Career Notes 8.15.21
Ep 62 | 8.15.21

Rick Howard: Give people resources. [CSO]


Rick Howard: My name is Rick Howard and officially I have three titles, Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire. Unofficially. I'm an amateur geek, professional kibitzer, and a general purpose security wonk. 

Rick Howard: I grew up in South Dakota and my dad was a gold miner. But I knew that I had no interest in being a gold miner, so I needed a way out of that place, and my way out was enlisting into the services. I volunteered to join the air force. I went in the early entry program my last, year in high school, which means I joined up during the Christmas break before high school ended. And then what happened is I had a lot of people pull for me and they got me an appointment to the United States Army's Preparatory School. It's a program to get me into West Point. That was the best thing that's ever happened to me, and I was able to get a, uh, military academy appointment because of that. And that was my ticket out of being a, a gold miner from my hometown. 

Rick Howard: I've been a geek my whole life, but not, um, not a full-time geek. I was never one of those guys that pulled radios apart and put them back together. I have no man skills I love computer games. And I always thought that I was going to figure out some way to be involved in the gaming industry somewhere because I played them all the time. My only way to do that while I was at the military academy was to pursue computer science as my degree. 

Rick Howard: Because I had that background, that led me directly into the communications fields on the U S Army, the Signal Corps, which led me into building networks for tactical units in the Army and then, and bigger networks as I moved up in the ranks, which finally led me into cybersecurity. Where I did my last job before I retired, I was the commander of the Army's Computer Emergency Response Team, which basically let me coordinate offensive and defensive operations for the US Army. 

Rick Howard: I was reading a fantastic book by Bruce Schneier. Okay. "Secrets and Lies." It's a really great one. I just happened to look at the back cover and realize that the headquarters of the company that he founded Counterpane was just down the road from Fort Belvoir, where I was stationed. So I called them and say, Hey, you guys should give me a job. And they did. So that's how I got out into the commercial sector. my job at Counterpane was to run the global SOC. It was one of the first MSSPs that was ever put out there. And we had a, you know, one of those fantastic rooms where the big screens in the front and analysts in the back. 

Rick Howard: I was there at Counterpane for a number of years, and then I got a call, uh, from an old buddy of mine that says they needed someone to come and run the commercial intelligence group iDefense that Verisign had just bought. They needed someone who had some experience with intelligence to come in and run this commercial organization. What a great job to have. It was, I had all these researchers that did all kinds of interesting research on malware and vulnerabilities, but we also had this other side. This human intelligence side, where we had cybersecurity professionals who spoke foreign languages like Chinese and Russian and Spanish and French. And we put those folks out in the country to talk to the black hats out there. They talked to us. So we sold that research to a bunch of government organizations back in the day. 

Rick Howard: I got my first CSO gig out of that. I got the Palo Alto Networks and it was a fabulous job. All those people are really smart. Uh, they were doing all kinds of interesting things and I got to work on all kinds of very interesting projects. That's where we started the Cybersecurity Canon Hall of Fame project. It's where we started the Cyber Threat Alliance, which was the first vendor ISAC. 

Rick Howard: What's interesting about working for a big security company is that, you know, everybody there is a security expert. Okay. And they have opinions about how you do stuff, right? So if you go to a, let's say you're the CSO of a, you know, a wood cutting company. Yeah. You're the only person in the company that can spell cybersecurity. 

Rick Howard: I like to give my people resources. I think the biggest job of the leader is to set direction and provide resources to the people that can get it done. I'm going to, let's say go figure it out, and, uh, let's see what happens and that has really proved useful in my entire military career and also in the commercial sector. 

Rick Howard: I worked at Palo Alto Networks for about six years and, um, and I thought I was gonna retire retire. I had, uh, come on the CyberWire Daily Podcast. I'm a huge podcast fan. When I was thinking about what I was going to do after, I knew I wanted to do something fun. On a lark, I called and said, "Hey, you should let me do a podcast for you." And you guys said, "you should just come work for us." So here I am, the chief security officer of a startup called the CyberWire. I get to work on my own podcast. And you guys get me this giant platform to present my ideas. I can't be happier. It's fantastic. 

Rick Howard: One of the things I like about the cybersecurity field is it's this profession is more than just the business bringing money in. You are actually having a mission that is trying to prevent bad things from happening to good people. I hope I remembered that we gave that a shot I may have been successful, may not have, but we certainly were trying. And I hope people remember that. 

Rick Howard: I have one more story that I'd like to say. I was the network manager, at the, at the Army's Command Center in the Pentagon during 9/11. All right. I got there about a year before the event happened. We had no resiliency built into any of our comm systems. And this place was the Army headquarters. All the orders for the Army around the world came out of this place. And all the services were on one giant server that if it failed, everything would be dead. So, we spent a year making all of that better. Triple, quadruple redundancies, lots of different places to fail over, and our team did a fantastic job. And then 9/11 happened. Back then, in the Pentagon the command centers, the service command centers were all in different places. The Army, Air Force, Navy, Marines, they were all had their own command centers. But because of the devastation of the planes hitting the building, because of the redundancy that we had built in to our communication systems, the Army's communication center was the only one functioning the day after the 9/11 attacks. Right. And we're very proud of that.