Career Notes 9.3.23
Ep 165 | 9.3.23

Rick Doten: There is a rainbow of different roles in cybersecurity.


Rick Doten: Hello, my name is Rick Doten. I'm the VP of Information Security at Centene Corporation, and I'm also the CISO for Carolina Complete Health, which is one of the Centene Medicaid health plans. 

Rick Doten: My father was a pilot in the Air Force. I knew I didn't want to do that, I, I actually almost went to chef school. I worked in restaurants all my teenage years and was, they filled out the application to go to Johnson and Wales, which is now here in Charlotte, but, um, but then realized I didn't want to work that hard. When I was younger, I always look for ways to streamline things and do it the most efficient way and I knew I was always going to be in, I mean, when I was in college, I was interning for a government contractor in Washington DC and at 19 years old was flying around the country, installing software, you know, over modems, you know, connecting to mainframes over modems, you know, when I was too young to rent a car or even had a credit card and so, you know, I knew that computers were going to be the thing that I will be working in and I use some of those techniques to help me better do customer support and then, you know, just kept trying to do different things and it went on from there,

Rick Doten: Like most people, you know, in my generation, it's security kind of finds you, you don't find it and so, you know, I started off just doing in user training and desktop support, and then evolved to do like systems analysis work and designing software, and then did a short stint as a technical recruiter, cause one of my mentors, she was ran programming team when I was an intern and she said, she really likes to get to talk to people. And, and I think that was probably the best career advice I had was watching what was popular and what was important as I was placing people in these jobs, and this was the early nineties and so I, um, was very fortunate to go to a very big defense contractor to start as a recruiter and then join the team for this, you know online system that we were making for the FBI and that was really the, the, the tipping point.

Rick Doten: I used to joke that when you have your contracting officer carries a gun because he was an FBI agent, you pretty much do what they say and so they kept asking, well, can you do this? What can you do this, and so we spent a lot of time the first year or three years figuring out how to do early intrusion detection systems and firewalling, a stateful inspection, firewalling and VPNs and multi factor authentication and then I was asked by one of the, the VPs there, if I wanted to join one of their ethical hacking teams, um, you know, that was for government, uh, thing and I'm like, I don't know anything about hacking and he goes, well, you know how to protect a network, just see if they would do the same thing you would have done to protect it and then, uh, was, you know, offered to transition over to global integrity, which were one of the early security boutiques and so that's kind of like the, that's when it got on the slide.

Rick Doten: So to me, it was all about. You know, how we do the things and how the people manage, protect, and maintain these things and that changes as we have new technology come in place and then wire wireless, and then the web. And then, you know, now we get into, um, cloud computing and so how it completely changes how we have to manage things while the fundamentals are all still the same, you know, I've been part of the, uh, editorial panel for the CIS critical security controls for over 10 years and, you know, helping and making sure that people are doing the fundamentals through those controls. We have different approaches, uh, depending on how the technology works and, and, and one of my, my favorite keynotes is talking about what that I did just literally two days ago was about the difference between cloud security and on premise and data center security.

Rick Doten: So I'm very fortunate in my role that, you know, I don't have a lot of administrative overhead because as I said, I'm a CISO of a health plan, but that's very, very lightweight. So I spend most of my time helping out the corporate global CISO, CTO, and head of platform in just, and just helping out all of the people within the organization, whether I'm on a lot of calls, they refer to me as a neighborhood cat cause I'm everywhere. So over the last few years, I've, you know, up leveled our incident response program and our application and, and cloud security program and help with our talent acquisition process and, and provide guidance and mentorship to a lot of the leadership, but a lot of things that I do are supporting the community. I learn a lot by talking to all these different vendors and I get different perspectives and, and I feel like it helps the industry because I give them a lot of guidance on how to position what they're doing and, and how, you know, different, the selling into a fortune 500 company is versus the five million other companies in the United States. I think that that, and then I do a lot of talking on podcasts and doing keynotes and just evangelizing about cybersecurity because, you know, as we just discussed, I've grown up in this industry and I've kind of seen how things are. 

Rick Doten: So I always kind of say I lead from the front and it's like, there's nothing that I am above doing. If we go into a place and I need to pick up a shovel or wash windows, I'm happy to do that and, you know, and kind of lead by example, but I'm also, you know, very conscientious about individuals are motivated and, you know, learn and process things differently. Really, it boils down to treating them as individuals and, you know, recognizing what their superpower is and helping them lean into that thing that they do better than everybody else and not trying to make people do the things that they're inherently not good at and I think that's a challenge in the cybersecurity industry and I think that helping folks like lean into the things that they want to do, keep them much happier, much more productive, and then let them kind of expand and give them own agencies instead of like, you know being told to do things that they're uncomfortable in doing because of their personality.

Rick Doten: Where I came in and a lot of people, my age, it was, like I said, security finds you, you have to be in a place and you answer a question or you do something and then everyone says you're the security person. But here we have a much more direct path and there is education, there is certification, there's training and so, I think the first thing is kind of find a mentor of like somebody will be, I think, find the things that you want to do. There is a rainbow of different roles in cyber security, and I feel like I've done all of them in the last 30 years. So there are different things that, that you, the thing that like appeal to you the most because you're going to excel and want to hyper focus on the thing that you really, really are interested in and not the thing that you're not and so, I would just say keep trying and fail quickly and expect that the thing that you think you want is probably not the thing that ultimately you're going to really learn to love because you don't know until you get in it.

Rick Doten: I think a lot about I'm at the age where I think about my glide path out and, and I pretty much don't ever expect not to be working and, and, um, you know, and helping people and whether I'm doing, you know, keynotes or whether I'm on, you know, doing advisement or virtual CISO work, like I used to do, or, you know, just leading communities of people and trying to help folks or helping out startups or helping out venture capital firms and find what the next big thing is. I think that I just want people to know like that I was always trying to do the best thing for the industry. You know, long time ago, I told one of my bosses, like, I'm loyal to my industry first, my customer second, and my company third because if I'm doing well for the first two, then I'm doing what's best for the company.