In this episode, Kip continues his story on how he got into cybersecurity and why he stayed despite the stress and the constant threat of burnout.
The path he took will give a clearer picture as to how he got into cybersecurity in the first place and why he chose to stay in this career path, despite the complexities, stress, and constant threat of being burnt out.
In June of 2015, Kip launched his own company, Cyber Risk Opportunities. He became an entrepreneur and now, is a Virtual Chief Information Security Officer. He also worked in various industries including professional sports, consumer products, agriculture, healthcare, FinTech, and Biotech.
Kip’s path is not necessarily going to be your path, but it does illustrate that there are many different ways to enter the cybersecurity field.
Kip Boyle:
Hi, everyone. This is your Cyber Path. The podcast that helps you get your first cybersecurity job. I’m Kip Boyle, and I’m an experienced hiring manager of cybersecurity professionals. If you want to give me feedback on the show, or if you want me to answer your question on a future episode, please visit the show page at anchor.fm/yourcyberpath. When you get there, just click on the message button and start talking. On today’s episode, I’ll finish telling you my story about how I got into cyber security and why I stayed despite the stress and the constant threat of burnout.
Okay. Here’s a brief recap from the last episode. So I liked computers from the first time I saw one, although I didn’t get to touch it, listen to the last episode to find out why. And at the same time, I felt drawn to work that had to do with protecting people and things, so those two aspects of who I am kind of came together and all of that led me to being in the Air Force and kind of backing into cyber security. And the job that I had right before I left the Air Force was the Director of Wide Area Network Security for the F22 Stealth Fighter Program. And that was at Wright Patterson Air Force Base in Dayton, Ohio.
Now, after I left the Air Force, I went to work at the Stanford Research Institute in Menlo Park, California. I was a cybersecurity consultant, and I got to tell you that was one of the best jobs I’ve ever had. I really loved working there. I worked with such talented and authentic people, and the projects that we got to work on were the best that I could have ever imagined them being.
And I have tons of stories, hopefully I get to share them with you at some point, but all good things must come to an end, and so after I wrapped up at, at SRI, I worked for a company that operated a global content distribution network. And at the time it was used by companies like Microsoft to push out their software updates all over the world. And if you think about how many people are using Windows, you realize that that’s a tremendous amount of bits that you’ve got to push over the internet, and you can’t just keep serving the same bits over and over and over again to hundreds of millions of people. There’s got to be a better way to do that.
So I worked there and helped to keep the content distribution network going, and then I landed a job as the Chief Information Security Officer at an insurance company based in Seattle, where I live, and I stayed there for almost seven years, and it was another great place to work for a lot of reasons. And I want to share one in particular with you now. It turned out that the insurance company owned a number of other companies that I was able to get involved with. So as a Chief Information Security Officer, not only did we have the regulations from the office of the insurance commissioner around information security and data breach and that sort of thing, we also had a credit card and debit card transaction processing company.
So I learned how to really get good at PCIDSS. And that’s the payment card industry data security standard. So the insurance company used took credit cards as a retailer, and then I got to see kind of the other side of that equation. And we also had an ownership interest in a community bank, and so the bank was a card issuer, and so I got to see that dimension of credit cards and data security, and the community bank had a different regulator, and they followed the FFIEC guidance, so I got to learn what that was like.
Believe it or not, we had a credit union in the mix. And you might think, if you’ve never worked in the banking or the credit union industry, you might think, “Well, it’s pretty much the same, isn’t it?” No, what I learned is it may seem similar to a person who sort of opens up an account, but on the other side, there’s quite a difference in attitude and they have a completely different regulator, the NCUA, and I got to learn what the emphasis was with respect to cyber security. And sort of lashing together all these disparate companies was yet another company. It was an IT managed services provider. And one of the big things I learned from that work experience was about independent attestations through the AICPA. One of the things I had to do was lead the company through its first SAS 70 type 2 examination.
Now, today we would call that a SOC 2 report statement on controls. And the reason why those reports are useful is because customers like to have assurance that their systems and their data are being protected at least as well as they would protect them. Now, after I stopped being a CISO at the insurance company, I then spent seven years working on just general IT risk management for a global logistics company and their planet-wide network as I often would think about it. One of the coolest projects that I worked on while I was there was we shipped the first several million Xbox controllers or consoles, I should say, that ever went on sale in mainland China. We shipped those, and that was a pretty good, pretty cool project.
But in June of 2015, I launched my own company. It’s called Cyber Risk Opportunities, and you can go to that website and check it out. And so that was the time when I turned into an entrepreneur and now, as a Virtual Chief Information Security Officer. And I work with a lot of different companies in many different industries including professional sports, consumer products, agriculture, if you can believe that, agriculture has cyber risks, and they want to deal with them, healthcare, FinTech, Biotech, a whole bunch of them. And I really love working with my customers. So, okay. So what does this all mean to you? Well, the reason why I kind skimmed through my background is because there’s one thing all those jobs have in common which I’m going to use in this podcast and also in the online course, which is I have hired and managed a lot of people, and almost all of those people were in cybersecurity jobs.
And it’s these experiences that I’m going to be drawing on in my role as a path maker for you. Now, as I’ve mentioned, in addition to this podcast, I’m going to be doing something else for you, and that is soon I’m going to be publishing an online course, and the goal of that course is to help you get your first cybersecurity job. So if you’ll help me out by telling me your number one question about getting your first cybersecurity job, and if you do that using my online survey, and I’ll give you the link in a moment, then I’ll give you free access to that four week online class, and we’re going to kick that off on April 6th, 2020. So it’s just under a couple of months away. And for taking the survey, I’m going to give you an immediate thank you, which is a free copy of my Amazon bestselling book, Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks.
Okay. So to do the survey, here’s the link you go to b.link/cyberpath. So that’s the B dot L-I-N-K forward slash cyber path. Now please do me a favor, and do us all a favor and forward this survey to anybody else you know who might be interested. And I would love to put you and your friends on the student roster for this first course.
Okay. That’s enough for now, next time I’m going to share with you some of the results of the survey. We already have many respondents, and there’s a lot of really great questions coming in, and I’m going to pick a few, and I’m going to share them with you, so you can get an idea of the kinds of things that we’re going to cover in the online course. So until next time, remember, you’re just one path away.
YOUR HOST:
Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!
YOUR CO-HOST:
Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.
Don’t forget to sign up for our weekly Mentor Notes so you can break into the cybersecurity industry faster!