Career Notes 9.27.20
Ep 17 | 9.27.20

Richard Torres: Getting that level of experience is going to be crucial. [Security Operations]


Richard Torres: My name is Richard Torres, I'm the director of security operations at Syntax.

Richard Torres: For some reason, I was just taken by all the police shows, SWAT, Mod Squad and I grew up always wanted to be there in law enforcement or security. And when I had the opportunity in high school, I joined the Air Force Junior ROTC. Several years later, I wound up working as a senior drill instructor at a maximum security boot camp for at-risk youths. The one thing that was very, very distinctive about juvenile justice is you don't have the same tools you have working with adults, with adults. They're less concerned with treatment and with with juveniles the way the facility is set up, it's still very secure, but it's not run at all like a prison or a jail. The idea was we have to create an environment that we could be functional in. So it was very, very different than other security positions where you are primarily focused on keeping certain things out. So it really gave me a different perspective on security.

Richard Torres: After I left juvenile justice and taking with me some bumps and bruises, because, as you can imagine, it can be a very rough environment. I was fortunate enough to start work as a private investigator.

Richard Torres: And I did that for about five years, working cases such as insurance fraud, injury claims, child custody cases, and I worked in that field for about 10 years. Where I lived, I was in central Florida. There was only two real industries because it was more of a retirement area. You either worked at a bank or doctor's office because that's what they were or you worked at the nuclear power plant. So I went to work in nuclear power, specifically in nuclear security. I started off as a security officer, which is part of the nuclear security response team. Just think of a SWAT team that is dedicated to protecting nuclear power plants. So I did that for for 13 years. And in that time, I was an alarm station operator, a response team leader. I then became a senior instructor. In 2008 was when I first started working in nuclear cybersecurity because the federal government had just put out a rule saying that the all nuclear facilities in the country had to be compliant with these minimum cybersecurity standards. So it was a new program and I had the opportunity to work with some very smart, very talented people in learning what cybersecurity really meant to a nuclear power plant.

Richard Torres: So after about 10 years of that, I left there to work as a cybersecurity engineer consultant. There, I got to work with multiple utilities in the US, Canada, UAE and Japan and help them set up things like their incident response program. So that was a really fascinating deviation, going from carrying a rifle and body armor to now just carrying around a laptop and thumb drive. Surprisingly, and I wasn't prepared for this when I started this job, coming from physical security, diplomacy wasn't really a requirement. Going into cybersecurity, I learned that diplomacy was at least half of my job. But when you're working with folks that have been in an industry maybe for 20, 30 years, a lot of what they do is knowledge of craft. And they have to feel comfortable sharing that with you, saying, well, I just do it because I've always known how to do it and they've trusted me. So that diplomacy really pays off when you're trying to get honesty and be steered in the right direction.

Richard Torres: So I left the nuclear industry and I now work at Syntax, which is a managed cloud hosting firm, and I'm the director of security, which includes compliance, physical security, engineering, governance and compliance, and so forth. And the way I describe it is, where you put your data in the cloud, my team and I are responsible for making sure that that data is protected. The facilities that that data lives in protected and the data while it's traveling or at rest is in a safe state so no one can do it harm. Security is always a journey, it's never a destination. And along that journey, if you're not getting smarter, if you're not getting stronger, if you're not understanding the threat landscape better day by day, it will overrun you and eventually you'll be behind the curve. Most folks don't look at cybersecurity as something they can get into because they think it's a lot more complicated than it really is. Entry level IT jobs are more about configuration and understanding network traffic. Cybersecurity is really how you apply certain controls to make sure that what you're doing is safe and secure. It's not all that complicated. So people getting involved, getting into this field, if you have the opportunity to do any internship or even to take an entry level position that has security as part of the job description or has security functions or duties, getting that level of experience is going to be crucial because one of the hardest things to do is to take your book learning and then apply it in the real world.