Filling the Cybersecurity Talent Pipeline
It’s been widely reported that there is a global cybersecurity workforce shortage. Those of us working in the industry are seeing the tremendous growth in the industry firsthand and seeking ways to add to our pool of available talent. One such idea, the Secure the Future Academic Competition, has proven useful in identifying qualified, early-in-career individuals who have what it takes to work in this booming industry.
Developed in 2019, Secure the Future enables students who are currently enrolled in Palo Alto Networks’ cybersecurity curriculum at colleges and universities around the U.S. to participate in a four-phase competition to demonstrate their research, analytical, and presentation skills. Candidates select an industry sector and, over the course of four months, conduct in-depth research in order to identify potential security threats in their chosen industry and recommend an array of security solutions that leverage threat intelligence and a thorough understanding of business platforms.
The competition requires exceptional skills in time management, research, organization, problem-solving, and presentation, as students must complete independent study while completing a series of assignments and preparing a video and slide deck presentation, all outside of their regular school work. And at the end, the top three competitors receive cash prizes as well as internships and/or full-time employment at Palo Alto Networks.
At Palo Alto Networks’ Unit 42 and Threat Analysis Unit (TAU), we frequently seek interns for a few reasons. Interns often expose us to new concepts that are being taught at the university level that could enhance what we do. Most importantly, it provides us with a future job candidate who will have good foundational skills and may wish to join us full time when their formal university education ends.
Early this year, as I was looking to hire a summer intern for the TAU, a member of our University Recruiting team reached out to let me know about a young man named JR who had recently taken one of the top three spots in the Secure the Future competition who seemed like a good candidate for the internship. He told me that JR stood out both from an interpersonal skill perspective as well as technical capabilities — he could bring a lot to the table in terms of different ways to think about and visualize data. The TAU requires a very diverse and unique skill set: a combination of technical know-how as it pertains to malware analysis and threat hunting, along with an understanding of the business rationale behind what we’re hunting for, as well as geopolitical sensitivities that may be occurring in specific regions around the globe.
We conducted several interviews with prospective interns, and we decided pretty quickly that JR had an ideal skill set as an early-in-career candidate that I knew we could benefit from. He accepted the summer internship, and during those three months, he demonstrated a lot of valuable assets. Interpersonal skills are really important for our work — we have to not only be able to understand and convey sensitive and highly technical information but then we have to be able to explain it in writing clearly and effectively. What struck me about JR was his ability to speak and write very well. Additionally, we have to think analytically, to have a strong ability to reason, and form conclusions based on data and evidence.
A lot of the technical aspects of what we do can be taught, but those skills — interpersonal and analytical — in particular, need to be quite strong, and JR fits that mold really well. The Secure the Future competition, with its emphasis on research, analytical thinking, and clearly presenting information in a variety of mediums, only served to strengthen his abilities in those areas. It became a direct way for him to experience what’s involved in information security from a corporate perspective, and it placed him into our “hopper” of job candidates, which was beneficial for him and our team. In fact, he was such an asset as an intern that after the three months were over, we offered him a full-time position with the company.
For those who might be considering a career in cybersecurity, it’s clear that participating in the Secure the Future Academic Competition can provide you with an edge by honing crucial skills and introducing you to potential employers and experts in the field. For these reasons, it’s a worthwhile investment in your future.
Breaking the Mold
As a Principal Researcher for Palo Alto Networks’ threat intelligence division, Unit 42, I’m focused on hunting cybercriminal threats and providing timely analysis and actionable intelligence to our customers and global security community. I’m based in Amsterdam, and my team and I work in close collaboration with the international security and law enforcement community to stop threat actors, and we educate customers about potential threats and help them prioritize their resources to protect themselves.
Unlike many of my colleagues, who knew early in life that they wanted to pursue careers in cybersecurity or computer science, my background includes a variety of different, seemingly unrelated experiences. I grew up in Taiwan and was interested in international affairs and communications, so I attended college at National Chengchi University and earned my bachelor’s degree in diplomacy. After graduating, I gave myself two years to explore any career that interested me. I worked for a short time as a set designer with a filmmaking team, and then I worked as an editor for a company that published a design magazine and did public relations.
In 2008, I decided to return to school and earn a master’s degree at American University in international communication, and I was interested in the numerous opportunities available in the U.S. This was just as the global economic crisis was beginning.
During my master’s program, I actually had aspirations of becoming a film professor — film is still a huge passion of mine. However, after I completed my master’s program, the recession made it very difficult to obtain a job. The first job I could get was as a translator for a cybersecurity company. After learning the basics of the field, I realized there was a real need for cybersecurity research, and that was something I was very interested in, so I convinced my employer to train me in security research. In that role, I focused on Chinese financially motivated cybercrimes.
That experience helped me understand how to detect and diagnose threats, but I wanted to learn more about how to address that on the client side, so I took a position with Uber, managing a global fraud intelligence program that identified cyber tools and tactics used against us in the ride-sharing industry.
After doing that for a couple of years, I realized that I missed doing research, and I wanted to work with a visionary leader in the space. I was familiar with Unit 42 and Palo Alto Networks, having worked in cybersecurity, so when I got the opportunity to work here, I jumped at it.
Although it doesn’t at first seem that my education and background would fit well with my current role, I do believe that it all contributes to my work in some way. In my diplomacy and international relations studies, I learned about the relationships among nuclear powers and nation states, non-governmental organizations, public diplomacy, global economies, and technology-empowered individuals who make a drastic impact on international politics. Knowing what’s happening in international societies and their economic policies is extremely useful in providing context for and explaining certain cybercrime campaigns, such as why those crimes were executed in the ways they were and why specific victims were targeted.
