Interview with an Expert - Michael Babischkin: CyberSecurity
Summary
TLDRIn this insightful interview, Michael Babishkis, Vice President and Duty Director of Information Security at the Federal Home Loan Bank of Chicago, shares his extensive experience in cybersecurity, incident response, and vulnerability management. Michael recounts his journey from the U.S. Coast Guard to leading cybersecurity initiatives at Sherwin-Williams and Granger. He emphasizes the importance of proactive security measures, cryptography, and the need for security professionals to balance business operations with robust security practices. Michael also offers valuable advice for aspiring cybersecurity professionals, highlighting the significance of internships, continuous learning, and diverse skill sets.
Takeaways
- 😀 Michael Babishkis is an expert in cybersecurity with experience in incident response and vulnerability management.
- 🔐 He began his career in the Coast Guard, where he was exposed to secure environments and data communications, which laid the foundation for his expertise in security.
- 🛠️ Michael's roles in the Coast Guard included managing cryptographic materials and coordinating data communications, which are crucial for maintaining security.
- 💻 After retiring from the military, he established a Global Incident Response Program at Sherwin-Williams, highlighting the growing importance of security in organizations.
- 🏦 At the Federal Home Loan Bank of Chicago, he leads a security program that operates as if the organization were much larger, emphasizing the significance of security in banking.
- 🔑 The importance of cryptography extends beyond confidentiality to ensuring data integrity and non-repudiation, which are vital for secure data transmission.
- 📚 For those interested in cybersecurity, Michael advises participating in degree programs and internships to gain practical experience and show a genuine interest in the field.
- 🚀 He emphasizes the importance of continuous learning and development, as well as the ability to communicate effectively, especially for roles involving vulnerability management and incident response.
- 🧐 Michael stresses the need for security professionals to balance security measures with the operational needs of the business, avoiding creating unnecessary hurdles.
- 🛡️ Security is not about achieving perfect security but about tailoring programs to support business goals while maintaining secure operations.
- 🌐 The rise of AI technologies presents new challenges for security professionals, who must adapt to understand and manage the risks associated with these tools.
Q & A
What is Michael Babishkis' current position and what organization does he work for?
-Michael Babishkis is the Vice President and Duty Director of Information Security at the Federal Home Loan Bank of Chicago.
What areas of expertise does Michael Babishkis have in the field of cybersecurity?
-Michael Babishkis' areas of expertise include cybersecurity, incident response, and vulnerability management.
How did Michael Babishkis' career in cybersecurity begin?
-Michael Babishkis' career in cybersecurity began when he served as an active-duty Coast Guard for 22 years, starting as a Radioman and moving through various roles involving data communications and security.
What was Michael Babishkis' role in the Coast Guard related to cybersecurity?
-In the Coast Guard, Michael Babishkis served as the Assistant Information Security Officer for the Great Lakes, assisting the Coast Guard Cyber Command with security investigations, managing user access, and conducting security awareness training.
How did Michael transition from the military to the private sector in terms of cybersecurity roles?
-After retiring from the Coast Guard, Michael took a role with Sherwin-Williams, where he established their Global Incident Response Program, and later worked with Granger to mature their Global Incident Response Program.
What is the Federal Home Loan Bank and what makes it unique?
-The Federal Home Loan Bank is a unique organization with 11 branches within the United States that serve as banks for other banks, providing funding so that they can underwrite loans and mortgages.
What is the significance of the CIA triangle in the context of cybersecurity?
-The CIA triangle in cybersecurity represents the three core components of security: Confidentiality, Integrity, and Availability. It illustrates that a secure system requires all three elements.
How has the use of cryptography evolved in cybersecurity according to Michael Babishkis?
-The use of cryptography has evolved from primarily focusing on confidentiality to also ensuring the integrity of data through techniques like digital certificates, SSL, and hashing.
What advice does Michael Babishkis have for students interested in pursuing a career in cybersecurity?
-Michael advises students to participate in degree programs, seek internships, and engage in projects that demonstrate an interest in cybersecurity to gain entry-level experience.
What does Michael Babishkis look for in an entry-level cybersecurity candidate?
