full
Breaking into Cybersecurity - Mike Lossmann
Breaking into Cybersecurity - Mike Lossmann
Mike Lossmann on linkedin - https://www.linkedin.com/in/mike-lossmann-5aab19a/
Sponsored by CPF Coaching LLC - http://cpf-coaching.com
The Breaking into Cybersecurity: It’s a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.
The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.
This podcast runs on listener support and funding. Consider supporting this podcast:
https://breaking-into-cybersecurity.captivate.fm/support
Check out our books:
Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI
Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/
_________________________________________
About the hosts:
Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach.
https://www.linkedin.com/in/christophefoulon/
Find out more about CPF-Coaching at https://www.cpf-coaching.com
- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity
- Podcast: https://feeds.captivate.fm/breaking-into-cybersecurity/
- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity
- Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/
- Twitter: https://twitter.com/BreakintoCyber
- Twitch: https://www.twitch.tv/breakingintocybersecurity
Mentioned in this episode:
CPF Coaching: Cybersecurity Leadership and Talent Development Consultant
CPF Coaching: Cybersecurity Leadership and Talent Development Consultant
Transcript
Welcome to another episode of breaking into cybersecurity,
2
:where we talk to individuals who have
broken into the field so that they could
3
:share the tips and tricks of their journey
to help inspire the next generation.
4
:If you're listening to this show, feel
free to share it after the fact with
5
:any friends and family that might be
interested in joining the field, because
6
:we need that diverse perspective.
7
:In order to tackle the problems of
future generations today, we have
8
:Mike Lossmann, who's coming from us
from a very interesting background.
9
:And the reason I say that is
having talked to him before.
10
:I know we have quite a story in, in, we
have quite a story in tune for you today.
11
:Mike, do you want to give us a little?
12
:Mike, do you want to give us a
little background about yourself?
13
:Mike Lossman: Sure.
14
:Good morning.
15
:Good afternoon.
16
:Good evening.
17
:Everyone who's listening.
18
:As Chris said, my name is Mike Lawson.
19
:I am currently a technical product
marketing manager with forward networks.
20
:You guys don't know who
forward networks is.
21
:Think of what we do is we create a digital
twin of your network infrastructure,
22
:and it allows you to be able to get
insights from your network that you
23
:were never able to get before and
reduce mean time to recovery and
24
:meantime to insights dramatically.
25
:Prior to forward, this is where
the buckle up part comes in.
26
:I have been all over the place, so
I was a senior network architect.
27
:For a bunch of fortune one fifties,
one that I'll name drop is the
28
:Coca Cola company from Coke.
29
:I went into sales.
30
:So I was a senior sales engineer
at both person networks and
31
:Nokia focusing on their S.
32
:D.
33
:Wann product line from there.
34
:Being in sales wasn't crazy enough.
35
:So I decided to go into consulting.
36
:So I was a tech consulting manager at
Ernest and Young, where I focused on
37
:a digital transformation, specifically
SD WAN and helping organizations
38
:on their zero trust journey and
completely switched careers and
39
:decided to get into, to marketing.
40
:Wow.
41
:Christophe Foulon: Let's
take a step way, way back.
42
:What got you interested into
tech and security or any of it?
43
:Mike Lossman: So I've always been
the type of person to tinker with
44
:something ever since I can remember.
45
:I remember my mom telling me stories of,
so I'm like originally from New York.
46
:I don't know what McDonald's looked
like in other parts of the U.
47
:S.
48
:But.
49
:When I was a child, they had this big
metal grimace that looked like a kid
50
:jail, and it would rock back and forth,
and instead of being in the kid jail
51
:rocking back and forth, I was under
it trying to figure out how the spring
52
:worked, how everything actuated when
I was six or seven, I decided to put
53
:a sign up on our front door saying
that I could fix your electronics
54
:and just Progressed from there.
55
:I've always been, like interested in
everything, like technology related.
56
:And it wasn't back when
I got into the field.
57
:In early 2000 it was
really hard to get into it.
