As a Principal Researcher for Palo Alto Networks’ threat intelligence division, Unit 42, I’m focused on hunting cybercriminal threats and providing timely analysis and actionable intelligence to our customers and global security community. I’m based in Amsterdam, and my team and I work in close collaboration with the international security and law enforcement community to stop threat actors, and we educate customers about potential threats and help them prioritize their resources to protect themselves.
Unlike many of my colleagues, who knew early in life that they wanted to pursue careers in cybersecurity or computer science, my background includes a variety of different, seemingly unrelated experiences. I grew up in Taiwan and was interested in international affairs and communications, so I attended college at National Chengchi University and earned my bachelor’s degree in diplomacy. After graduating, I gave myself two years to explore any career that interested me. I worked for a short time as a set designer with a filmmaking team, and then I worked as an editor for a company that published a design magazine and did public relations.
In 2008, I decided to return to school and earn a master’s degree at American University in international communication, and I was interested in the numerous opportunities available in the U.S. This was just as the global economic crisis was beginning.
During my master’s program, I actually had aspirations of becoming a film professor — film is still a huge passion of mine. However, after I completed my master’s program, the recession made it very difficult to obtain a job. The first job I could get was as a translator for a cybersecurity company. After learning the basics of the field, I realized there was a real need for cybersecurity research, and that was something I was very interested in, so I convinced my employer to train me in security research. In that role, I focused on Chinese financially motivated cybercrimes.
That experience helped me understand how to detect and diagnose threats, but I wanted to learn more about how to address that on the client side, so I took a position with Uber, managing a global fraud intelligence program that identified cyber tools and tactics used against us in the ride-sharing industry.
After doing that for a couple of years, I realized that I missed doing research, and I wanted to work with a visionary leader in the space. I was familiar with Unit 42 and Palo Alto Networks, having worked in cybersecurity, so when I got the opportunity to work here, I jumped at it.
Although it doesn’t at first seem that my education and background would fit well with my current role, I do believe that it all contributes to my work in some way. In my diplomacy and international relations studies, I learned about the relationships among nuclear powers and nation states, non-governmental organizations, public diplomacy, global economies, and technology-empowered individuals who make a drastic impact on international politics. Knowing what’s happening in international societies and their economic policies is extremely useful in providing context for and explaining certain cybercrime campaigns, such as why those crimes were executed in the ways they were and why specific victims were targeted.
Additionally, my intercultural communications training included a master’s thesis in which I reviewed a virtual group to examine how they communicated with each other. This has been helpful in analyzing the behaviors, patterns, and business models of threat actors, which enable security defenders to develop strategies based on threat actors’ weaknesses and limits.
In my experience studying intercultural communications, I’ve encountered three analogies for how people interact in their world. The first is the idea of the melting pot, in which everyone fuses together to become one. The second is the salad bowl, in which very different people and backgrounds mix together but remain intact. The third is the cookie cutter, in which individuals force themselves into an existing mold — sometimes cutting parts of yourself away to fit.
Many people think of technology as being a cookie-cutter setting — they believe there’s a mold you have to fit with a specific set of experiences, behaviors, and skills. But what I’ve found here at Palo Alto Networks is that people in tech appreciate the unique qualities each person brings to a role. They hire you with the expectation that you will enrich the role with your own personality, ideas, and perspectives, and diverse experiences are welcome. So if working in technology interests you, my advice is it to just be yourself!