From Zero to Cyber Hero

all right welcome everyone um uh B-side Charlotte talk my first one uh today we're going to take a little bit different look uh around cyber security and talk about maybe some of the things we don't hear a lot of about the engineers that are doing the work and how I T operations kind of connects you know with our clients and some of the decisions that we make um to introduce myself my name is Nick Newell I'm the founder of rival I.T a boutique MSP and cyber security shop based here in Charlotte North Carolina um my background is in systems network engineering and cyber security I've operated three other technology shops um and worked with teams overseas in South

Africa and India integrating them into one team and kind of One mission to help support our clients and also operated many other companies in between so um a little bit of everything so today I wanted to share uh my experience and how I.T security really meets operations and interacts with operations you know with the folks that we're supporting and how some of our decisions may impact a business right that's not something at least I was taught early on um we're going to talk about some soft skills right that'd be great for engineers to have or develop potentially about how to manage their time and we're going to touch on AI some as well that's a hot button topic this year

of how we can scale ourselves you know with augmenting our with AI and integrating it into our daily workflows we'll discuss situational awareness and how to make great decisions on behalf of our clients that we're often supporting in cyber security and how to take ownership and really Drive process and our tickets forward and then at the end we'll talk about what a typical career ladder looks like at most cyber security or MSP shops and what you may expect your career trajectory to look like and how to get to that next level if you're already at one of these stages how do you progress and what's required to progress uh throughout that Journey so let's jump in this is one of my favorite

quotes uh from Steve Jobs and it's you have to start with the customer experience and work backwards to the technology and I don't think this is one of his more famous quotes or I don't think there's only any of the Apple Keynotes from what I recall but when I heard this it really resonated with me um as an engineer when I was doing the Hands-On work I often got excited by the latest and greatest technology tools you know the the AWS versus the Azure and now the Sentinel one and crowdstrike or threat Locker what's the best coolest thing on the market that I can kind of fit my customer into right that's that's where I started

and I've learned over a long career so far that that's not always the best approach just because something is the latest and greatest doesn't mean it's the best for every client or every situation everyone's budget so to speak so usually when you start talking about this uh kind of push and pull I often think about it as a slide scale right so this is kind of the battle that we deal with in cyber security is we have absolutely very secure on the left side and then we have very relaxed convenient easy to do my work on the other side right and I think about it as this sort of slide that goes back and forth

and our role right as cyber Security Professionals is to balance this slide and find the right place for it so if we move the slide too far to the left on the security side which kind of satisfies us as the cyber security Engineers right the the business may not be able to operate in a manner that they can service their clients or to build revenue or to do what businesses do right so if we slide it all the way back to the Other Extreme on the convenience side right we may also harm the business by things being too open and vulnerable to attack also shutting down operations and probably reducing Revenue also if there's a cyber incident

so we're experts Like Us come in you know the Cyber professional is to move that slide scale and work closely with our clients for them to really understand what protections they need and to really build scalable Solutions so that they're protected and we're also enabling the work that they're doing we don't want to make things harder for our clients or businesses that we're supporting we want to make them more efficient we want to make them better we want to make them more secure right so finding that spot on the slide scale is going to be important when we're doing this work right out in the real world so consider that right not always the best it doesn't have to be the latest

and greatest shiny thing but find what works for your clients and have these open and honest discussions with them about this slide scale right and find the perfect place for them to land all right so shifting gears a little bit right I want to start moving into the engineers Journey right and some of the things that I've heard throughout my travels and managing teams um is this statement on top here right I'm just too busy I don't have time to do that right I just I don't I've got too much work right I'm overwhelmed I just couldn't get to that task and I I'm I was guilty of this too right until I had a great mentor kind of opened my

eyes to this concept and when we say I'm too busy or I don't have time what we're really saying is that task is actually not a priority and here's why so we all know how many hours in a day that we have 24 hours in a day we all know how many hours we're going to work that day the 8 9 10 hours whatever it is for your schedule and then we also kind of have some control or some idea of what tasks that we need to get done within that period of time so saying that I didn't have time or I'm too busy is not true what's true is that task was just not