58
:To the point where, people were telling me
we don't hire people without experience.
59
:You need college degree.
60
:So I went out.
61
:And did the college thing came back.
62
:Oh, now I'm overqualified because I have
a master's in in in network security.
63
:So now it's like, all right, I did all
this because you told me to get a degree.
64
:Granted, when I do things,
I do, I like do things big.
65
:I just don't go.
66
:Oh, bachelors.
67
:I'll stop.
68
:I just always go for that next level and
then decided to take the certification
69
:road, hide my master's degree on my
resume, and wound up probably finishing
70
:with well over 42 certifications.
71
:That's not a lot.
72
:no.
73
:It's easy weekends worth of work, right?
74
:So
75
:Christophe Foulon: if you
weren't overqualified with a
76
:master's, what did they tell you?
77
:Mike Lossman: 42 certifications
was over the span before I
78
:got into the sales world.
79
:Until I got to Nokia where I did
a couple of certifications there.
80
:So I started off small, right?
81
:So I.
82
:In the enterprise world, I just didn't
walk into a shop and go, Hey, I'm a
83
:network guy or I'm a security guy.
84
:This is, what I want to do.
85
:I started at the ground, so I walked
in, actually, I started at Best
86
:Buy as a in store tech supervisor
before the geek squad took them over
87
:when the geek squad took them over.
88
:I used to be.
89
:A big dude and they wanted me at 300
plus pounds to fit in that little VW bug.
90
:And I laughed at them and
said, that's not happening.
91
:So started out at Best Buy, went
into PC tech roles at several
92
:law firms where I was exposed to
different parts of the infrastructure.
93
:So I was exposed to security.
94
:I was exposed to.
95
:Server work.
96
:I was exposed to the system side.
97
:I was exposed to networking.
98
:I gravitated towards the networking.
99
:Security was interesting,
at least in security back in
100
:like the early 2000s, right?
101
:We're talking about ideas.
102
:We're talking about firewalls.
103
:We're not talking about some of the stuff
that we have to do today with identity and
104
:advanced segmentation and stuff like that.
105
:And then yeah.
106
:Tested as I moved up, working in
working in different areas until I
107
:found that niche and networking where
a lot of the networking roles I had.
108
:Were dual split, so it's like
security would set the policy.
109
:And then we would apply
the policy on the device.
110
:So the security guys, like we shared
responsibility of a lot of the security
111
:devices that we were actually playing
around with and a lot of things you
112
:don't see is you don't see a lot
of network guys and security guys
113
:seeing eye to eye on a lot of things.
114
:It was my goal to make sure that any
security guy I spoke to, him and I, or
115
:her and I had that mutual understanding
that listen, I'm not here to, step on you.
116
:I would hope you're
not here to step on me.
117
:Let's try to work together because
at the end of the day, we have
118
:1 goal and that's to make sure
that our resources are secure.
119
:And it's not a contest to see, Oh,
because I'm in this part of the
120
:infrastructure and you're just some packet
jockey, it's like working together.
121
:And I've always taken that stance
everywhere I've been, and I think that's
122
:part of the key to at least the success
that I had is don't let your ego overrule.
123
:Or don't let your ego get in
the way of what other people are
124
:there to help you with or to help
you get through your daily job.
125
:That's
126
:Christophe Foulon: that's so true.
127
:I think that's one of the things that
I've also tried to do is I go in with
128
:a coaching approach where we're having
a conversation and we're there to find
129
:Best mutual solution for that's it what
we're trying to achieve versus one person
130
:being right and the other one being
wrong and that's it's a zero sum game
131
:Mike Lossman: It's one of those things
where it's you can be the loudest person
132
:in like the conference room What's
that going to do for the issue that
133
:you guys are working on, or the issue
that you guys are troubleshooting,
134
:you're allowed the security guys loud.
135
:The infrastructure guys loud.
136
:You're just going to argue with each
other for hours over who's right.
137
:Just come to that commonality.
138
:And figure it out together.
