Career Notes 10.1.23
Ep 169 | 10.1.23

Ted Wagner: Get that hands on experience. [CISO]


Ted Wagner:  Hi, I'm Ted Wagner. I'm the Chief Information Security Officer at SAP National Security Services, or SAP NS2.

Ted Wagner:  I had general ideas about spending some time in the military and then going into business. Uh, and to some extent that's rung true in my career. I majored in economics. I was very fascinated by how the economy works, but I always had an inkling towards technology and computers. So I, in high school, I took computer programming. I did so in college and I got, uh, my mom got an IBM PC early on back in the day and I was always fooling around a little bit on it, and so I always had that interest.

Ted Wagner: I went straight into the Army, uh, as a second lieutenant in the field artillery field of the Army. I was on active duty for about three years and participated in Operation Desert Storm, was with a very successful unit and really my first experience with true professional success surrounded by some really talented people. The problem I had, you know, I was young and not very wise, I guess, is I felt like this was a lifestyle as opposed to a career. It was very overwhelming and encompassing. So, uh, I decided after my initial obligation was up to leave active duty. I did eventually, uh, rejoin the reserve component of the army and served out a, uh, a full career retiring in 2018.

Ted Wagner: I started with a company through, they allowed me to do a management training program and I, uh, learned the components of business and while I was in that program, I submitted all of my reports and with diagrams and the like on a computer, uh, and that caught uh, their eye and they had a computer migration project and I became involved in part of that migration. Primarily training new users, uh, but different aspects of the migration from, you know, an IBM based, uh, computer system to a HP server client type of network.

Ted Wagner: I eventually found myself working on IT projects in the defense sector, working for, uh, different defense companies like Booz Allen, Hamilton and Northrop Grumman and at the same time I was in the reserves, I found my way into a cybersecurity unit and the army was generous enough to send me to a lot of good training and participate in a lot of training within the army. And then 2005, they said, we really appreciate the opportunity to give you that training. Now we're going to, uh, call, call you to active duty and send you to Southwest Asia to monitor the network for security. So, uh, great experience. It was arduous, of course. But first hand experience in an operational organization monitoring for world class threats against the network.

Ted Wagner: I was, uh, working at, um, the Army's CERT as a contractor for North Grumman. I met a guy named Rick Howard around that time and, um, got a chance to work at the center of where the Army protects its network, and I did that, uh, probably for nine years, I guess. I had an opportunity to work up at, uh, Fort Meade for a while, and that, again, another eye opening experience. Uh, I was just enjoying all the opportunities to, uh, support, you know, government's context, but the size and scope of protecting government networks is significant and so I think that, and there are some things that are unique about how the government protects its network, which is different from the commercial sector and, uh, provided some really unique experiences.

Ted Wagner: Actually one of the things I tie it to is when, uh, I became a CISO, uh, I could no longer hang out with my geeky, uh, cyber friends all day. I had to actually go and meet with business leaders who are more concerned about profit and loss and how to make their projects successful. So I had to attune my, uh, perspective into how can I support the business in being successful? And so that was a real transition and kind of a challenge to me. Uh, but I've enjoyed it and I've worked, got to work with some great business leaders, but if someone says there's no professional pressure or tension between, um, making a project go forward and making sure, you know, meets all the security requirements, uh, they're not being honest, uh, that there's that tension and you have to recognize it, uh, communicate through it and, uh, and just work the problem.

Ted Wagner: I tried to be collaborative and communicative, uh, that's really the key. One of the things that has helped helpful to me is, uh, I've done a lot of teaching. I've been adjunct professor for over 10 years, I've been a guest lecturer at MIT and having the ability to, and learning the ability to translate very technical terms into more operational or business like terms, uh, or things that people can grasp, uh, onto, uh, helps in my communication with folks who are not cyber savvy, or maybe you don't have the technical underpinnings or understanding that I have. So being able to translate those very technical terms into, uh, more, uh, digestible, uh, concepts has really, uh, something that's been key I think.

Ted Wagner: The first thing, and I told this to my son who recently, uh, got a, a software development job, originally was struggling to find that first job after school. I said, get a job at the help desk, the service desk, you'll get some great opportunity to confront technical issues, do some problem shooting, uh, problem solving and they're reasonably approachable and getting hired. Then once you're in the door, you have lots of opportunities because there's always a need for folks who can contribute. The other things that I did in my career were to do a lot of self, uh, learning, read it, read a lot of books, uh, attend, uh, technical classes, attained technical certifications, uh, And the three areas I always say are really key is, uh, understanding the operating system and its architecture, uh, the network in which these attacks are going across. So understanding network protocols and understanding the threat landscape and how threat actors, um, you know, conduct their tasks. So those are different things that I've learned. But, uh, lastly, what I would say is as much hands on experience as you can get. And there's a multitude of ways to do that. For example, you can, you know, you can get a cloud, like an AWS account, um, for free or for a small cost and be able to stand up servers and, uh, develop, uh, communications, network protocols, implement those protocols and things of that nature. So I, I think those are all things that can really help someone who may not have all the experience, but this is a pathway to, to learn.

Ted Wagner: I'd like to think that, um, I was a mentor and, and help folks to, to find their own path and, and help them along the way. Um, I'm humbled by the large projects and the things I've done, uh, particularly in the government really contributed to national security and, um, you know, that, uh, to be a part of that and to know that I, I left some sort of legacy in my contribution would really, um leave me satisfied.