-Michael looks for candidates with a basic understanding of the field, indications of interest in security, and a desire to grow and develop within the organization.
What is the approach Michael Babishkis takes when hiring for cybersecurity positions?
-Michael aims to hire individuals for long-term growth, looking for a basic understanding of IT and security, and a continued interest in the field, rather than just experience.
Outlines
😀 Introduction to Expert Interview
The video script begins with a welcome to the audience and an introduction to the interview series featuring experts in various fields. The first interview is with Michael Babish, the Vice President and Duty Director of Information Security at the Federal Home Loan Bank of Chicago. His expertise lies in cybersecurity, incident response, and vulnerability management. The host hands over the conversation to Michael and asks him to provide an overview of his experience and background in cybersecurity and cryptography.
🔒 Michael's Cybersecurity Journey
Michael Babish shares his extensive background in cybersecurity, starting with his 22-year career in the Coast Guard where he began as a Radioman with an interest in technical roles involving computers. His roles evolved to include managing cryptographic materials and coordinating data communications for the Coast Guard's global operations. Michael also assisted the Coast Guard's Cyber Command with security investigations and user access management. After retiring from the military, he established Sherwin-Williams' Global Incident Response Program and later joined the Federal Home Loan Bank of Chicago, emphasizing the importance of security in a banking context.
🛡️ The Role of Cryptography in Cybersecurity
The discussion shifts to the importance of cryptography in ensuring data security and integrity. Michael explains the traditional focus on confidentiality through encryption but highlights the growing use of cryptography for ensuring data integrity and non-repudiation. He discusses the use of digital certificates, SSL, and hashing to validate data authenticity and origin, preventing tampering and eavesdropping, thus securing data in transit and at rest.
👨🎓 Advice for Aspiring Cybersecurity Professionals
Michael offers advice to students and early professionals interested in cybersecurity. He encourages participation in degree programs and internships to gain practical experience. Michael emphasizes the importance of showing a genuine interest in the field through projects and academic work. He also stresses the value of continuous learning and curiosity, especially for roles such as security analysts and incident responders.
🤝 Balancing Security with Business Needs
The conversation delves into the challenge of balancing security measures with the operational needs of an organization. Michael discusses the misconception that security professionals aim for perfect security, which can hinder business processes. He advises that security efforts should be tailored to support business goals, ensuring secure operations without imposing unnecessary restrictions or friction.
🚀 Navigating the Evolving Cybersecurity Landscape
Michael addresses the rapid evolution of cybersecurity, particularly with the rise of AI technologies like chatbots and their potential security implications. He talks about the challenges organizations face in managing the adoption of such tools securely and the importance of understanding the risks they pose. Michael also shares his thoughts on the importance of adapting security policies to accommodate new technologies without compromising security.
🌟 Encouraging Diverse Backgrounds in Cybersecurity
In the final part of the interview, Michael encourages individuals from diverse educational backgrounds to consider careers in cybersecurity. He shares examples of successful security professionals who came from non-traditional fields and emphasizes the variety of roles within cybersecurity, including policy and compliance. Michael stresses the importance of continuous learning and adaptability in the ever-changing field of IT and cybersecurity.
Mindmap
Keywords
💡Cyber Security
💡Incident Response
💡Vulnerability Management
💡Cryptography
💡Confidentiality, Integrity, and Availability (CIA)
💡Digital Certificates
💡Coast Guard Cyber Command
💡Security Operations Center (SOC)
💡Phishing
💡Security Awareness Training
💡Non-repudiation
💡Internships
💡Security Engineers
💡Security Analysts
💡Proactive vs. Reactive Security
Highlights
Introduction of Michael Babishkis, Vice President and Duty Director of Information Security at the Federal Home Loan Bank of Chicago, with expertise in cybersecurity, incident response, and vulnerability management.
Michael's background starting as a Radioman in the Coast Guard, leading to roles in data communications and security.
His progression to managing cryptographic materials and coordinating data communications for the Coast Guard globally.
Michael's role in assisting the Coast Guard Cyber Command with security investigations and user access management.
Leading the Coast Guard's Enterprise IT support desk and working with the Cyber Command to establish a security operations center.