139
:Christophe Foulon: You're network focused
and you understand that the perspectives
140
:of security and then why sales?
141
:Mike Lossman: So one funny thing about
me that very few people know, and a lot
142
:of people are going to know after today.
143
:When I was in the enterprise world, so
when I was with, we'll just pick out Coke.
144
:I was the guy sitting in the corner.
145
:Just taking notes, nodding my
head, not really saying anything.
146
:I had always wanted to go into the
sales world because in my mind, I
147
:had pinnacles set up of my career.
148
:Coke was the pinnacle of
the enterprise career.
149
:It's you can't get at
least in like my mind.
150
:A lot of people may argue with me.
151
:You can't beat a company where they're
local, sorry, where their logo is
152
:recognized in every country in the world.
153
:To me.
154
:That's the pinnacle.
155
:I always wanted to get into sales
because I was getting bored.
156
:Playing around one like infrastructure.
157
:So it's Hey, let me go into sales.
158
:The SD Wan world is a amalgamation
of networking and security.
159
:So let's see what I can
get into in sales versa.
160
:Versa picked me up from coke.
161
:Did a lot of cool things with
them, saw Adversa was able to
162
:help a lot of organizations.
163
:On their SD when journey when SD
when was still new in people's
164
:minds, but it was always I've
never been someone to hoard data
165
:especially if it's a on call rotation.
166
:And if someone below a tier 2
or a tier 3 guy can do the work.
167
:I never held anything back.
168
:It's like you want to learn.
169
:I'll teach you whatever you want to learn.
170
:And I think moving from enterprise to
sales afforded that opportunity with
171
:a little extra stress on the back end
because there's numbers and all that
172
:other stuff you have to worry about.
173
:That really wasn't forefront in my head
when I was thinking about doing it.
174
:But yeah, it's that knowledge
share and being able to talk about
175
:technology That I'm passionate about
176
:Christophe Foulon: many people
wouldn't see that as a logical move.
177
:What were the, what was the
value add in your mind of
178
:doing this now after the fact?
179
:Mike Lossman: So now seeing how my
career has laid out, ultimately it was a
180
:building block to get to where I am today.
181
:I always had in the back of my
mind, once I got into sales, I
182
:wanted to do something with, like
technical marketing or consulting.
183
:It was 1 of those either or type of
things with me and when I went into
184
:sales and I got that experience, right?
185
:You're only to me.
186
:It's, if you're in 1 company,
you're only bound by what that
187
:1 company wants to do, which.
188
:Mayor, which like may or
may not be good to me.
189
:It's wanting to learn everything.
190
:I could learn moving into sales Starting
to build how to talk to people One of the
191
:funny stories that I'll share is one of
the first presentations I did it at versa
192
:was actually to my account manager and Se
number one because they were still a new
193
:startup when I had joined in 2017 and I'll
never forget my Who the guy who turned
194
:out to be my account manager sat down with
me after the fact and he looked at me and
195
:he's Mike, I don't know why we hired you.
196
:He's you really can't
present to save your life.
197
:I don't know why you're here.
198
:I don't know.
199
:I don't know who you duped to get here.
200
:He's you were constantly saying
some words under your breath.
201
:You should have been saying.
202
:You had some really awkward pauses
during your presentation and you
203
:loved using the word he's in a
minute span, I counted 77 ums.
204
:I'm like, oh, all that's a good way to
beat somebody down and let them know
205
:that they made a wise career move.
206
:But then with, practice, I honed it.
207
:And then that kind of that's
that, what led me into Nokia.
208
:THey came along and they were like,
Hey, listen, we want to take you.
209
:You're an enterprise guy.
210
:Similar to what Versa did where
it's I'm, I'm, relatable to the
211
:network person or like the security
person who's buying the product.
212
:Let's put you in another role where
now you've got to talk to CIOs, CEOs,
213
:monster conglomerate people to get them
to understand why they need to invest
214
:in our, like platform because their go
to market was through service providers
215
:where Versa was direct to consumer.
