Enterprise InfoSec Meetup Grows New York’s Cyber Community
Tenacity And Passion Key To Successful Cyber Workforce
On Episode 95 of the Task Force 7 Radio podcast, host George Rettas spoke with enterprise cyber security veteran David Raviv who currently serves as director of sales threat intelligence for LookingGlass Cyber Solutions and is the founder of the New York Enterprise Information Security Meetup group. David started his career in the Israeli Air Force as an unmanned vehicle pilot and was an early employee of the Herjavec Group. He has also held cyber roles at Proofpoint, Code Green Networks, and Fishnet Security.
The duo discussed the success of the Meetup group and what value it provides the local New York InfoSec community. Beyond the group opportunities, David provided recommendations to those looking to get into the cyber security arena and discussed the challenges for operational cyber security jobs in the metropolitan New York area.
With over 5,000 members of the Meetup group, how did David grow the group to become so large? “It's all about value. What I am trying to achieve by hosting these events is to give back to the community and allow people to learn something new in the space.” Most cyber security professionals are siloed, said Raviv. “If you do endpoint security or you do network security or you operate in a SOC, odds are you're not exposed to other areas within cyber. So, you have the ability to come to my events and learn something new. For me, it was about delivering consistency, value, and content.”
The cyber security industry can be a negative industry from the pressures to avoid and recover from incidents, said Raviv, and it needs more face-to-face interactions. “I would love to have an environment which is kind of a safe environment; a happy environment where people come in and mingle. And it's not all about ‘what's the latest and greatest in cyber security?’, but also enjoy yourself while doing it.”
Thriving At A Cyber Security Startup
George inquired about David’s recommendations for people wanting to get into the cyber security space. “If you're thinking about joining a startup in the cyber security space, you must think very closely if you have the tenacity and real passion to do it because you're going to realize very quickly that it's not all that glamorous and the odds are against you in terms of enjoying it,” warned Raviv. “It's all about passion. It's all about having the right team that you can rely on to help grow the business. And it's all about picking the right startup and there's really no kind of crystal ball. Hindsight is always 20/20.”
Raviv shared cautionary tales from his own experiences and noted that the successful vendors are few and far-between. “First and foremost follow passion. If you're really passionate about cyber security and you want to contribute, the startup space is the way to do it because you have the ability to pave your own way.”
At a pre-seed or Series A-funded startup, everybody does everything, so you don't have a real defined set of roles and responsibilities explained Raviv. “You may need to grab coffee and donuts for the team then work on a proof-of-concept (POC) and then go out and install a box on-site. The roles in a startup are diminished. It's a phenomenal opportunity to grow personally, but it's not without risk. I highly recommend looking at your financials and see if you have the ability to sustain a low-income, high-stress situation for a while.”
Enterprise CISOs Embracing Startup Innovation
The cyber security industry pushes on despite frequent news about mega-breaches with more than 1 million records exposed. Raviv asked the podcast listeners to realize, at the same time, there are thousands, if not tens of thousands, of financial institutions in the U.S. and the majority of them do security well.
There are also a handful of CISOs that embrace security startups and innovation. These folks have stuck their neck out and come to the forefront of information security. These folks are known for being at the top of their game in cyber security. And with the high visibility comes a high-stress job.
Companies frequently complain about the lack of qualified cyber security professionals. After Y2K, news stories reported 1+ million unfilled IT and IT security jobs. “This issue continues to weigh on enterprises,” said Raviv. But is it a real talent gap or caused by a lack of funding?
Fight Or Flight: NYC Battles Quality Of Life Workplace Challenge
Appropriate and qualified personnel are always available, said Raviv, but at what cost? “If you're in New York City, the enterprise will pay a premium to somebody who's a qualified professional. They are available, but they might be expensive for somebody who has the experience and the clout in the industry.”
Rettas sees a lot of jobs leaving New York City, especially the operational jobs due to the cost to hire similar roles for less in other U.S. cities. “An enterprise needs to become more flexible in terms of allowing people to work from home and work remotely,” responded Raviv. “Commuting an hour or two into the city every day because you want your family to grow up in a nice area with a lot of greenery is not something that workers like to do. The remote, flexible, and life-work balance scheduling allows people to stay in New York.”
“It is still a challenge and some of the operational work is really hard to fulfill without an on-site team,” conceded Raviv. “Increased workload on the SOC requires teams that are trying to keep up with the escalating threats. Some people are just worn out and they want out.” Eventually, believed Raviv, because of the lack of resources, additional flexibility for some of these organizations will become dictated.
In part two of this Task Force 7 Radio podcast recap, this week’s guest David Raviv shares a few cyber security career lessons, discusses the challenges of cyber security startups, and offers insight into the changing enterprise cyber landscape.