Transitioning to Sherwin-Williams to build their Global incident response program, emphasizing the importance of security in organizations.
The unique role of the Federal Home Loan Bank in serving as a bank for other banks, highlighting the significance of security in the banking sector.
The evolution of cryptography from confidentiality to ensuring data integrity and non-repudiation in cybersecurity.
The importance of the CIA triangle (confidentiality, integrity, availability) in defining a secure system.
Advice for students interested in cybersecurity, emphasizing the value of internships and projects to gain entry-level experience.
The significance of showing genuine interest in cybersecurity through academic projects and internships on a resume.
Michael's approach to hiring for growth and the importance of a candidate's curiosity and desire to develop within the field.
The need for security professionals to balance achieving security with allowing business operations to function effectively.
Challenges in managing security in the face of rapidly evolving technologies and the need to adapt security measures accordingly.
The dilemma of banning AI tools like chatbots in organizations due to security concerns and the need for a balanced approach.
Final advice for individuals wanting to enter cybersecurity, focusing on continuous learning, internships, and demonstrating interest in the field.
The importance of having a well-rounded background and the various disciplines within cybersecurity, including non-technical roles.
Transcripts
uh welcome everybody thank you for uh
watching this video here this is one of
our first series of interview with an
expert and today's expert is Michael
babishkis
um but bishkin Michael biscuit thank you
um he's the vice president and uh Duty
director of information security at the
federal Home Loan Bank of Chicago his
areas of expertise are in cyber security
incident response and vulnerability
management
um with that I will hand it over to you
Michael and I'll ask you the first
question which is can you provide a
overview of your ex of experience and
background in the field of cyber
security and maybe cryptography as well
sure so I got started a long time ago uh
initially I was active duty coast guard
for 22 years
um started off as what they called a
Radioman and I went that Direction with
um because I was interested in a
technical role where I could learn about
computers and this was in the days
before the internet was really a big
thing uh before organizations had
Enterprise Email and Enterprise networks
and things of that nature so I was doing
basically all kinds of community data
Communications long-range data
Communications but also working search
and rescue all of that stuff especially
the data Communications because this was
the military was in Secure environments
so that really was my first exposure not
just to computers and data
Communications but security and I had
multiple different roles whether that
was managing cryptographic materials and
maintaining and loading cryptographic
devices but also coordinating and
managing data Communications for
um a float units that were deployed for
the Coast Guard around the globe
supporting telecommunication systems
that were deployed on units uh
ultimately moving when the Coast Guard
established telecommunication systems
and and computer rates uh moving into uh
supporting and and managing
um computer systems for the Coast Guard
um my last role with the Coast Guard was
the assistant information security
officer for the Great Lakes
um where among others well one of my
last roles I should say one of the many
things that I did was I assisted the
then brand new Coast Guard cyber command
with conducting security investigations
and managing
um user access and user configurations
and making sure that we were doing
security awareness training things of
that nature
um my final role was leading the Coast
Guard's Enterprise I.T support desk so
any system that was used any computer
system that was used by the entire Coast
Guard my team managed
um as part of that I worked very closely
again with Coast Guard cyber command and
helping them as they establish their
security operations center and Define
how they were going to operate and how
they were going to monitor our networks
from a security perspective
tying the two groups together
um retired from the Coast Guard to take
a role with Sherwin-Williams where I
established their in their Global
incident response program
um basically they had realized as an
organization that security was now an
important thing and something that they
had to do as an organization and we
rapidly grew their entire security
program and built out an incident
response program that was monitoring and
can respond to incidents around the
globe they're in 144 countries and we
were responding to incidents that
happened everywhere
um spent a brief time after that uh with
Granger building and maturing their
Global incident response program and
then ultimately over to the position I'm
at now at the federal Home Loan Bank of
Chicago
um and for those who are not familiar
with the federal Home Loan Bank we are a
very unique organization
there are 11 Federal home loan Banks
within the United States and we serve as
banks for other Banks so consumers don't
go and bank with us what we do is we
provide funding to other banks around
