Mick Leach: Hello and welcome to SOC Unlocked: Tales from the Cybersecurity Frontline. I'm Mick Leach, your host and guide on this exciting journey into the SOC universe. In each episode, I chat with various cybersecurity professionals about the latest industry news, emerging threats, practical strategies to keep your organization safe, and more. This week, we are excited to have Eric Zielinski, a dear friend. Eric, welcome to the podcast.
Eric Zielinski: Thanks Mick, happy to be here.
Mick Leach: Awesome. Well, for those who don't know, and most won't, Eric and I worked together in a previous life. It feels like a lifetime ago, but we worked together at an insurance company in the Midwest a long time ago. And so I'm excited to partner with Eric on this discussion. And with that, Eric, I'd love to have our listeners learn a little bit more about you. Tell us about yourself and your journey into cybersecurity. How did you get here?
Eric Zielinski: Sure, I'd love to. I started my cybersecurity journey way back in the late 1900s. I sound so old just saying that, but it's true. I actually started working for an Internet service provider in the late 90s during the dot-com boom. That's where I learned the basics of system admin networking and troubleshooting. I was supporting dial-up Internet.
Back then you had to dial up using a modem to connect to the internet, right? Remember those days? And so I kind of lucked out in getting into cybersecurity because that company ended up filing bankruptcy and I had to find my next gig. And so I was perusing the local newspapers. Back then you had to search for a job in the classified section of the newspaper. You couldn't really go on the internet and look for jobs like you can these days.
Mick Leach: I do. That was pretty monster.com days even.
Eric Zielinski: Yeah, even pre monster.com right? And so I found this startup that was run by a couple of ex-military folks that were doing the very beginnings of cybersecurity and they were looking for somebody that had some networking background and some some firewall experience. And so I thought, hey, that sounds kind of cool. Let me check that out. So I started at this startup and we're doing the very beginnings of vulnerability management, and threat intelligence logging and monitoring. I was literally monitoring firewall logs and IDS sensor logs without a SIM. Like the SIM wasn't even invented and I'm looking for anomalies in all of this log data and trying to notify clients when something bad is happening. Yeah.
Mick Leach: Now, quick question before you go on, was that pre-snort days too?
Eric Zielinski: I think snort, was, was around at that point. Yeah, I do believe so. yeah. Cause I, there was like one book on cybersecurity and I think it was snort and it was like 300 pages and so, but that's what I really fell in love with cybersecurity. And, after that, I did some consulting, I did some attack and penetration testing work, some more vulnerability management, and then moved into a Fortune 100 insurance company where I spent probably about 16 years of my career doing all different types of cybersecurity roles. In that position, I was able to do risk assessments, and compliance and get paid. This was awesome. I used to get paid to literally drive around the campuses with a giant coffee can hanging out of my window that was built as a Wi-Fi antenna that I was using to scan for unauthorized wireless access points.
Mick Leach: War driving. I have not heard about war driving in probably 15 years.
Eric Zielinski: Lord. Yeah, I thought it was the coolest thing ever. The security guards would always give me funny looks. I'm just driving by and I've got my little antenna hanging out of my window scanning for unauthorized Wi-Fi access points. So I did that. But I really fell in love with digital forensics and incident response. I did that for about eight years. Just love the whole problem-solving, you know, detective mentality. I worked towards building out Cyber Fusion Center for the company. Yeah, it's whenever I met you, Mick and we had a lot of fun adventures building out that Cyber Fusion Center, maturing the Security Operations Center, building out Threat Intel, and then moving into cloud security. And so started doing some basics of, all right, let's figure out how we're going to migrate these applications on -prem into the cloud securely.
And so was able to put that together for that company and build out their cloud operations organization, moved on to the life science industry after that, worked on their security operations, did vulnerability management, EDR, threat intel, and security ops work for a SaaS-based company, and then took a CISO role for a desktop as a service company and got a chance to really run the cybersecurity program end to end and really feel that, you know, provide strategy provides some insights and direction on how to implement security controls and establish compliance adherence to all the different types of frameworks that we were trying to meet. And then most recently, I have been working for a financial services company and leading their cloud security engineering and application security engineering team.
Mick Leach: That's awesome. Man, what a varied array of skills and experience. And what I would have our listeners know about Eric, at least from my own personal journals, if you will, is that Eric's one of the most strategic thinkers that I have encountered in my career, which for me is awesome because I'm just not, I wish I were built that way. I wish that was a muscle I had, but it's just not. Maybe I'm good at incident response because I'm a bit of a linear thinker. And so getting from point A to point B and figuring out all the things in between. Eric has not only that, but that strategic skill as well, which I love and am not a little jealous of as well. I'll just let you know, Eric.
