Today I am posting an interview I have done with cybersecurity expert speaker, podcaster, author and author Daniel Miessler and I am super happy I got the chance to speak with him.
He has probably one of the most viewed blog posts out there on starting in cybersecurity and certainly one that I was pointed too when I asked the question, it is an AMAZING post that is kept up to date and covers everything from Education, Certs, Skills, Sources and LOADS more, if you haven’t already then definitely go and have a read, here is the link:- https://danielmiessler.com/blog/build-successful-infosec-career/
I am a huge fan of both his podcast and newsletter, in them both he gives a wonderful perspective on what he has been reading or learning, curated interesting news and fascinating essays about things happening in the information security field and community.
There are LOADS of people out there in the cybersecurity world when it comes to blogging, podcasts and speaking but there is only a handful that when they have new content I will seek it out and male a priority to read/listen but Daniel is up there with Graham Cluley and a few more.
Daniel is a recognized cybersecurity expert and writer with 20 years in Information Security. His experience ranges from technical assessment and implementation to executive-level advisory services consulting, to building and running industry-leading security programs.
His 20 years of experience in security ranges from the vibrant Startup ecosystem in his birthplace of Silicon Valley, to working with many of the top 100 worldwide companies. He frequently gives talks and participates in panels around the world, and his work and commentary have been featured in dozens of the world’s leading publications like the Wall Street Journal, Forbes, BBC, Computer World, Threat Post, Financial Times and loads more, check out his site to see more:- https://danielmiessler.com/about/
Here is the interview, hope you like it as much as me.
You started as an Intelligence Analyst for the US Army, was it always the plan to head this way into Intelligence and Cybersecurity or was it discovered in the Army and taken forward when you left to go to University to study Information System Security/Information Assurance?
When I left the Army and entered University I had no idea I was going to get into computers. I was using a computer lab to do some general courses when I started noticing the computers around me, met a friend who was running the lab, and it all just fell into place. Within a few months, I was building websites for a professor and helping the lab admin defend the network from attacks.
Your podcasts are titled ‘Unsupervised Learning’ where you talk about what you learned in the past week, or a standalone idea that hopefully gives people something to think about. I love the title as on my site it’s all unsupervised learning from courses and books to articles and podcasts but how important do you think to get multiple certs are or do you think it’s possible when in a role to use experience and self-teaching?
I am mostly self-taught, as are most of the best professionals I know. Even if they went to college for computers, most of what they know came from practising on their own. I think degrees and certs are good, but only if you have the practical experience as well (and first). There are a lot more people with credentials that are unemployed than there are highly-skilled people. Especially in security.
How have you seen the security landscape change over the 20 odd years you have been involved?
The biggest change is how seriously companies are taking security. They used to not care at all, and now they claim to care at least. But we’re still doing alchemy rather than accounting.
If you had to recommend one book and one skill (Linux, Networking etc)to learn for a beginner getting into cybersecurity what would they be?
Extrusion Detection, and Programming.
You have published a book called ‘The Real Internet of Things’ and how there is great confusion about what the Internet of Things means. The book lays out a technological future based on the intersection of evolutionary psychology, shared functionality desires, and a long-term vision of human society. How did the book come about?
The book came out of a clear vision of where I think tech is going, and wanting to capture that in an organized way. The basic premise is that we can know where tech is going by looking at what humans fundamentally desire.
You seem a very busy guy with speaking, writing, podcasting and much more but what are the plans for the next couple of years?
More of the same. I’m working on a concept for a series of books on meaning (as in the meaning of life), reading a lot, doing the show, and tinkering with some technology. And that’s on top of my day job.
I first became aware of you through my buddy BlorpyRobot (not his real name 😉) when he pointed me towards your article ‘How to Build a Cybersecurity Career [ 2019 Update ]’, it was that post where I saw the subject “Have a Presence” where you say “First you need a website. Some call this a blog, and that’s fine. The point is that you need a place to present yourself from.” And more (I have linked above in the article). This was what first gave me the thought of doing THIS SITE (thank you) and keeping a track of what I have done, am working on and such. Have you had others in the same boat?
Yes, it’s been nice to see a number of people start sites after reading that article. I follow many of them.
In Scotland, where I am from there, doesn’t seem many Cybersecurity roles are ever available when I keep reading and hearing that there is a huge shortage in the field, am I looking in the wrong places, are the people wrong or is it just where I am in Scotland, thoughts?
I’m not sure exactly because I’m not from Scotland, but it might just be the number of companies there vs. in the U.S. I doubt it’s because they take security any less seriously.
Most people I interview I ask this question or a version of it but I am 42 and very self-conscious of my age trying to get into the security field, do you think this is too old, any recommendations on how I can streamline my seemingly never-ending list of courses and books?
Ageism is a thing for sure, but I believe it can often be overcome by showing signals that run counter to it. If you live a young lifestyle and behave like a young person (in the ways that people are looking for), age is not likely to enter the equation as much. I think it’s older people who have decided not to learn anything new, and to sort of slow down and resign, who have the most trouble in the job market—especially in tech. You have to show that you’re young and hungry in the mind, even if you’re older in the body.
We seem to have a very similar taste in music, films and humour after reading your blog. My favourite film of all time is ‘The Man from Earth’ that was released in 2007. Have you seen it and if no promise you will put it on your ‘Need to see’ list?
I have seen it. It is one of my favourites as well!
Check Daniel out at the following places.