Additionally, my intercultural communications training included a master’s thesis in which I reviewed a virtual group to examine how they communicated with each other. This has been helpful in analyzing the behaviors, patterns, and business models of threat actors, which enable security defenders to develop strategies based on threat actors’ weaknesses and limits.
In my experience studying intercultural communications, I’ve encountered three analogies for how people interact in their world. The first is the idea of the melting pot, in which everyone fuses together to become one. The second is the salad bowl, in which very different people and backgrounds mix together but remain intact. The third is the cookie cutter, in which individuals force themselves into an existing mold — sometimes cutting parts of yourself away to fit.
Many people think of technology as being a cookie-cutter setting — they believe there’s a mold you have to fit with a specific set of experiences, behaviors, and skills. But what I’ve found here at Palo Alto Networks is that people in tech appreciate the unique qualities each person brings to a role. They hire you with the expectation that you will enrich the role with your own personality, ideas, and perspectives, and diverse experiences are welcome. So if working in technology interests you, my advice is it to just be yourself!
My View from the Cybersecurity Frontlines
Ryan Olson, Vice President, Threat Intelligence (Unit 42), R&D
When I was a kid watching Star Trek, I used to imagine that someday in the future, life would be like that: People walking around with small computers, instant communication devices, on their chests that would give them access to any information they needed. I think a lot of us did. We’d fantasize about having devices that could obey our every command and, at any time, we could just ask them to give us any information we wanted. But in those episodes, there were few moments in which security threats arose — where the communication channels those devices used to retrieve that information were threatened. No one ever asked about the system’s firewall. We just took for granted that it was all secure. That might not have made exciting TV back then, but none of us would want to be on the Enterprise under a cyber attack.
My colleagues and I who work in Threat Intelligence for Palo Alto Networks are often thinking about the technology of the future, and we still get excited imagining all that’s possible. But it’s our job to understand that as we move closer to that space-age future of our imaginations, we also become more vulnerable to cyber threats. We are constantly working to anticipate the threats to come, understand how they operate, and share what we know with the cybersecurity community in order to make the digital world safer.
My Journey to Threat Intelligence
I wouldn’t say I was predestined to work in cybersecurity. I had been interested in technology and planned to begin a career in programming while I was in college. But in 2003, the National Security Administration established the National Centers of Academic Excellence in Cyber Defense to address the (correctly) anticipated shortfall of cybersecurity professionals that could present a serious global threat. Each of the designated schools offered a scholarship for service (SFS) program: If you agreed to work for the government for two years, the NSA would pay for two years of schooling to train you in cyber defense. At the time I was considering earning a master’s degree, and although for personal reasons I didn’t end up participating in that SFS program, I got excited about a career defending computer networks, so I eventually enrolled in a master’s degree program in security informatics at Johns Hopkins University.
When it was time for me to do my summer internship between the two years of the program, I was fortunate to find a great opportunity with a security intelligence company. I spent an entire summer learning malware analysis, which led me to my current career.
The Knowledge Leaders
Unit 42 was started in 2014 by Palo Alto Networks’ Chief Security Officer at the time, Rick Howard, and myself. Rick is one of the smartest people I know, but his greatest talent is his ability to boil complex ideas down into simple, understandable terms. The idea for Unit 42 was to take all of the data we were collecting from our platform, in particular the WildFire malware analysis system and use it to not just create new prevention controls for our customers, but to better understand how adversaries are targeting them. With a stronger understanding of the adversary, we can build better products but also expose threat actors in the public and educate the world about their tactics. Our team consists of malware and threat intelligence analysts who look at our collective data to understand how adversaries launch their attacks, what tools do they use and how do they change over time. Then we share this information through our blog, white papers and other channels. In some instances we can go from uncovering a threat to publishing information about it in less than 24 hours. We move as quickly as possible to capture the critical details of the threat and share them with those who can use it to defend themselves.
This runs counter to the way many companies do business, which is to hoard information so that competitors can’t get hold of it. For us, there’s obvious value in sharing this information because our primary goal is to make it harder for the bad guys to win. If a bad guy has been launching attacks for three years, he’s doing the same things repeatedly because it keeps working. But if we write a report about it and publish it for the entire world to see, it stops the cycle of the attack, making the world safer for all of us.
As part of our global efforts, we founded the Cyber Threat Alliance (CTA) several years ago. This consortium of 25 cybersecurity vendors operates under the idea that a rising tide floats all boats. We share important threat intelligence with each other explicitly so we can all translate it into protection controls in our various products. What I love most about my work is the astounding amount of cooperation that I get from other organizations. When we need help or we need to alert customers to a problem of some kind, everybody immediately jumps in because they want to go and help. We all realize that we’re on the same team, fighting the same fight.
But there’s additional value for Palo Alto Networks in publishing this information: It demonstrates to the world that we are knowledge leaders in cybersecurity, at the forefront of the industry. Unit 42 is one aspect of the careers available in our industry, and sharing information is a crucial part of our work. Although people may not immediately know our company name the way they do others in the technology space, we are the biggest enterprise security company in the world, with 60,000 customers globally. So I think it’s important to point out to anyone who is considering a career in technology that working for Palo Alto Networks really enables us to have an enormous impact on worldwide security, and that is incredibly rewarding.