Eric Zielinski: Thank you, I appreciate that, Mick. I don't know where it comes from. You know, maybe it's the the musician in me where I just always have to be creative, but I'm always trying to think about what is the next step. Where are we going next? Because we're doing this today and as we're all aware, the threat landscape continuously changes. So how do we prepare for what's going to happen next? Even though we don't know what that is.
We don't know what type of attack we're gonna see. We don't know what new tools are gonna come on the market. We don't know what's gonna come at us, but we should be thinking, all right, when that does happen, how do we respond? What can we do to prepare now to get us ready for when that happens? And so that's always kind of what's in the back of my mind. It's like, okay, what's the future? What's emerging? What are companies gravitating towards? Now they're doing containers. How do I learn what a container is? How does that actually impact my role in cybersecurity? And what should I be thinking about from a security perspective to prepare myself for whenever IT comes and says, Hey, we've now got applications running on containers. Now it's your job to go ahead and secure them.
Mick Leach: And I'm sure you and I are the only ones that have had that happen too. nevertheless, you know, I'm glad you brought up creativity, right? Because I, my experience, and I'd love your thoughts on this. know this is off-script, but you know, at least what the plan was, but I think there's value here. Every time I've talked to great blue teamers, right? Who are just pillars in the community in terms of blue-teaming defenders?
They're largely sort of linear thinkers for the most part. Anytime I speak to brilliant red teamers, they are often really creative people, right? They're musicians, they're artists, they think differently. And I think that allows them to, you know, find the flaws in systems better. At least that's been my experience. What do you think?
Eric Zielinski: I think it's a great perspective because you, but I think you also have to have that element of creativity, even as a blue teamer. you know, there were so many times when I was in the role of a digital forensic investigator or incident response, and I had to put myself in the mindset of the creative attacker, the attacker that is doing something that I've never seen before. And how do I put myself in their shoes and think like they think and you know, try and figure out what they've done, right, and put the pieces of the puzzle together? But there is an element of creativity in the red team as well, right? You've got to try different things. You've got to be okay with failing. You've got to be okay with making mistakes. And you've got to move on and you got to move forward through and you got to learn through it, right?
You know, the other thing I'd say is, is also just, you know, reaching out to your network. Collaboration is key. Sometimes those linear thinkers have brilliant ideas, but they just don't know how to like, bring them out. And they need that creative mindset to kind of have the conversation. And then all of a sudden, you're now collaborating on something. And whether it's a problem you're solving, or whether it's a new attack that you're trying to put together for a red team test, like that collaboration can spawn new ideas that neither person ever thought until they came together and started talking about.
Mick Leach: Yeah, I agree wholeheartedly. I love that both corporately, but also from a community perspective, that collaboration, you know, there, there are some really great local conferences, security conferences where you can get together with other cybersecurity professionals and really just sort of jam off each other in terms of, you know, ideas and, I thought about this and I saw your talk on that. Have you considered this instead of that approach? And, you know, it's so fun to see brilliant cyber security folks get together, collaborate, and then just really build and take things a little bit further.
So, alright, and with that, we'll kind of jump into the meat of the program. We like to talk about sort of a past, present, and future. In terms of the past, tell me about a time that you got into a very interesting investigation that you're allowed to, right? We're all covered by NDAs and legal things, but what's an interesting attack that you've seen investigated? How did your team respond?
Eric Zielinski: Well, I have lots of them that I can't talk about, obviously, but I've got a couple that I could probably share. So, you are one of the ones that I thought was really interesting, probably several years ago, this one came out. It was an attack on MySQL databases that are exposed to the internet. And so there was a ransomware group that was scanning the internet for open MySQL databases and brute forcing those databases. And if they got in, then they would exfiltrate or delete tables and drop tables and then replace it with a ransomware note that says something like, please read me. And then they asked for some type of ransom payment usually like inside cryptocurrency. And that is one of the most disruptive attacks that could happen to an organization. Your database is all of a sudden gone, encrypted, doesn't work, your business operations are stopped, and you've got to figure out what happened, how somebody got in, and how are you gonna use your backups, hopefully, you've got a backup strategy, to get back online and to get into business again.