high enough on my priority list to do today right and this is something I still catch myself saying often right and I like to teach folks to be intentional about what they're saying and how they're managing their time generally in an MSP or mssp or some cyber security Shop Right Time matters you know the way we're spending it so especially when dealing with an incident right it really matters so we need to make sure that we're triaging and we're understanding all the tasks that need to be done on the left side and then ordering them right and the appropriate one two three four five the the stack that we're going to do them at on the

right and make sure that we're progressing through that in a meaningful way this way we're getting the most important things done right when they need to be done and we're not missing anything and again in our world right missing something for or not reacting to something within 5 10 15 20 minutes could be a big deal it could be a disaster so when when thinking through this you know time is kind of our construct and how we're using our time it it leads me to think I'm the next thing is efficiency so how can I be more efficient as an engineer and be more intentional with my time and it just so happens there's a great

tool for that right ai ai is the answer it seems like for everything nowadays I don't think there's a SAS app that I've used in the past six months that either has already integrated some form of co-pilot or AI capability or has it on the road map or it's coming very soon but this is part of our Lives now and for those that are newer into cyber security or into their I.T career uh AI is not necessarily a uh a new construct right at least in its current iteration we have been writing software that could write software since the 90s it's uh not necessarily new but it's finally kind of hit that event horizon where it's

entered the mainstream and it's built into a product that's easily usable by the masses so now that this tool is out there right how can we use it to make ourselves better how can we enable ourselves to be more efficient and how can we maybe scale our skill set a little further than maybe it really is in actuality right how can we create that value uh in our roles and for me right I I can I can write code barely adequately in these days right and uh python was always my language of choice um our Powershell but using AI chat gbt Bard whatever your favorite uh flavor of llm is um using chat gbt we can just prompt it

with text to Output code right at least at a basic level and if you've learned some code in college or through code academy or other means or maybe just on your own it gets you pretty close usually about 80 90 of the way with some basic things but if you have that skill set or you understand the constructs or framework of how code is written you can use a tool like chat gbt or Google bar to really accentuate your work right and this is an example I just used the other day myself I uh on a server for a client we needed to find out what folders you know within two terabyte data set you know actually

had data in them which ones are blank and how long ago they've been updated right so this data can be cold storage or is this hot data warm data what is it so we needed to figure this out and provide this context to our clients so I could have probably hacked together a script with python or some other you know Powershell to do this but I went to trusty chat gbt typed in the instructions and I got outputted a script within five minutes that was usable that I could provide an output for and that really helped me scale my skill set right so instead of spending hours creating it 10 minutes I was already past this barrier and moved on

to the next thing right so I hope everyone leaves you know this talk you know maybe with a different kind of understanding of how AI can help in your day-to-day role right so coding amazing also great with uh formatting emails is another one our writing letters I use it for that often another thing now that's built-in functionality I noticed in 3.5 is the ability to put a wrapper around the the text that you put into the application with chat GPT right and a rapper is kind of the set of instructions on how to manipulate responses with a tool so what we've been using at rival it is we use Microsoft teams to record our internal

meetings right and team provides this text transcript of the meeting right who was speaking and kind of identifies the people and we've written a rapper for chat gbt to take this meeting to summarize it right in just a few sentences of what was the topic what was discussed and then we've also prompted it to enter uh any takeaways or action items and who those action items are assigned to and to associate any due dates or any deadlines that were mentioned during that meeting right so teams gives us this wall of text of what's happened we we built this wrapper for chat gbt input the text and we get this really clean output of a summary the takeaways the

deadlines and who needs to do what so everyone understands what the next steps are and then we can schedule and move forward with these action items and not just show up to a meeting and I'm sure you've all been on one of these right when you go to a meeting everybody talks about a bunch of stuff and you leave and it's kind of like what the heck happened right what do we do next what are we supposed to do using AI using these tools that we have available we're actually able to keep ourselves on track right and drive our efficiency and drive towards a better client experience so moving forward past AI right another thing that I like to remind Engineers

about is to be situationally aware right just be aware of what you're working on and what's going on around you and this this first bullet point I always get questions on this one uh I'll be curious if I have any from this group but know what you don't know right and I get this all the time Nick how can I know what I don't know if I don't know it right it's kind of like that oxymoron but what I mean is when you come across something or you get a ticket or you get a response for a client and self-assess do I is this something that I'm an expert in do I know how to answer this