216
:But now it's an even more
completely different world.
217
:It was fun.
218
:There was, there was like a lot
of cool things going on there
219
:that they were working on, but
something just didn't feel right.
220
:And it, it turned me off
to the sales experience.
221
:Me personally, and I was
actually they slid into my dms.
222
:So I get a probably about 2
years into my stay at Nokia.
223
:I get a a dm on linkedin from, recruiter
and I'm thinking it's fake, right?
224
:Why would a big four consulting
company come for a guy who has
225
:some enterprise experience and
has some sales experience zero?
226
:Zero consulting experience.
227
:I could spell it.
228
:That's probably it.
229
:I've dealt with them before, but so I
had thought that he had wanted me for E.
230
:Y.
231
:internal I.
232
:T.
233
:and I was like, no, I don't want to
go back into the enterprise world.
234
:I've already been there.
235
:He's no.
236
:He's we want you for a
tech consulting manager.
237
:And I'm like, oh, so going from someone
who couldn't present to save his life
238
:to being a tech consulting manager at E.
239
:Y.
240
:Like in a, what was that?
241
:A four and a half year span.
242
:Really, opened up my eyes as to
what the future could look like.
243
:And where my future could go.
244
:Oddly enough, that was one of the
more harder interviews I've had.
245
:There was one gentleman who
interviewed me who went like
246
:really insanely crazy into BGP.
247
:And I'm somewhat confident in BGP
because of what I've done in the past.
248
:But yeah, it was just a completely
different animal joined.
249
:Quickly realized that consulting
is good for a lot of people.
250
:maybe not someone with
the background that I had.
251
:I did get to talk a lot about
technology without having to
252
:worry about the vendor side of it.
253
:So I could talk about SD WAN for what SD
WAN is, not what a vendor spin on it is.
254
:I could talk about Zero Trust for what
Zero Trust truly is, and not what, certain
255
:vendors that play in the Zero Trust space
want you to believe that Zero Trust is.
256
:So that piece was cool.
257
:Being able to extrapolate the vendor part.
258
:And actually talk about what it's
supposed to do was, was really cool,
259
:had a lot of cool projects there where,
I can't get into too much detail on
260
:this, but I did work a ransomware
recovery, which led me to have a greater
261
:appreciation for certain security aspects
for certain aspects of zero trust.
262
:And then I was doing research for another.
263
:Client that I was working with and I
stumbled across forward because in my
264
:head, there was a certain platform that
was used before to do things like this.
265
:And when I Googled forward was
number 1 in Google, and I'm like,
266
:oh, this company is interesting.
267
:Let me see what they're about
and fell in love immediately with
268
:everything that I saw about them.
269
:Applied for a different role than
the role I got was told, Hey,
270
:you're overqualified for this one.
271
:Sorry.
272
:And I'm like, Oh, right back
again to right back again to:
273
:Thanks.
274
:And fortunately.
275
:He was like, but, hey, we have this other
role that we think you'd be perfect for,
276
:which is the role I wound up getting
and taking where I started moving up in
277
:the enterprise world, messing around in
sales, jumping to consulting to learn that
278
:piece of it to just rehome presentation
skills, talking skills and all that
279
:now landing where I am at forward.
280
:This is the culmination
of an 18 year journey.
281
:It's not something that
happened, overnight.
282
:I had a I've talked to a few
people who want to get into cyber
283
:security and they're looking for.
284
:The quick way to make a buck and I'm like,
that's the stigma that cyber security
285
:networking programming, you name the I.
286
:T.
287
:Discipline.
288
:That's the stigma that you get with it.
289
:But that stigma is false.
290
:And if you go into, if you go into a
career like this with that stigma, where
291
:I just want to make pockets of cash and
swim around like Scrooge McDuck, you're
292
:not going to have a rewarding career.
293
:I switched.
294
:I switched.
295
:Disciplines 3, 4 times in my career,
and, there were some good days where
296
:I'm like, oh, this is really cool.
297
:There were some, there were
more bad days where it's oh,
298
:why did I do this to myself?