I thought that was pretty interesting just because of the speed, right? And how quickly it takes for you to just have a, you know, anybody could put up a, you know, a test system or open up a port on, you know, in the cloud or on-prem or whatever, just for some testing real quick, and then all of sudden you could be compromised. So to me, what's interesting about it is just the speed at how fast those attacks actually occur. And then also obviously the implications of it actually happening, right? So I thought that was kind of an interesting attack. I don't know. I've seen some other ones. I gotta be careful about which ones I actually talk about, cause a lot of them are still under attorney-client privilege. Don't wanna get into any legal trouble talking about some of those.
Mick Leach: Fair enough. No, no, no, I don't want anybody going to jail over this.
Eric Zielinski: Yeah. Yeah, I think that's probably one of the most interesting ones I got.
Mick Leach: Yeah, and I will tell you, you had mentioned that the attackers were using scanning, web scanning, right, to identify these things. And I think you and I were working together when Shodan really became a thing, shodan.io. And I remember the first time I came across him, was like, my gosh, this is horrible. What a terrible idea. And yet, it also, from a vulnerability detection and remediation perspective, or at least detection perspective, often would give you, if cybersecurity professionals aren't keeping an eye on Shodan for your own environment, I think that's a real miss. Because I think, yeah, there are times to your point where you could spin something up or one of your developers spins something up just for testing. It's just going to take a minute.
And then somebody gets busy and we don't tear that down. And now we have an exposed service or exposed server that is running. Yeah.
Eric Zielinski: Yep. And it becomes easier, right? As more organizations are leveraging cloud technology and empowering their developers to have more access than ever to do things in the cloud, open up ports, build their applications, and run their applications. How are you continuously monitoring for changes within your environment, configuration issues opening up different security groups, opening up different ports, because it really only takes a few minutes of oops, I didn't know I did that.
Mick Leach: Yeah. Yeah. Couldn't agree more. And I am glad you brought up the cloud stuff too, because I remember my last gig as a large Fortune 500 financial services company was moving more and more to the cloud. We started to see and have some, you know, challenging conversations with the development community there say, you know, because now in the cloud space, what used to be infrastructure changes, you know, in terms of opening firewall rules, fire, you know, ports, those kinds of things that, used to be on an on-prem network where, where infrastructure changes handled by a team that had a broader view of all the other things in play at the time. And there was a set system for evaluating those things. Then with the move to the cloud, those became software changes that developers were equipped to make.
And often did so without necessarily understanding the ramifications of opening, say, port 22 externally, just because, well, but now I can get to it from my house, right? Because we're all working remotely during COVID. Now I can, you know, RDP in, in this case, SSH in, and test my application without realizing necessarily the broader implications of that. So. I mean, is that experience, you're a cloud guru. What are your thoughts there?
Eric Zielinski: I think it comes down to really defining your roles and responsibilities of different teams. mean, I know whenever I first started my cloud journey, everybody was fearful of losing their jobs just because, I've always done things on-prem this way, and then all of a sudden we're to go to the cloud and it's all going to be automated. Yeah, there's a lot of automation that can really help empower, innovate, drive speed, and new business ideas when you go to the cloud, but at the end of the day, you still have those roles and responsibilities. You still have storage, you still have networking, you still have OS operating, infrastructure, and middleware. You still have to have some accountability and responsibility for who owns those different types of changes. You have to have change management in place.
So there are things that change dramatically for organizations. There's a new skill set that everybody has to learn. A lot of these things have different names and then you start even going to multi-cloud and you know, different cloud providers have similar services, but just call things different names. So, you know, really what comes down to is how open you are to learning new things and learning new technology. In my opinion. But if you don't have good oversight and good visibility and even, you know. I hate to this, but reducing the complexity of your environment in a way that you know still defines those roles and responsibilities as far as what my developers have access to do like how much power do they actually have in this cloud? I mean, can they not only build test deploy their application but can they also configure networking? Can they also add EBS volumes? Can they also do all of these extra things? And if we don't have governance and oversight of what their capability is, it's a matter of time before human error just takes over, right? And all of a sudden human error causes your business to have a true impact and potential cyber intrusion or data breach or exploitation, something like that.
Mick Leach: Yeah. And I'm glad you said that, right? mean, if we're honest, at the heart of almost every breach, there's some element of human error, right? Did somebody expose an S3 bucket? Did they do this? Did they do that? Somebody made a small mistake that wasn't caught that an enterprising threat actor is going to absolutely jump on.