question or do I have any idea what's going on at all right those are kind of the questions that I ask myself even when I get these things and it's important to do that because especially in the context if you're servicing clients if you get a ticket and or maybe an incident Right comes through through your sock and you're not familiar with that incident you've never seen it before you don't know what the alert means a lot of us in in Tech and cyber security specifically we like problems we like Puzzles we like to figure things out we like to learn right so we we're more than willing to just dive into something we don't fully

understand to learn about it and become the expert and usually that's great when it's not great is when we're servicing a client right and we there's some expectation on the other side so in this example if this security incident comes in and we're not sure what it is and we spend five hours researching it and then we finally figure out what's going on if there is a real security threat there that threat has already had five hours to percolate and do what it's going to do and maybe damage a client's environment or maybe our own environment if you're doing internal cyber security for a company right so that time period of of understanding can make all the

difference in the world potentially right so it's important if you get something like that and I want to let everybody know that it's okay to raise your hand and say hey I need help or I need to escalate this or I need someone to look over my shoulder with this or to give me some Direction as an operator like at my company we encourage Engineers to do this to raise their hand and say I don't know and there it may be a situation when you get that feedback or advice from your manager or supervisor team lead whatever and say it's okay spend the time to learn on this maybe and that'd be awesome right but sometimes it's not and

you may need to escalate that that ticket to a person that maybe is more experienced with that particular thing and then can address it more quickly and I always encourage everyone to follow up on that issue to ask that person later hey whatever happened with that or what's going on stay involved with it to learn but we have to understand what's happening in the real world we can't be selfish enough to hold up remediation or to not offer launch a uh a defensive right to get our client to stop an attack or to prevent something that may be in progress we can't have that big barrier time in our way so we need to be moving forward

through these type of issues so that's where the next Point comes in don't don't try to be a hero in cyber security no one knows everything and you certainly aren't expected to know everything by any means right so everyone has their skill sets everyone has their Specialties we're all always learning and we're all always getting better so don't think that you have to take everything on and be the hero and try to save the day at the detriment to a client you're supporting or maybe your internal organization even uh don't be that person right make sure you're raising your hand and you're getting tickets or incidents to the right person at the right time and the last Point here as far as

situational awareness goes be aware like I said in the beginning of what you're working on and what's coming in right if you're seeing recurring incidents come through or recurring alerts think about is there a way that I as an engineer could stop this from happening ever again right so if we get the same alert for the same false positive that Sentinel one is producing this alert for some McAfee pseudo antivirus that's on a user's computer we say oh well we just unquarantined it and move on but we don't actually fix the root issue of making sure we remove that application from the user's computer so that we don't keep getting these alerts from Sentinel one uh to alert us right so

think about that when you're working that that sock desk are you working your help desk and you're seeing these recurring issues come in identify those and again say have we put a Band-Aid on this before and now it's returning or is this something that we need to do like a five wise analysis on or that we need further expiration to really solve this challenge right because when we fully solve a challenge not only is it no longer concern to our client or the entity that we're supporting but we don't also have to spend time on it anymore internally right we're I.T folks let's be a little lazy right let's use our skills to stop so much work from coming in script

things and put things in a better place right for our end users or for our clients so as far as being engineer right and I've I've kind of messed around with this methodology for my teams the last 10 years or so this idea of Leaning forward with the work that we're doing right so when I say Lean Forward I really mean it for everything that we're doing right so if you have a ticket uh make sure we're being aggressive and pushing towards a resolution right what I mean by being aggressive is if there's an outage or there's something like that or waiting on another third-party vendor to get back to us don't be passive right and

just say well it's on their end I'll just wait until they decide to email me back or to call me back and I'll wait a week or a few days uh I encourage our team to push forward right lean further forward to those resolutions and proactively call hey it's been a few hours to be making progress on this or hey we touched base yesterday what's the next step or is this working for you still or um you know did Sentinel one start reporting in or crowdstrike whatever the case may be push towards that resolution don't be passive right a lot of us in I.T and cyber security were largely introverts right we're more comfortable behind the

