You're listening to the Cyber Wire Network, powered by N2K. Today's sponsor, Rapid7, has an irresistible invitation for you CISOs and security practitioners out there. A free two-day virtual summit. The subject? Preemptive Security. Join the Global Cybersecurity Summit on May 12th and 13th from wherever you like. A-list speakers will show you how organizations are disrupting attacks before they can blowtorch your day. You'll see how exposure management, MDR, and AI together let you make the decisive move. Registration is open at rapid7.brighttalk.com. Hello, my name is Adam Marais. I am the Chief Information Security Officer at Arctic Wolf. So growing up, like many people of my vintage, I got into video games at a pretty young age. And boy, I just loved, you know, the stories, the visuals, everything about video games. and even got into some of the underlying code and things like that at an early age. And in fact, I actually designed my own video game at, I think I was about seven years old and sent my design into Nintendo. And they were kind enough to send me back a letter saying, you know, we don't take designs from young children and sent me some swag. But I was very interested in that. And that's kind of what got me started my interest in computers and networks and all of that. But it was not till much later that I got interested in cybersecurity. So back in those days, and this was, you know, the late 90s, early 2000 timeframe, they didn't have video game design degrees, at least widespread at all. I mean, that wasn't even a thing. So I actually went and got a degree in humanities. And the reason I did that was because they allowed you to cobble together a degree from many different disciplines. And so I was able to take, you know, coding classes, web design classes, as well as art and design and kind of put together a degree for myself Through some connections I had I got an opportunity to try to be an intern I actually interviewed originally as a writer and designer at the video game studio That was in my local area. I was able to get an internship and eventually turn that into a full-time job. Say I have kind of an atypical path to cybersecurity and to what I do today as a CISO. But, you know, I talked to a lot of people who came up around the time I did. And I think all of us or most of us have, you know, these circuitous roots. I was working in video games as a developer, leading a design team, and 9-11 happened. And the attacks of September 11th had a profound effect upon me. and I decided at that time to really make a move to do something different. I really felt compelled to change my trajectory to something that was more focused on protecting the nation, preventing something like this from happening again. And as I studied things that I could possibly do, the FBI really jumped out at me as something that I was very interested in. And so I started to make moves to be able to qualify for a job with the FBI. Today, it would be much different. Back in those days, I didn't quite have the qualifications required. Now they're much more interested in people who have a computer background. So when I joined the FBI, I was assigned to a smaller satellite office of a field office. There were only four agents in the office. So I was doing everything from international terrorism investigations, counterintelligence, gang interdiction, and including cyber. So I began cyber investigations almost immediately. And that just grabbed me. I had such an interest in it from the very beginning because it combined my interest and love of computers and networks with everything I had been taught and was learning about investigations. I eventually became computer forensic certified and, you know, was dealing with cases in large scale. So that was really exciting for me to do, to participate in all those different kinds of investigations. Really, it came to the point where I really wanted a new challenge. I loved my time in the FBI. There was a situation that arose with my family where I wanted to change some of the way I was working and going into the private sector really just seemed to be the answer to that So I loved my FBI career It was great I really wanted a new challenge And I really wanted the chance to work on a security program from the inside see if I could build a world best security program So that was the challenge that I wanted. And it just so happens that one of the things I did as an FBI agent a lot was outreach to various companies. We would offer to do a presentation to the company. So we would give these presentations that were security awareness briefings. So I did a lot of these and I happened to give a briefing to a company called Qualtrics. And that turned into an opportunity to interview with them. And then they ultimately offered me a job. I was one of the first security employees hired. I think I was fourth or fifth to focus entirely on security. And that gave me the opportunity to help build a program almost from the ground up. And I learned a lot doing that. And that led to, after four years of building that great security program there, having the chance to join Arctic Wolf. The reason I was interested in Arctic Wolf is because it's an amazing company that is focused on something that I saw was a huge gap in the industry. It was just an opportunity I couldn't pass up to join as the chief information security officer, where I would get to participate both as a leader of the business, building the internal security team, but also offer my expertise in an industry and a vertical that I have a lot of experience in, and that's security operations. Something I learned really starting when I was on the SWAT team in the FBI, that was probably where these lessons became the most readily apparent. And that is that leadership is its own domain and set of skills, aside from whatever it is you're doing. So you can be a great individual contributor. But once you start to have leadership roles, there's a whole different set of skills that you need to bring to bear. And I really started, you know, when I was in the FBI, I really started to work on and hone those skills. And so I really see leadership or management as taking the time to help your people find success. And you do that by setting the direction of the team. So whether that be a mission or overarching mission, I think if you really cover those things, you give them the direction, you coach, and then you give them training and experience in their career you going to have a world team As all of us know who work in cybersecurity, you're going to have those days where, you know, you just feel like you got punched in the face. How I handle that is really returning back to my principles and what I really believe in. And I'm really passionate about security and helping people learn all the things they need to do to protect themselves. And I'm also passionate about people finding success in their careers and in their lives. That helps me get through that adversity. And then once you have a chance to stop and reflect, you can look back and do a root cause analysis or after action review and say, what could we have done better? And once you've done that a few times, it really makes you resilient to adversity because it really helps you get through the intensity of the moment, knowing that you have these systems in place that will help you get there. And when you've done it enough times that it becomes habit or you're confident that you're going to do it, it really lowers that stress in the moment. the most important thing that you can bring is a desire to work in the field whatever it is that's motivating you grab onto that latch on to that we really need people so if you have that desire come bring everything bring all of your life experience if this is a career change for you bring your enthusiasm uh if it's you know what you're doing just right out of high school and to college. Bring that desire and then just be confident as you move forward. Figure out what area interests you. Get technical. Deep dive as much as you can. Give as much experience as you can. And then enter the field. Don't be afraid. Be confident and move forward. When it comes to mobile application security, good enough is a risk. A recent survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. GuardSquare delivers the highest level of security for your mobile apps without compromising performance, time to market, or user experience. Discover how GuardSquare provides industry-leading security for your Android and iOS apps at www.guardsquare.com.
