They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond. All five have given excellent advice along the way. See parts one, two, three and four of this five-part series for which I interview Dr. Jessica Barker, David Prince, Holly Williams and Per Thorsheim—all cyber security heroes in their own right. They are constant inspirations to learn and clarify the world of cyber for those around us without setting blame and fear but through passion, excitement and support. In this final part of the series, we look at Scott Helme. If you don’t know Scott and you’re a web security person, you need to fix this. Scott clarifies the mysterious world of web security; he focuses on what others may not know, what vital aspects we’re forgetting, and where he can help in automating the process. Check out his extremely helpful and free products at SecurityHeaders.io and report-uri.io. Scott explains why companies need to actively care about their infrastructure, bringing the liability to those who own websites. Securing our infrastructure helps not only us but also those who access it. Together, we can make the online world more secure.
When was a time you failed, or felt like you did, and what brought you back?
The first time I did a conference talk. I was so nervous (Terrified is probably a better word.) that I rushed it and I really wasn't happy with the outcome. I felt like I'd failed in my goal to deliver a good talk. The awesome people that were there and those who saw it afterwards were what kept me going. Their kind words and support gave me the motivation I needed to continue and to improve rather than give up. I now feel like I've come quite a long way in a very short time on my public speaking.
What are your motivators?
Feeling like I can make a real difference. Every day, I get up and work hard towards my goal of bringing about real change in our industry. When I write blogs or give talks and then hear about people implementing what I talked about, it drives me to work even harder.
Who’s inspired you?
There are so many awesome people in the security industry it's hard to name them all, but at the top of the list there are people like Troy Hunt, Emily Stark, Per Thorsheim, Jess Barker and others. All from various areas of our industry specializing in their own thing but highly motivated achievers who above all are just great people.
What do you feel is your greatest achievement so far?
It's a tough one, but I'd have to say it was report-uri.io, my security reporting service. I started it with no expectation it'd take off like it has, and I now have thousands of sites sending me tens of millions of reports every day, including some pretty big names. It's been a difficult journey to find the time and finances to constantly improve the service, but it's now helping website owners protects millions of visitors every single week.
What advice do you have for others starting out in Cyber Security?
Be passionate about what you do and never be afraid to be yourself. This industry is full of amazing people, and a little curiosity can go a long way. Get involved in the community at events like conferences and local OWASP chapter meetings to find similar-minded people close to where you live.
If you could go back, what advice would you give yourself when starting out?
I wish I'd started to learn sooner and picked up things a little earlier. Aside from that, have faith in yourself and what you can achieve.
What advice do you have for others that may be or are feeling stale in their career currently?
You can always pick up new areas of interest to research; there are so many diverse fields within cyber security that you should never get bored! I've recently started reading up on how crypto actually works, and it's fascinating stuff. This is what led me to become a QA Engineer in my move to security and then specialize within these certain areas. It could open up new opportunities for you.
Any final thoughts?
HTTPS certificates are free. Stop paying for them. Security headers provide great rewards for generally little cost. Encrypt all the things!
Please be aware this list is anything but exhaustive. I have so many more heroes in information technology, security, collaboration and more. My friends over in the Cisco Champion program constantly inspire me to work harder and try new things when it comes to networking and network security. They’re all passionate in their own way, and each and every one of them, even if not collaboration as a job title, are completely willing to share knowledge and share thoughts or ideas in any way you need or want. In my career in cyber security so far, I have learned many new ideas and viewpoints. I’ve seen the best and some of the not-so-amazing parts, but at the end of the day, it’s the people that matter. For both securing our data and continued motivation and support, people are what make the difference. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.