the country so that they can underwrite
loans and underwrite mortgages but
because we're a bank obviously security
is very important to us
um so we're a fairly small organization
but our security program operates as if
we were a much larger company
perfect thank you for that yeah it's you
know and everything that you've
explained right the the emphasis on
security has been
um more so how do we proactively
um how do we proactively respond versus
you know
um yeah having the you know incident
happen and then we're responding right
so we'll be more so proactive rather
than reactive
um great so when we talk about uh
cryptography as a fundamental uh
component of cyber security as you
mentioned you know you work in areas of
banking uh and other areas can you
explain the importance of what maybe
some concepts of like uh cryptography
ensuring that the security and integrity
is so is more so
um communicated right so if we have
certain how do we make sure that the
data that you guys are dealing with are
how do we ensure that the security is up
to speed uh in your experience
so you know you mentioned
confidentiality and you mentioned
Integrity
um when you look at the textbook
definition of what security is it's
typically designed defined by three
words confidentiality integrity and
availability and a lot of times it's
Illustrated it's a triangle they call it
the CIA triangle this idea that if you
don't have any one of those legs you
don't have a secure system
when I first started working with secure
systems back in the Coast Guard when we
used to approach and think of
cryptography we only looked at it from
that perspective confidentiality of we
need to encrypt data that's either at
rest or data that is in transit and
moving around but basically it's
preventing somebody who possibly could
get unauthorized access to that data of
not being able to see that data or read
that read that data
one of the biggest shifts that I've seen
probably in the last 20 years is the use
of cryptography not just from that
confidentiality perspective but ways
that it can be used
for the Integrity piece of it whether
that's the use of digital certificates
whether that's the use of
um SSL and md5 hashing to validate the
fact that the data that you have
received is actually the data that was
sent to you and that nobody has tampered
with it along the way or the fact that
Sally sent you this data and what you
received was actually from Sally and not
from Bill posing as Sally and using
cryptographic techniques to validate
that and to provide not just Integrity
of the data but non-repudiation of the
sender of that data confirming that it
is coming from exactly who you think
it's coming from in addition to all the
other pieces of encryption of making
sure that it stays secure in transit and
nobody's listening in on your your
Transmissions you don't have uh what
they call a man in the middle of attack
of somebody eavesdropping and being able
to you know actually listen to your data
and capture it and do stuff with it
great yeah these are you know very
important Concepts and especially in
this world that we're living in now
where any sort of cyber security could
just we have incidents where the most
minor things can trigger off a whole a
whole uh Ricochet of different uh
incidents especially with how fast
technology is working now uh we have all
these push emails and uh phishing emails
were
just like clicking a link because just
like you know become disastrous for an
organization right it just takes one
small
mistake to get into the data and then
data is compromised
um so this is like a huge thing right
now and I and I've seen and you could
touch more about it too as well like you
we've seen this growing demand of um a
need for cyber security maybe analysts
we have different um different positions
you know cyber security is more of a
broad term and there's very a lot of
specifics
um so with that you know as a lot of
these students may be and early on in
their professions May some may not even
have any uh experience with working in
cyber security
um what are some advice do you have for
students who are interested in pursuing
a career in maybe cyber security
um and maybe anything in specific with
that but are there any particular skills
certificates or resources that you may
recommend that they should start
focusing on uh now in their college
Years and
graduate and the kind of things that
they're doing early on in their careers
so certainly uh participating and taking
classes like this and degree programs
like this to learn the basic
fundamentals and Foundation of cyber
security is a good start where you want
to dovetail with it at least for me and
what will get my attention when I am
looking for entry-level positions is
make sure that you're looking for
opportunities that you can continue to
show and display that interest in cyber
security look for those internships
we're always looking for for folks to
come in whether it's a summer internship
or a long-term internship but look for
those opportunities where you can start
to gain that experience that entry level
experience and exposure to cyber
security programs and
um the various opportunities that there
are out there
um when I'm taking in resumes for
full-time folks in particular outside of
the internet folks when I'm looking at
resumes I'm looking especially for an