299
:But ultimately, it's what turned me into
what I am today and what I'm able to
300
:talk about with people, a network guy
being able to talk security, a network
301
:guy being able to talk infrastructure
and then have commonality with them and
302
:not be in a conference room and be like,
Oh, I'm the guy who build your road, stop
303
:throwing, this app on it or hey, security
guy, I don't like, the, I don't, I don't
304
:like the fact that your vulnerability
scanner makes my router tip over every
305
:night at two o'clock in the morning.
306
:So
307
:Christophe Foulon: I guess one of
the things that I love for more
308
:junior folks to understand is what
a product marketing person does,
309
:or even a product manager might do.
310
:in Their, in the overall ecosystem
and why it's such a critical role.
311
:Mike Lossman: So a majority of folks
you find in this role are somewhat
312
:technical, mostly marketing focused,
and they go in, and they, not to speak
313
:bad of folks who are in this role,
but I've heard some product marketing
314
:people before who were like, Oh yeah,
my widget does things this way and
315
:they don't correlate it to anything.
316
:They don't correlate it to
how it'll make my job easier.
317
:They try to, and they
flash pretty screens.
318
:You know what I came into this role
doing and forward has been extremely
319
:supportive with how I want to do it is
taking my background from consulting,
320
:from what I've learned in sales, from
what I've learned in the enterprise.
321
:And making it making everything
seem more accessible to the user.
322
:So it's my job is to educate the
person who's looking at our platform
323
:and to show them how it could make
their life a thousand times easier.
324
:But my philosophy in doing it is I put
myself in situations and situations
325
:that I've been in before where I
wish I had something like this.
326
:And show you that, hey, this complex
hybrid cloud troubleshooting that you
327
:need to figure out where a firewall
is broken or where something is broken
328
:that could normally take days to figure
out, depending on how tight you are
329
:with the teams that you're working with.
330
:That you could figure out in less than
a minute and being able to articulate
331
:that, show it and actually give examples
that the security guy, the network
332
:guy and the infrastructure guy could
actually understand, I think, is what
333
:makes a great tech product manager.
334
:Christophe Foulon: I think that's such
an important skill to be able to have
335
:as to step outside the box and put your
mind in the mindset of the user and
336
:see what you're experiencing, because
oftentimes it's oh, why did they do this?
337
:Why did they do that?
338
:And put the blame on them
rather than thinking.
339
:Why did they do this?
340
:Did they do this because we were
putting roadblocks in their way
341
:and made it too hard on them?
342
:And they did this because they
needed to get their job done.
343
:And what could we do to help them complete
their job without them breaking security
344
:policies or breaking security rules?
345
:But let's enable them rather than just
use controls as a way to block them.
346
:Mike Lossman: It's having that
level of empathy to understand,
347
:even in the enterprise space, right?
348
:If you've moved up, the level of
empathy that you need to have dealing
349
:with a help desk guy who's getting
screamed at nine times out of 10,
350
:anytime someone is calling it to the
help desk, because it's never good.
351
:Excuse me, when something's broke.
352
:They're not going to say, oh,
you do such a great job, John.
353
:By the way, my laptop is on fire.
354
:And I don't know why it's on fire.
355
:We need to figure out why it's on fire.
356
:And I can't get my work done.
357
:And, Bill wants his TPS report tomorrow.
358
:And I can't do it because my
laptop is literally in flames.
359
:Nobody calls the help desk
and says, you know what?
360
:You do a great job.
361
:And I just wanted to let you know that.
362
:Goodbye.
363
:Christophe Foulon: Have you tried
turning it on and off again?
364
:Sorry.
365
:Mike Lossman: Say that.
366
:So the old Microsoft
three finger salute or
367
:Christophe Foulon: there was an old
British show about a help desk and
368
:that's all they did with a recorder.
369
:Mike Lossman: Yup.
370
:Christophe Foulon: So Mike.
