specialty in cybersecurity? How can others gain expertise in your specialty?
As I can’t look back on too much of a career so far, I’d consider myself an ambitious learner. Diving into topics and learning as much as I can.
One of my focus topics is cloud security, because as more and more companies are adopting cloud usage, it’s interesting to see different approaches to security in that environment.
7) What is your advice for career success when it comes to getting hired, climbing the corporate ladder, or starting a company in cybersecurity?
If you think you have what it takes: Apply! Job-Ads are wishlists. Nobody has everything that recruiters list there. Also, remember that the interview goes two ways. It’s not only you, who is looking for a new job and therefore apply to a company, the company is also applying to you. If you don’t think it’ll work for you, keep looking. Life is too short to be stuck in miserable jobs.
8) What qualities do you believe all highly successful cybersecurity professionals share?
Effective, clear communication. That and staying hungry for learning.
9) What is the best book or movie that can be used to illustrate cybersecurity challenges?
The Art of Intrusion in combination with Ghost in the Wires would give you a pretty good overview of a lot of the security challenges. Combine that with The Phoenix Project and you can relate to the common struggles of developers.
10) What is your favorite hacker movie?
That’s a hard question. I’d say it’s close between Hackers, War Games and Sneakers - if I have to chose between those three, Sneakers would win.
11) What are your favorite books for motivation, personal development or enjoyment?
For personal development, I’d like to recommend Deep Work by Cal Newport. Since adopting deep work, I noticed a serious improvement in my quality of work.
For Enjoyment I tend to re-read Lord of the Rings from time to time and I recently started again with Perry Rhodan. Easy to read Sci-Fi to relax.
12) What is some practical cybersecurity advice you give to people at home in the age of social media and the Internet of Things?
Update all the things all the time. Delete Apps you don’t use anymore. And reduce your use of social media - or quit, if you feel it does not serve you any good.
13) What is a life hack you’d like to share?
If something doesn’t take long - just do it. Why schedule a 5-minute task for some later point in time. Do it now and you don’t have to remember it.
14) What is the biggest mistake you’ve ever made, and how did you recover from it?
That’s a hard one. The one thing in life that I regret is, that I did not act earlier when I felt miserable. Took me a few years to figure that out, but I think it has worked out since that.
To make sure this does not happen ever again, I regularly check, if I’m still happy and how I progress on the path to my personal goals.