Eric Zielinski: Yeah, for sure. mean, know, it's human error can be as simple as going to the coffee shop to work and have a cup of coffee. And then all of a sudden you get up to use the restroom or refill your coffee and your laptop's left open. You didn't lock your workstation. Somebody walks in, takes it out and they never got access to all the files that you have on your system. Right? I mean, that's, that's basic, but it goes a lot further, you know when you start adding in additional, you know, you know, power for these developers to have access for these developers to have not even just developers, just anybody that has access into your system. it's like, how do we think about, mean, access control, identity management is a problem that's here to stay. And I don't feel like there's really any good solution to tackling it. There are so many different service accounts, system accounts, user accounts that have all of this incredible access. And from my perspective, I like Amazon's approach. It's like reducing human access to data as much as possible.
Mick Leach: Yes, yes, big fan. and entitlement creep is the other big one that I see often, is that we typically grant folks access to a resource for a moment. You just need it for today, except there isn't a great process to pull that access out, or that process is manual and it fell through, or that guy's on vacation, or whatever the case may be. And suddenly we start to grow and then, not even taking into account when folks move roles and they bring a bunch of previous access with them and that's not scrubbed out like it ought to be. yeah, entitlement creep is a constant problem. So awesome. Speaking of problems that we're facing today, what do you think in your opinion is kind of the biggest threat facing SOCs today?
Eric Zielinski: I think data is probably the biggest threat to not only SOCs but even cybersecurity. Data is growing at the fastest pace probably ever. And there are so many systems, there's so much data, there's so much complexity. Complexity is also a challenge. Just understanding how an application works with all of its dependencies, with all of its integrations, and who it's talking to. That right there is, it is a major challenge. then, I kind of this theme that we keep talking about is, you know, how to stay current with all that is changing in it. Not just security, but it like, how do we, you know, take ourselves, take our security hat off and put our it hat on and say, all right, what is coming down the pipes? What are the businesses looking at? A few years ago, nobody was looking at GenAI. Now, GenAI is here and growing so incredibly fast and so easy to use. AI machine learning has been around for a long time. I was doing some work when we were together just on some basic machine learning at some hackathons and things like that. But it was complex. It was difficult to understand.
You had to be very technical to make things work. But now you've just got a prompt and you can ask basically any question that you want and get very, very accurate information. so businesses are seeing this and businesses are like, hey, well, we can use it for all of our technical documentation. We can use it for all of our knowledge bases. We can use it for all of these different use cases. And all of a sudden they want to start using GenAI here as a SOC analyst or as a security expert, and now we're faced with learning that technology. And so, I think one of the biggest challenges is constantly learning and learning the right things, spending your time learning the right things because, mean, you could just sit for months at a time and just learn containers. I mean, you could just dive into how containers work, how the access works, what runtime is, all those things.
In my opinion, you have to have just an open mind to the broader spectrum, right? You got to think about GenAI, you got to think about IT, you got to think about cloud security, you've got to think about all of these things that are coming our way and also realizing that there's going to be more and there's going to be more and more data and there's going to be more and more ways for us to detect attacks. Think about it, I guess you know, I don't know if this is really a SOC, I guess I'll ask you this. But what about like, ethically abusing AI? Like, you've got an associate that's got access to ChatGPT or something, and they start asking it these, you know, ethical, you know, concerning questions like who's monitoring that? Who knows, right?
Mick Leach: Yeah, I mean, so you're right on the cusp of what I think is the next big question around that. Yes, in terms of monitoring and then, A, how are you going to do it? How are we getting those logs? Certainly, if you're using something commercial like a ChatGPT or you're using, know, Genesis or something along those lines, right? options or Gemini, excuse me, your options to monitor those inputs apart from maybe like a CASB are pretty small All right, you may not be able to insert yourself sort of man in the middle of that kind of conversation now if you're hosting your own instance of Like a Llama or something along those lines internally Yeah, you can certainly insert yourself in that but yes that's gonna be a tough one is understanding what people are asking. Is it appropriate? Are they asking how to you know, how to make bombs and these kinds of things? That's concerning. Who's monitoring that? Is there an onus on the company's security teams to catch that? It's a slippery slope for sure.
Eric Zielinski: Yeah, and the other thing I'll add is how do you leverage some of this technology for the role that you're in? Because there's a lot of value, right? There's a lot of good things that you can do. There are a lot of efficiencies that you can gain, in my opinion, by using GenAI for your role. If you're unsure about how an attack works, now you can know, if you have access to it, you can easily ask these questions and get some relevant information that might help you through your investigation. So I think it's a really powerful tool, but it's also one of those tools that, my opinion is like, you know, how can I leverage this in order to better my career, grow, learn new things, and, you know, provide a, you know, the response that's needed for the attacks that I'm seeing.