screen rather than being in front of it usually we're more comfortable sending a text versus making a phone call right or sending an email right that just kind of feels better for us but we have to understand the rest of the world doesn't operate necessarily the way a technology professional whether it's just I.T or cyber security specifically we live in email we live in ions we live in teams and slack in these chats right Discord but the people that we're supporting are the businesses that we're supporting generally don't right so we need to understand that and communicate in a way that is great for them also right so it may feel a little weird to pick up a phone and call

someone or to follow up on something but your clients or your users are going to appreciate that because it shows that you care and that you're pushing forward towards your resolution right so think about your own experience if you've dealt with something right like if you're expecting someone to call you back like this has happened to me at our office recently internet goes out call Spectrum and Charlotte and say hey internet's out and they're like yeah we know you know somebody hit a fiber line you know doing construction they'll be on at three o'clock well great right so three o'clock comes around still no internet four o'clock comes around five o'clock comes around I'm kind of wondering what the heck's

going on right and on the client side I've wondered for a while now right I'm really I'm really wondering what's going on here and I'm like surely they're going to call me any moment and they don't so finally I have to feel like I have to reach out and push this right and understand what's happening I said oh yeah there's a complication it's not going to be till tomorrow right think about how you react in that situation you're probably going to be pretty frustrated so not only did they tell you something an expectation and didn't meet that they also didn't follow up with you to let you know the new expectation and now you had to just be left wondering

for this period of time and then finally you get so frustrated you call them back and even if you don't you know that doesn't come through on the call you still feel that way right and the same thing is true for our users or our clients that we're supporting don't make them wonder what the next step is or what's going to happen next or what the situation is what's going on there's a line in one of the Batman movies and I forget which one maybe someone knows but uh I think the Joker said no one panics when things go according to plan right and that's so true if we know what to expect and we

just tell someone hey it's going to be three and then it's going to be eight and then it's going to be 10 for that ISP to come on right as long as I have some idea of what's happening and that someone's informing me and there's some type of plan I'm good right I feel better about that when people get anxious just because there's no plan there's no communication there's no Next Step there's no documentation everyone's kind of just wondering what's going on so when you're working with your teams right are you supporting users make sure that we're communicating early and often and what the plan is and what's happening right and make sure in your

tickets write a Next Step maybe the next step is to call somebody maybe the next step is this is resolved right for my teams what we do is at the at the end of our tickets we just write NS right in for next ask for step and we put two backslashes and just put whatever the next item is Right easy peasy none of the other team members have to call me and ask me hey Nick what's going on with this ticket right it's already in the ticket next step's already defined I've documented it right so if a client calls while you're at lunch or an end user calls we're at lunch one of your colleagues can cover

and say hey it looks like Nick's here he's going to do this thing next no problem right people don't panic when things go according to plan so it's our responsibility to make the plan and help them understand what the next steps are with whatever we're working on so shifting gears once again right thinking about this career mindset of cyber Security Professionals or I.T professionals at Large what what do we need to do or what should we how should we be thinking uh if we want to move into that next stage of our career right how do I get from the help desk to that team lead role how do I get to be from an engineer to a

manager what what what skills do I need right how can I how can I start getting my manager my boss like thinking about me as a candidate for one of these roles right so I think it starts with the title here right you know at least for me I'm looking for owners not renters I want someone that owns a process and takes responsibility and is ready right to take on things that even may make them a little bit uncomfortable and that's okay right that's how we grow that's how we get to our next stage in our career we're not going to do it by always being comfortable you have to kind of edge yourself out to that you

know where you're not quite comfortable and you know really stretching yourself a bit so if you want to be a leader or a good boss or a great manager lead from the front right be there with your team team Works late you work late right um I always like to work in the same we call it the bullpen right where all our Engineers are I don't want to sit in an office somewhere or on the top floor of some building I want to be where the work is happening and where the teams are working right so if you're considering a management role or you are a manager be where the work's happening be where the conversations are be where

the people are if possible I know a lot of teams are remote these days but even if you're remote make time to be in person and be intentional with that time and how you can be with your team right so this is what people are looking for right be a leader lead from the front and be that go-to person so even if you're not a manager or anything like that you can still be a go-to person being an SME you know subject matter expert on one of your tools you can be that go-to person no one's stopping you from learning more and writing documentation and sharing information with your team no one's stopping you and

