An ongoing look at why and how our Foxes started their career in security. This is the fourth installment of the series.
Name: Joe Ward
Position: Senior Security Analyst
Proud Fox since July 2017
Meet Joe Ward, Senior Security Analyst at Bishop Fox
When Joe Ward decided to switch gears in his IT career to a specialty, he chose security. In his Path to Security, he describes what helped him get to his current role at Bishop Fox as well as the importance of strong writing skills in the industry.
What originally drew you to security?
I’ve had a lifelong interest in security. It’s been part of what I do, even though I was only really a hobbyist as a kid. I love taking things apart and seeing how they work. Plus, watching “Mr. Robot” further piqued my interest in security specifically. I never really wanted to get boxed in by a specialty. However, security is a field where having a variety of experience can be a great asset.
How did you get your first job in the industry?
I learned as much as I could and studied frequently on my own. I became involved in the local hacker community and started attending events, which led to a contract position. It was through networking that I eventually crossed paths with Bishop Fox.
Tell me about one career highlight.
I successfully set up a worldwide Content Delivery Network (CDN) for a security software organization. One of the challenges I faced was that we had to move high volumes of content between datacenters quickly. We had to ensure that these large files could travel across the globe efficiently and reliably. This was a very cool thing to be a part of. Here at Bishop Fox, I’ve been involved in building an application security program for a Fortune 100 organization – and it’s been amazing so far.
Where would you like to be in the next 5-10 years (career wise)?
I want to be more focused on pen testing and continue to help companies improve their security. I also want to present more and be more involved with the greater security community. I want to shift the IT culture more toward security.
What was one unexcepted challenge you have encountered?
My entire career, honestly! As a consultant, it’s usually walking in to situations where the people in the room don’t have the skills or experience necessary – so they called you for your perspective. That aspect of consulting can be a challenge but that type of challenge appeals to me. Having to up my skills with writing is another thing. In every other role I’ve had, I had to always develop my own template and my own writing style. At Bishop Fox, we value writing so much that we have an editorial department. Improving my writing skills here has been a humbling experience.
What advice would you give to someone wanting to break in and/or advance in security?
Practice – but don’t live hack people! Build out your own lab, learn as much as you can, and be open to new ideas and experiences. Check your ego at the door. You must be willing to take guidance to get better and to learn the things that you don’t know. In general, there’s a problem with people saying they’re good with computers because they play “World of Warcraft” and are therefore demanding a 100,000-dollar salary. With cybersecurity specifically, you need to get involved, go to the events, and find the resources that will take you to the next level. Understand not only the tools and what they do, but why they work. Do you truly understand that vulnerability? Realize the difference between being a penetration tester and a script kiddie.
What is the greatest resource you have found?
I built a test lab from vulnerable machines on VulnHub, watched four years’ worth of DEF CON talks, and started working toward my OSCP. The Hacker Playbook 2 by Peter Kim is a tremendous resource as well as countless blogs. I was voracious to consume anything and everything I could find.
What’s the biggest misconception in security?
It’s not all hoodies and pizza*! It’s all kinds of communities; security is open to anyone with that mindset devoted to figuring out how things work.
Tell me one interesting fact about yourself.
In my outside-of-Bishop-Fox life, I’m a certified rescue scuba diver.
*But sometimes there is pizza.