371
:You've gone through an illustrious career
what tips would you have for those looking
372
:to break in today and what could they do
to take advantage of some of the changes
373
:in the environment, changes in technology
to hone their craft to get in today?
374
:Mike Lossman: I wish I was starting
now is the amount of data that's
375
:out there that will help you.
376
:That's free is insane.
377
:My recommendation and what I tell a
lot of people is don't because you see,
378
:oh, this guy does all this cool stuff
or this guy does all that cool stuff.
379
:Look at it.
380
:So look a technology as a whole.
381
:Watch some networking videos.
382
:Watch some security videos.
383
:Read some network blogs.
384
:Read some security blogs.
385
:Just try to get a narrowed down
view of what you want to do.
386
:It's okay, so now you want to
get into, we'll just say, we'll
387
:pretty much just say security.
388
:What side of security
do you want to get into?
389
:You want to get into forensic security?
390
:Do you want to get into data security?
391
:Do you want to get into
infrastructure security?
392
:Then from there, start picking out
topics that you want to learn about.
393
:Use LinkedIn to your like
advantage, find people, connect
394
:with them, ask them questions.
395
:A lot of people on LinkedIn
aren't these big, angry.
396
:People that they may, look like a lot
are willing to help, including me.
397
:If you want to come along, shoot me
a message on LinkedIn, be like, Hey,
398
:I'm looking to break into the field.
399
:I need some advice.
400
:I would definitely help and be like, Hey,
start with kind of what I just laid out.
401
:Get a foundation of where you think
you want to be and start learning
402
:about that specific technology stack.
403
:And maybe you're going to like it.
404
:Maybe you're not going to
like it, and then you move on.
405
:Look for roles that'll get
you in the door of a company.
406
:Help desk role, knock role, sock role,
something that will get you in so you can
407
:now that you know where you want to be.
408
:Now you're starting to understand
how pieces work together,
409
:how tools work together.
410
:Once you're actually in an organization.
411
:It's a lot easier to move up and
laterally than it is to if you're not.
412
:So once you get into an org, say
you go into a sock role and you're
413
:like, the security operation
center really isn't for me.
414
:I thought I'd be, like hunting
down people trying to break into my
415
:infrastructure and all I am is looking
at these splunk reports and sending
416
:them off to, the the identity guys.
417
:So then.
418
:You take that you learned, and then
you could, depending on the reputation
419
:you've built for yourself in that
company, by participating in other
420
:things by having the willingness to
learn by reaching out to peers, then
421
:you can start navigating around.
422
:To see where you want to ultimately
end up, 1 of the 1st law firms I was in
423
:afforded me the opportunity to configure.
424
:Non Cisco guy, non network
guy, part of the PC tech's role
425
:was to configure switchboards.
426
:On a Cisco switch, so being able to
branch out like, hey, listen, if you
427
:need me to do this I'm willing to
learn it and then they can give you,
428
:completely completely choked down
permissions to just do that, that 1 thing.
429
:So you can learn and the end is just.
430
:It's a constant learning environment.
431
:If you're not in it to at least
learn something new every day,
432
:then this may or may not be.
433
:Where you want to be, because looking
at 18 years, let's take that 18 years
434
:and let's shrink it down to the last 5.
435
:The.
436
:The tech world has changed
dramatically in the last 5 years,
437
:and if you're not willing to learn
and keep up with it, or you have
438
:that mindset of, oh, you know what?
439
:I know BGP, or, I know how Palo Alto
does, security and all that stuff.
440
:I don't need to learn the next
newest thing you're going to find
441
:yourself sitting in the corner.
442
:My old iPhone.
443
:My old iPhone five, wondering
why no one's going to hire you.
444
:Christophe Foulon: That is very true.
445
:Mike, thank you for coming on sharing your
tips and tricks and absolutely everyone.
446
:Thank you.
447
:And be sure to share this with your
friends and family that might be
448
:interested in breaking into the industry.
449
:And again, Mike Lossman,
thank you for joining us.
450
:Mike Lossman: No worries.
451
:Thanks again.