then all of a sudden overnight you're kind of the SME for crowdstrike and then maybe you're the SME for uh avanon or whatever you're using the security products that you're using right maybe you're that expert this is how you start creeping into that next level which we're going to talk about a little bit more right of how to get into that job or that next role before you actually get it and most importantly right is don't gatekeep information I see this all the time with other teams I've worked with there's someone on the team that knows something and they don't really want to share it with anyone else because they feel like that creates their store of

value that oh I'm going to be the go-to person for this and they can't fire me because I know this if you're doing that please stop it it's not a good look right you can what is it uh you can attract a lot more uh a lot more flies with honey right so sharing information being that leader on the team and empowering people is all like what it's it's about like leading teams right that's essentially all you're doing is empowering teams to do their best work so if you're gatekeeping information you're certainly not doing that and you're probably on your way out if you're doing it you just don't know it yet right so if you're doing that

today please consider stopping finding a way to empower your team right and finally this one hand up one hand down concept as you're climbing a career ladder think about climb an actual ladder as you're going up think about all the advice that you've gotten the books that you've read the mentors you've had the good bosses the Bad Bosses where you've learned these lessons right you've been a benefactor of this so as you're going up throughout your career think about how you can reach down and pull someone else up with you right pull them up to that next wrong on the ladder enable them teach them and doing so you're not threatening yourself you're not diminishing your skills you're

actually making yourself better right it takes a different level of understanding to teach something versus just knowing something or understanding a concept so if you're able to do that for someone else and pull them up along with you throughout your journey in your career that's really the best thing to do even for you as an individual right it feels good helping other people and you're you're learning how to lead and be a mentor for someone else so continuing right on this kind of Journey this career ladder this is typically what it looks like for for most you know it shops cyber security firms that I've worked with at least right generally when you start at one of

these firms you start as a sock analyst right you're a help desk uh technician you're taking all the incoming work you're identifying you know these alerts generally analyzing them if they need attention or if they're false positives and you're really kind of beginning to understand the work right usually you're here for a year maybe a couple years you know at that analyst level maybe you start thinking hey what's next right so what's next is that team lead role for a lot of shops that kind of in between the the analyst and the engineer and generally the team lead acts as a filter between a help desk or the sock and our engineering team kind of filter

out requests that would normally pass through there you know uh unimpeded we want the team lead there to really support the the analyst team or the help desk give them what they need solve any you know uh simple or basic escalations and filter out some of that noise from our engineering team right we want our engineering team to be working on architecture you know solving security incidents um doing you know reporting uh after the fact maybe for insurance or Auditors we want the engineers doing you know that that more impactful work if you will not that the analyst or the help desk is an impactful it certainly is but the engineering team needs to focus on what

they need to focus on the other teams need to focus on their priorities right so the team lead really helps enable this role and I've been in this role myself and I felt it to be very Dynamic right so I learned a ton being in this team lead role of what what how I could help teach right the people that I was working with on the desk and liaising with the engineering team right and learning from them and them helping me solve problems for the team that I was supporting right so like in that role I probably learned the most throughout my career in that kind of in-between role right so if you're curious of what that team lead role

looks like that's generally how it works um moving forward past the team lead into an engineer right so I wish someone would have talked to me about this before I got to the stage in my career but the sock analyst the team lean role they're kind of the minor leagues if you will as far as responsibility and impact goes uh compared to being an engineer is more like being in the major leagues right so now the stakes are a little bit higher when you're an engineer you're working on real businesses you're working with businesses with real Revenue right you're solving bigger problems you're dealing with higher level incidents you're making recommendations that someone is going to

take as gospel and you can't be wrong we're here to give that technical advice or to build out the cyber security framework we need to be right about it because if we're wrong it could have negative repercussions right so understand generally moving into that engineering world there's a different level of responsibility and education and maturity required to really do well in that role you have to start thinking about how that business works like we talked about in the beginning right how do we power a business with technology right not how we have this cool technology and have a business that pays for it all right we need to power these clients with the technology that we have

and keep them safe and secure so moving past the engineer into a senior engineering role it's kind of more of the same except to get more into the architecture right do we use this product or that product and why does this meet our clients compliance standards right does it satisfy FCC or HIPAA requirements things like that right so that's more of a known quantity that's why I've even designated kind of the same color as the others throughout the engineering path here kind of blue pill here if you will is the management side so I actually was in this exact position about 10 years ago in my career and so I want to continue being an engineer and

