Jack Daniel, strategist at Tenable, was this morning inducted into the Infosecurity Europe Hall of Fame for 2015. Speaking before the formal induction, Daniel took the opportunity to describe his background in the community, and explain how he has risen to be one its most respected members.
Starting out as an auto mechanic, his experience fixing problems with cars set him on a path to diagnosing and solving technological issues that would eventually lead him into work in computer security, he explained.
His work at a car dealership soon saw him taking on responsibilities for administering the company’s computer systems: “From there it was learning everything I could, because I really liked the challenge of solving the security problem without sacrificing usability.”
A career in security consulting followed, before, eight years ago, he moved into the vendor space with German firewall vendor Astaro, now owned by Sophos. While there, Daniel said, he learned a lot about the outward-facing side of industry, assisting customers and end-users in trying to secure their environments.
Comparing his experiences coming from the automotive industry, he said “there were a lot of things I had to unlearn”, citing the automotive industry’s poor customer relations as something simply incompatible with the culture of the infosec.
One of the key lessons he learned along the way has been “[learning] we can’t solve problems without money.”
The security mindset, he said, “is often about doing the best with resources available. For many, often it is a choice between paying employees and renewing firewall defenses.”
The lesson of prioritizing resources is key to anyone seeking to move into a management role within security, he argued.
In his experience dealing with more senior officials within security, he said: “You can tell the people who have come from the trench position, writing code and doing admin.”
There are those, he said, “who hang onto the absolutism you have when configuring switches or deploying machines – but if you don’t temper that you hit a wall. Those who communicate and compromise tend to move forward and be more effective and satisfied in their job.”
Daniel cited his involvement in communities as another key factor underpinning his career in security. He explained his role in the BSides community, from its beginning as a local grassroots scene to a global movement, bringing together “people who would otherwise never have met” to share knowledge and enhance security practice worldwide.
The biggest challenges currently facing the industry, Daniel reflected, are that many of the fundamentals in protocols and old, universal code libraries are “overdue” for assessment. Legacy code has proven to be a source of several high profile vulnerabilities in recent years – a trend Daniel suggests may be set to continue.
Asked what he would do differently if able to restart his career with the benefit of hindsight, Daniel suggested he might focus more on building his software development skills.
“The language I work in is the English language – it’s powerful but won’t help to deploy 10,000 instances of docker containers this afternoon. A lot of people have this challenge. It’s important to understand coding at some level even if you don’t do it anymore.”
And Daniel’s biggest lesson? “Share what you learn. Engage in community, and be part of the conversation.”