Simply Cyber Community Challenge

This is the transcript from my video that I posted for the Simply Cyber Community Challenge where I share my story on how I got into cybersecurity.

[00:00:00] Hey there and welcome to the Simply Cyber Challenge! My name is James McQuiggan. And a special shout out to Dr. Gerald Auger for putting this together. Putting a great way for cybersecurity professionals, people trying to get into the industry. People that have been in it for a year, five years, 10 years, 20 years, 30 years goes on and on.

A great way for all of us to be able to come together and network. So the simply cyber challenge is where we go on and we make a post about how we got into cybersecurity. For me, it's been a long and interesting road. And I got to do a quick, special shout out to Shane Himes for passing the Baton to me, for doing the Simply Cyber Challenge today.

So for me getting into cybersecurity, I go all the way back to when I got out of high school, I had a decision. I could go into computers. Or I could go into theater. And I was very much into the technical theater [00:01:00] aspects of things, lighting and sound. I got into stage management, which is basically running the show once it opens up.

And I had a lot of fun doing that. And about six years in working professionally. I started to realize that the lifestyle. of working in theater, wasn't something I wanted to do if I was going to have a family and certainly get married. So I went back to that original decision when I left high school and got back into computers.

This was 1998. It sounds like a long time ago. I know some folks may not have been born yet, but 98 I decided to get my A+ certification. I'd always been interested in computers. I had a lot of fun. I got my first computer. It was a Commodore Vic 20 had two kilobytes of RAM in it.

Then later on in high school, I got an 8086 computer. I can't even remember how much the specs of it were, but I think it was something like 22 megahertz maybe had maybe a couple of megabytes, four megabytes of RAM I think was the top that I had at the time. No hard drive two, [00:02:00] 5 1/4" floppy drives in that old computer.

I used that for a number of years, but I'd always been interested in computers, never so much on the programming side. And so for me, it wasn't, computers were something fun to play with, but fast forward to 98 and I get my A+ certification. And I start working for a large computer manufacturer that rhymes with bell.

I started doing their tech support for about a year. And then I guess they saw potential in me and leveled me up to level two. And in my third year of working there, I became a manager. And being there was a very interesting, got to learn a lot about customer service and trying to help people work through their computer issues because nobody ever calls up a help center. Just to praise you. They're always calling up because something's not working. But working in that help desk gave me a lot of experience. Gave me a lot of stories. And got me into IT. [00:03:00] Then I ended up going to work for a little German company called Siemens spent 18 years working there and did a lot of different things from database administrator, do doing some programming to doing application support, building computer systems and eventually into networking. And once I got into networking, I was handling our VPN connections for our remote access sites that we had for the customers, that we were supporting. I was part of a service organization where we supported the gas turbines. So I was part of the energy division at Siemens.

And then this service group, we monitored the gas turbines. We had computers at site that collected data from the control system. So I learned all about SCADA systems, industrial control systems, and handling the VPN connections and networking. I literally have to teach myself the Cisco iOS for the PIX firewall, then the ASA, but also the routers. And those were two different programming languages altogether.

And had to go through and [00:04:00] learn those on my own. We had an IT department, but they were handling all the IT stuff. So for me, it was a matter of having to learn it. And then also with the VPN connections, the learning, how to securely configure those. I remember there was a Cisco tool. I could run the config through and figure out what other things I needed to do. Then he came along NERC CIP compliance. This was the North American Electric Reliability corporation's, Critical Infrastructure Protections regulations or standards that came out that a lot of the power plants, our customers were having to follow. And so these were presented to me to go, "Hey, are we complying with all these?" And that started me off into cyber security. Learning more about it, not only just from a technology standpoint, but also from protection of data, classification, identity access management, troubleshooting incident response. It goes on and on. I ended up having an audit done of our monitoring systems and network setup and everything. By our product [00:05:00] security officer, as well as our head of security or cybersecurity for North America.

And we ended up having to travel to certain sites and we could do these audits. And at breakfast one morning, the two of them turned to me and said, you should look at getting your CISS P. And I said, my CII, what. And that was, I think, early 2007. And that was pretty well. The, a point in time that changed my life, where I then started studying for the CISP.

And I took a course. I took a one week bootcamp. Just so that I could focus solely on it. Got to the end of the week, took the exam. It was a six hour exam, 250 questions, paper and pencil. I spent six hours going through the whole exam, answered all the questions, felt very confident and six weeks later, because that's how long it took to get in the mail. The letter or the email is when it was.

The email from (ISC)2 that said I had just missed it. I failed the exam. I missed it by [00:06:00] six points, which essentially was probably one question. Feeling dejected, upset, frustrated. I was like, I'm not giving up. I'm going to take it again. I found the instructor who had taught the class previously at the bootcamp and found them again, cause the bootcamp guaranteed that I would pass the exam. So I found where the instructor was teaching next, which I think was up in Atlanta.

And off I went the following week and sat through the whole course, the bootcamp again. But one of the things interesting this time around was I was actually, or found myself, helping other people, educating them as they were asking questions. I felt, oh, I actually know the answer to this one.

And found a great joy in being able to help educate them. And I sat for the exam. And at the end of the week, I was extremely frustrated taking the exam. I would get the question and I knew what the answer was, but none of the responses were the answer that I needed.

At the end of the exam, extremely frustrated, I'm like, I failed this again. I can't believe it. I go back [00:07:00] home. Six weeks later, I get the email and I had passed. I could not believe it. That at that point was, that was another turning point.

Fast forward another year, I'm still doing the NERC CIP compliance for Siemens and our director of corporate security turns to me and goes, we need to have somebody that's going to handle CIP compliance for all of Siemens here in north America, because this was impacting our department as well as other groups and a position got created as a NERC CIP compliance manager. And I applied for it and lo and behold, I got it.

But that got me into our corporate security office, which then led to me doing a lot of other types of security work. And the one that again was another turning point for me, was getting involved in our information security advisor program, being responsible with working for and with people throughout the businesses, the different office locations and making them security champions and working with them and keeping them up to date.

And then also being the eyes and ears for me [00:08:00] within Siemens, all around the with our all around the U S because essentially. We were a small security team. And so we couldn't be everywhere. And so having this information security advisor program was a lot of fun to work with. I revitalized it did annual meetings and it set forth where my passion really lies, which is helping educate or helping to educate people, make them aware. And eventually in 2019, I left Siemens and came to KnowBe4 to be a security awareness advocate. Where now I go around and I give presentations at conferences, educating people, helping them make smarter security decisions every day. Writing blogs articles, doing podcasts, being on podcasts, producing a podcast for KnowBe4

and of course, going to all the conferences led me to meeting last year at DEFCON, Dr. Gerald Auger, who is responsible for the Simply Cyber community. Which is a fantastic [00:09:00] community of followers. People that are working together, people that are collaborating together discussing every day. Every morning at eight o'clock Dr. Gerald Auger has his Simply Cyber e pisode happening. Learning about the latest news and events, tips, tricks, best practices, networking opportunities. The simply cyber community is a growing community. And is doing a lot of great things. In helping folks get into cyber, advance in cyber and certainly grow. So thank you Shane for passing the Baton to me and letting me share my story of how I got into cybersecurity. Everybody stay safe out there. Keep making those smarter security decisions and also share that information with your family and friends. We'll see around on the interwebs.