Cyber Careers – Director of Information Technology by Karen Tulloh

This is my second post in a series of articles describing various cybersecurity careers. I started this research project on the recommendation of a very smart woman (thank you, Heather) who said it was a shame those interested in cybersecurity did not have a good picture of the many cybersecurity career options. My intention is to find a broad spectrum of jobs in the cybersecurity arena and provide you with information on them.

When I put out a post on LinkedIn asking if my LinkedIn “family” would be interested in helping out on a project, I had no idea the response would be huge! I’m still trying to get through the comments and offers, but wanted to get a second post out since Alexandre Blanc was so prompt to return the completed questions. He was also quite candid, and I’ve kept that in this article – enjoy!

Name: Alexandre Blanc, Montreal, QC, Canada

Works for: Confidential Employer, who does software development in mechanical engineering (thermal dynamics, and much more)

How many years in cybersecurity:  20 years, by necessity. When I got my first hacked dedicated server back in 1999, I realized that it was critical to manage cyber security properly. It was the server of a friend’s company, in France back then, and when you get your websites appearing on a hacking/criminal challenge score boards, it’s time to take things seriously. (The score board is still up, check this out, amount of hacks is incredible: http://zone-h.org/archive/special=1)

What does your job entail: I manage the IT team (10 persons) and related infrastructure with them. This is not a big company (200 employees) so we don’t have dedicated cybersec teams. Cyber security, vulnerability management, patch management fall on the regular load of my team, aside of the day to day work.

Mainly, my job is making sure that everyone can work, all the time, 24/7 and that our data is available and secured, as much as doable.

What do you like most about your job: I do enjoy the fact that every day is different; repetitive work is boring, and I could not stay in a boring job 🙂 It does come with very high stress from time to time, when something fails, but overall, we are learning on a daily basis.

My main workstation is running GNU/Linux, and I’m happy having the possibility to do this, and allowing others to do so, in a mostly MS environment (I’m huge free software and privacy advocate).

What do you like least? When it all blows in a row, because obviously, it’s not like if events happen one after the other, it’s more like, you have a critical resource to deliver, a cooling system fail, and a provider fail, all at the same time (yes, there is redundancy, etc, but still…stress). Also, repetitive tasks, if they can’t be automated….

And the fact that sometimes employees believe that IT business-related decisions, in regard to cyber security, are just made to make their life a nightmare, while our only goal is to protect the organization, our jobs, their jobs. (Editor’s note: I bet this will be a common ‘least favorite’)

What work did you do prior to this position? Quite different things, overall, I’ve been IT Technician, IT Manager, Webmaster / Web Developer, Software Developer, Consultant, DBA,… I like to learn, and having been working in very small organizations, I had to do mostly everything, even customer support.

Your next step? Tough one, 10 years ago, I was in France, and I’d been working for bad guys (until I realized they were), then for military and secret services (subcontractor for foreign legion special forces). I ended being Canadian Citizen after many years, so, next step, I don’t know. For now, I try to learn more, and try to be well connected on LinkedIn, because we never know what is coming tomorrow, where we’ll end up.

I’m in the same position for 8 years now, the longest experience for me. We’ll see where it goes. As long as I wake up happy to go to work, it’s ok. If this is not the case for a certain amount of time, I‘ll start to look at my options 🙂

Salary range for your position: Currently being above CAD $100K but below $130K, been offered much less and much more, like a lot more at other places. But I’ve somehow a good life balance, and there is no dress code, believe it or not, and one of the key factor is being dressed relaxed (baskets [this would be athletic shoes], jeans, clean, but relaxed).

Education & Growth

Degree or no degree? French University degree, in IT. It has been renamed since then, but it was called in French “SeReCom” (Services et reseaux de communication, literally “Communication Networks and Services”).

Certifications? Not much, I had COMPAQ certs back in 1999, and then I did not have time or the need to pass any, while I’ve been told it would be a great asset if ever I want to switch to consulting. So, I started Linkedin Learning lately, as I pay for premium, it comes with it, and it is pretty cool. It definitely helps bring credibility whenever you are challenged.

What do you do to stay up-to-date or grow in cyber?

• I read online news everyday (call it market trends monitoring or threat landscape analysis, whatever you like)
• I have bots that parse RSS news feeds and others, and post information on a diaspora pod (open source distributed social network), from where I read the collected news. I did it this way so anyone can follow them as well and there is no AI involved to mess with articles you saw, and disappear forever… this is so annoying 😉
• I exchange a lot on LinkedIn, and have wonderful contacts that participate in discussions, which is always enlightening (Chris Roberts, Christophe Foulon, Douglas Edwards, Magda Chelly, William Klumper, Sean C. Sandrock, Diana Candela, Dan Williams, Parry Aftab and many more… I feel bad not naming everybody !)
• I read books, but I’m a slow reader. Yet, it brings some very nice information (from The Phoenix Project, through Mitnick’s books, to The Cyber Threat, The Hacker’s Handbook, Ethical Hacking and the like)
• I experiment with new things, technologies, I write a few posts on my blogs as well, trying to bring affordable solution to enforce privacy and security.

Favorite cyber news source and/or podcast?

• I’m partially deaf, so audio content requires a huge focus, therefore I’m more into reading. Bleeping Computer is amazing, CNET, my contacts, the hacker news, US-CERT (now CISA), dark reading, threatposts, databreaches.net and more.

Many thanks to Alexandre for providing this information – lots here for everyone to use.

View the original post here: https://www.linkedin.com/pulse/cyber-careers-director-information-technology-tulloh-pmp-cissp/

If you are interested in contributing to this project you can contact Karen on LinkedIn or send an email to KarenTCyber@gmail.com.