stay technical I don't want to try to do this management operations thing right and I had no idea how to be a manager at the time or really even what that meant I did some research and for me I found that doing a self-assessment I really like to solve problems right and that was the core of what I really enjoyed and I think that's true for a lot of people that are in cyber security and I.T in general we like to solve problems we like to build Solutions so it wasn't clear to me until I researched this but being a manager or an operator is essentially that but instead of solving technical problems you're solving people problems and

process problems which is way more difficult than the technical stuff right just being honest here um everyone's different everyone has a different work style everyone you know has a different way of thinking how do you get an entire team of people to start moving in the same direction with the same goal the same strategy how we organize our documentation right how do we manage our work how do we keep our clients happy right how do we think about growing and when we need to hire more people or not hire more people right all problems to solve all require that same kind of tactical mindset just like the engineering problems right or the cyber security problems it's really

the same muscle just apply it in a different way so I know that management thing is kind of like a bad word to a lot of us right um the manager is kind of the enemy a lot of the times but I'd encourage you to be open to it right and really self-assess if it may be for you and it's not for everybody and that's okay but you need to decide what you like to do and how you want your your career to progress and be intentional about where you want to be think about that ladder analogy that I use right where do you want to be on that ladder maybe you're happy being a team lead and you're happy

with the money you make in your schedule and you want to focus on your hobbies outside of work that's awesome that's great nothing wrong with that at all but if you want to move forward I wanted to discuss you know what that would look like and how you may do it so a few ways right uh on how to get promoted or how to get to that next level you know look for ways to provide value like we talked about right so providing value for me would work for me personally is being open to to work that was outside of normal working hours right so the msps I worked at hey we got to do a project on the weekend who's

available you know who wants to help and I started raising my hands right and the first time I raised my hand it was just kind of just to see what this you know server project or networking upgrade or this you know working on creating this mpls or whatever it was what did that look like right I was just someone on the help desk I didn't really know um but I wanted to know I wanted to get involved right I wanted to see what this kind of next stage looked like and when I did that I noticed a lot of things started changing for me right and it doesn't necessarily have to be after hours but

when I volunteered to help or to get involved with this number one your manager or boss will start to notice hey this person's kind of a go-getter they're getting out there right they're they're willing to you know get outside their comfort zone a little bit and the second benefit for you personally is now all of a sudden you get to spend one-on-one time with that really Advanced engineer on your team that you maybe not don't get to talk to that much or get to work closely with and then once you start working with them they show you things right you're helping them out you're just kind of being there and you develop a relationship you know with that person

so now you may have created this kind of mentorship where they're kind of hey Nick check this out or let me pull you into this or hey I need some help with this other project you want to help right you were you're developing this Rapport within and then now all of a sudden you're the go-to person and now all of a sudden you're the involved in the high level projects right you're a contributor you've kind of skipped to that next level and no one even really knows it right and that's exactly what you want how do you get involved how do you learn how do you get the information that you want right how do you get to

that next level that's how you go above and beyond in your role right simple as just raising your hand or just saying yes just to get involved people notice this is exactly how you get the job before doing the job right no one is just going to show up to you and if you're on a help desk let's say your level one analyst and say hey you you seem really smart let me spend a bunch of money and time to train you give you everything you need and then move you to level two and then pay you more money a lot of people think that's going to happen right it sounds pretty silly when you say it out loud that's never gonna

happen you have to start doing the role and leaning forward into what you want to get noticed and to let folks know that hey this may be a person for this role or this may be someone we need to bring along a little more quickly they're providing more value to the organization than the role they're currently in we need to move them up right that's how it works no one's just going to pluck you out of your spot and put you somewhere else okay so wrapping up here key takeaways so start with the customer experience and work backwards through the technology right think about how you can utilize tools like AI copilot whatever it may be to enhance and augment your

skill set think about situational awareness be aware of the work that you're doing and that your teammates are doing and make sure it's the best use of our time and it's of the highest priority and finally if you want to get promoted or you want to get to that next stage you must do the job before getting the job all right that's it thank you very much