entry level position I'm looking for
indications that the applicant is
interested in the field so if you've
taken a whole lot of classes in cyber
security if you've done a whole lot of
projects around securing stuff even if
you haven't taken classes in security
you've taken classes in application
design and development
I'm looking for indications in your
resume that there's an interest in
security
um and when I call folks in especially
for entry level folks even if there's
not a lot of experience and most of what
you've done is academic stuff my
questions can be well tell me about the
projects that you've done to secure
systems tell me about the things that
are going to show me that you're
interested in this field and you're not
just carpet bombing resumes looking for
any kind of I.T related entry level
position
um
I I build my entry level positions with
this idea of I'm looking for somebody
who's got a basic understanding of the
field the basic
um level of experience whether that's
degree programs whether that's that's
internships that we can then take in and
grow and teach more
um my goal when I bring folks in
specifically is in an entry level
position is I'm hiring you to retire you
I want to grow you to the point that
you're with us for a really long time
and you want to retire with us
um and we want to grow you so that
you're not just staying in that entry
level position but we're bringing you
into uh growing levels of responsibility
growing levels of uh experience within
the organization so that you can have a
full-length career through our
organization
um
and I I I've heard the message from a
lot of folks and I've seen it myself and
it drives me baddy there are a lot of
organizations who they write their job
descriptions for a quote unquote
entry-level position that they're
looking for three to five years of
experience it's a terrible way to do it
and and I hate doing it
um I push back whenever I can whenever I
see it
um but the positions that I put forward
I really word it in a way that if you've
got an understanding of I.T and an
understanding of Security even if you
don't have years and years of experience
we want to hear from you and when we
hear from you we want to hear about how
you're interested in security and
looking to grow
um beyond that other things that I like
to look for especially for the positions
that I that I hire for is that
continuing interest to grow and develop
where's your curiosity what are you
trying to do yes you've taken all of
these classes but I want to hear that
how else you're looking to grow and
develop and be interested
um especially when I'm looking for
somebody like a sock analyst an incident
investigator or something like that
these are folks that I want to be
inquisitive because when something
happens I want them to go well why did
that happen and dig into that
um but it depends a lot on the role that
I'm trying to hire for
yeah you know perfectly said I love what
you said early on when you said you know
I I uh you hire to grow and to retire
rather than just kind of like ins and
outs right so we see that a lot in the
industries
um you touched upon a lot of like a
technical skills they should have like
more so like a basic understanding of
the area that they're they're applying
for
um is there any sort of like soft skills
that you may see so like are they good
at communicating how are they receptive
to feedback are those kind of things
that you also look for
um for potential candidates
um a lot of it depends on the role that
I'm looking to fill
um especially in our organization
um I do have some of my roles like folks
who are doing vulnerability
um management those are folks that not
just are they going and detecting
vulnerabilities but we then have them
presenting to the greater or the greater
I.T organization uh what their findings
are and how they need to remediate those
vulnerabilities so so those are folks
that yeah I'm looking for good
communicators there I'm looking for
folks who are comfortable or who feel
that they're at least comfortable in in
talking to a wide variety of groups at
different levels of the organization
um when it comes to my incident
responders these are folks that
I'm looking for folks who are cool Under
Pressure
um
they're typically in situations that
when we're doing an incident that it is
a crisis and we need them to be able to
navigate and manage through that crisis
even if it's just the things that
they're doing without getting swept up
in some of the excitement
um certainly we can see from some of our
business partners
um if a compromise is bad enough there's
certainly there I don't want to say
hysteria but there can be excitement and
it can be very easy to get yourself
swept up and
whether that's cut corners or so we need
you to be calm Under Pressure
um our security Engineers a lot of the
times we're looking for that combination
of that ability to deal with the Deep
technical Concepts but also being able
to explain to business partners in
language that they'll understand uh and
translate those technical Concepts into
stuff that they can work with
yeah great like you mentioned great
points especially being calm Under
Pressure I think in my own experiences
like in the world of like corporate
things can like go very quiet and then
like Skyrocket one minute you just have
to be ready for those moments uh which
is great yeah and these are great things
to develop which leads me to my next
question you know has there been any
obstacles throughout your career that
you've had to deal with in you know
um things that may be hard to deal with
and things that you've never dealt with
and kind of maneuvering through that can
you talk about how you've overcome those
obstacles and kind of what you advise
for people
um just kind of breaking into that area
of space and like what they should be
what they should expect to happen
um
I I think one of the biggest ones
um that I've seen in a lot of ways to me
it's it's a a measure of a mature
security person is
um this idea that yes it is our job as
Security Professionals to provide secure
environments for an organization but
that doesn't mean we need to achieve
perfect security
um and and a lot of organizations and I
and I've heard it when I talk to
organizations whether that's interviews
or just their peers uh and and business
partners they get very concerned when
they're dealing with Security
Professionals of this idea that we're
just going to come in and we're going to
lock their systems down and we're going
to make it hard for them to operate and
all in the name of security and we need
to to have as tight as controls as
possible and we're going to give them
hurdles and how they interact with their
customers hurdles and how they interact
with their data and just generally apply
friction to what they do
and
especially as we move up further up into
the ranks as Security leaders and
Security Professionals making sure that
what we are doing is tailoring our
program and tailoring our goals to the
needs of the businesses that we support
um and I I see that a lot with Junior
folks who you know we have a security
incident and they look around and they
go well gee why didn't they just do this
if we had just done this this never
would have happened and looking at him
and going you know yeah you're right but
you also need to look at it from the
fact that our I.T support teams that we
partner with not only do they have to do
those things that we're asking of them
but they've also got to build out new
systems and they've got to make sure
that their business partners have the
resources that they need to conduct
business and that all of those systems
are working and they're managing that at
the same time that they're trying to
manage our security ass and that as an
organization everywhere that I've been
there there's very few organizations out
there that make money from security
security costs everybody money so we
need to look at how we approach security
with every organization that we're at of
how do we support the business and allow
the business to operate in a secure
manner but the key thing is the business
has to operate first and foremost and we
need to tailor what we do around the
businesses goals and the businesses
objectives not the business needs to go
and tell her what they do around our
goals and objectives
I love how you mentioned that because
like you'll usually have this dance
between organizations and security to
see what ways they could you know at
what cost could they minimize costs but
also have high security right you can't
have spending low money on security and
then have a high security right it's
like that low balance of like you have
to spend adequate money to get adequate
amount of security
um and a lot of organizations are still
you know dealing with this and
continuously as we talked about earlier
security is becoming a very big thing
now especially with the rise of all
these different type of Technologies we
talk about AI we talk about chat GPT we
talk about Bard and all these different
AIS that could in some way become more
of a security threat to organizations
just because they could you know do all
these you know insane different things
and
um people will never detect it right so
it's like that kind of future
um perfect so what I want to do having
those conversations now it's yeah not
even in the future it's the how do we
manage through the adoption of these
tools and do it in a secure way and some
of it is we're still trying to
understand as Security Professionals
what the risk is from these tools to our
organizations and how we Define what
makes sense there
and it's this growing concern right
because you'll you have these big
organizations like you know open AI that
operates chat GPT and what's happening
to that data right who is in control of
that data especially when organizations
freely just use chat CPT May uh there
could be incidents of which uh and you
know an ex-organization
employee types in some confidential
information of like oh can you create a
status report about X Y and Z and now
you're leaking out private information
to chat GPT
and who who stores that information
right because like it's who now has
control of it
um so it's this growing concerns and
some organizations have actually banned
their employees from you know using chat
TPT and other AI tools just for the
safety of their own organization
yeah and and those are conversations
that that I mean my organization we are
having it today I'm having it with
um my sister Banks like I said we're one
of 11 of well how are you guys
approaching it and do we then and my
argument that I've had with a lot of
folks is well if we ban it well that's
great but when Microsoft rolls out
theirs well then what and when this
other partner that we have rolls out
their tool that integrates these same
Technologies
We Can't Ban that because that tool is
integral to our operation so now what
and how how do we adjust what is
acceptable use and how do we manage
through that and we're we're trying to
work that out but it's not going to be
an easy an easy uh solution
it's one of those growing problems in
the industry and everybody everybody's
trying to figure out the best route with
it
um so with the last few minutes we have
I want to kind of give you this
opportunity to just give advice to any
potential in any individuals that want
to enter the space of cyber security I
know again cyber security is very broad
but any advice you have for students
that want to get into cyber security any
advice that you may have for people that
are maybe you even want to shift careers
right like get it kind of move away what
are some things that you would advise
and kind of we can close off uh we can
close off with that I'll leave it to you
um you know I I think that the biggest
one is is like I said look for
especially while you're in school look
for those internships take advantage of
them there's always companies that are
out there looking for that kind of stuff
um any opportunity that you have on your
resume coming out of school to show that
you've got an interest in the field
um when you go to those entry-level
interviews to be able to have in your
back pocket to talk about well these are
the projects I did to even if you don't
have the internet these are the projects
that I did around security these are the
studies that I was doing in the papers
that I wrote around how we can secure
various things and what these approaches
are
those will help you move forward through
that interview process
and then to be able to show that
continuing level of interest and desire
in the field
that that's going to help you get get
your tone adore and keep it in the door
um you don't necessarily have to have a
security background to get into security
um some of the folks that I have worked
with Through The Years they've come up
through itself but you know one of the
strongest security Engineers I work with
he was an art history major in college
um but he came up through I and was
doing I.T jobs
um I know a lot of managed Security
Services provide partners that they like
to hire analysts with degrees outside of
security because it's that idea of
they've got this well-rounded experience
yes they've come to them and they've
shown an interest in security and an
interest in I.T but this well-rounded
background and well-rounded experience
that they like to leverage for other
things
um and remember there's a lot of
different disciplines whether it's
cryptography whether it's security or
whatever there's a lot of different
disciplines within security as a whole
and a lot of different directions that
you can go not all of them are
necessarily technical
um especially when it comes to security
there's a lot of policy and compliance
stuff that are very different directions
that you can go and still be in security
great yeah these are great things for
people to kind of understand and you
know as we discussed multiple times
throughout this you know the world of
cyber security is just continuously
growing and you know today we might
think that one that we understand one
thing and then tomorrow it completely
changes we have to relearn it right
anything in this industry nowadays
especially in the world of I.T uh has
just continuously grown and it's going
to continuously evolving with the
increase of more technology right that I
guess like the saying is that you can
never have too much technology around
you so
um yeah it's you know it's a great great
thing to know and a great thing to have
so but yeah I want to take this
opportunity and thank you for joining us
Michael I think my pleasure everybody
will take this advice and you know run
with it and hopefully in a couple couple
years we'll have this video be credited
as like this oh you know definitely help
me get into my career but I I want to
give my sincere uh gratitude for this I
think this has been a great opportunity
and I hope that everybody that's
watching this takes
um takes an info from this and kind of
you know build their own career around
you know what Michael has said here so I
want to give you another thanks and
thank you for a shout out I appreciate
it a lot this means a lot to me and I I
definitely had fun having a discussion
with you thank you it's been a blast and
and you know anytime
okay perfect thank you so much
Browse More Related Video
![](https://i.ytimg.com/vi/K0HKzK-RyA8/hq720.jpg)
A new era for managed detection and response: Accenture MxDR powered by Google Chronicle
![](https://i.ytimg.com/vi/Yug9vP9ix3g/hq720.jpg?v=66306046)
I Passed the Security Blue Team Level 1 Exam
![](https://i.ytimg.com/vi/Jof2Y2xF2eo/hq720.jpg)
Are You Ready for a Cybersecurity Job in 2024?
![](https://i.ytimg.com/vi/_Y3XRruIVXA/hq720.jpg)
How to get hired as Frontend Developer in 2024
![](https://i.ytimg.com/vi/GWhbfJdAPjQ/hqdefault.jpg?sqp=-oaymwEXCJADEOABSFryq4qpAwkIARUAAIhCGAE=&rs=AOn4CLC4xHiwNPJgbxKI2zX-_J8OEsvIgQ)
[NetSec-KR 2022 Keynote] 디지털 대전환 시대, 사이버보안은 왜 주목받지 못할까? - 고려대 정보보호대학원 김승주 교수
![](https://i.ytimg.com/vi/hhS8VdGnfOU/hq720.jpg)
Understanding and Getting Started with ZERO TRUST
5.0 / 5 (0 votes)