Mick Leach: So let me ask you then, what is your favorite use of GenAI today? What are you using most often?
Eric Zielinski: I use it all the time, actually. It's all over the place. If you could see my search history in JDI, you'd be like, what was he asking questions about? You know, personal training, you know, and I'm looking at it right now. I'm like, I've got searches for personal training for Google project code names for career planning, like all types of things. you know, but to me, it was a very powerful tool for sometimes just writing up some blurbs, right? So like if I need some professional documentation and I've got a few things going on, I can quickly say, hey, write me up a quick paragraph on this and then, you know, take it and just wordsmith it and make it my own customize it my own. But it does a lot of the work for you, right? So that's kind of how I've been leveraging it.
Mick Leach: Yeah, I love it. I've been using it primarily for its deconstructive capabilities lately in terms of dumping mass tons of data or huge documents in it. The SANS SOC Report came out not long ago, the 2024 soccer port, and I didn't have time to read the whole thing. And so I dumped it in and was like, hey, could you please give me the highlights? What are the big things I need to take away? I use that feature all the time as well as dumping in code snippets. I would just, moment of vulnerability here, not a great coder. Okay. No, no. And I have friends who are wonderful and I still call them today, Steven Duvall, you know who you are. And ask them for assistance from time to time, but more and more I'm leveraging ChatGPT to dump, you know, code snippets in and say, you know, what is, what exactly is this saying? What is it doing?
Eric Zielinski: Yeah, I love that. I use it the same way to summarize different types of articles or case studies. I, you know, just give me the highlights, give me the overview. I don't have time to read a 50 page document, but just give me the highlights here real quick. And then all of a sudden, if there's a section I'm interested in, I can dive into it and start looking at it. But I'm the same way with coding too, man. Give me a, give me a blank screen and you know, I'll just sit there and stare at it for an hour and be like, yeah. But if you give me somebody else's code, I can tweak it like the best of them. It's just the first step in getting started with coding for me.
Mick Leach: Yeah. Yeah. I love it. And not just not at least for me, not just, not just coding, right? Like the blank page that is, that is the hardest thing to start from. I'm with you. so kind of moving forward, then we talked a little bit about, a lot of things that are happening now. Where is, where's security operations going? What, what's coming down the pipes? to use your phrase, what's coming our way that maybe we aren't tracking or should be tracking or is big and we just need to call attention to it.
Eric Zielinski: That's a good question. I think there's a lot of innovation that's happening in cybersecurity right now. There are a lot of really cool startups that are being built by, you know, pioneers in the industry, people that have built, you know, security services for some of these cloud service providers are going off on their own and starting to build out some of these new startups. you look at, whiz is a great example. You know, a lot of those founders came from Microsoft. They built out some security services with Microsoft and then went out and they started with and grew that company to one of the fastest-growing cybersecurity companies in the industry. So looking at innovative startups, I think is going to be a game changer just because there's so much talent out there and there are so many problems to solve. Finding that right problem, finding those customers, those use cases that are going to solve it is key. The other thing that's coming is, don't know for sure if this is going to really change security operations or not, but it's starting to change the developer world.
And what we're starting to see is some of these developers using these, going back to the whole GenAI thing, is using these AI-like sidecars or sidekicks, so to speak, right? Co-pilot. I've heard the term co-pilot, right? So being able to, you know, do the job that you're doing today, but also having that SOC co-pilot where you can ask it questions, you can feed it data, you can feed it scenarios, and it can give you real-time responses on, hey, have you thought about this, this, this, this, and this? You know, let's just say, for instance, you've got a security operations center that has a bunch of processes and procedures, you feed that into your, know, a GenAI, and all of a sudden it's, you know, knowledgeable and all of those things. And you come across an attack and you just want to make sure you're following procedures. You type in your question to it, and it spits it out and says, make sure you do these 10 things. Maybe you already are doing those things, but I think that you know, just having that assistant, having that little co-pilot that can give you, you know, make you faster, be more innovative, accurate quality.
Those are all things that I think are coming towards, you know, security operations. But I don't see it. I don't really, you know, see that changing very much. I mean, you know, we're always going to need to have monitoring in place. We're always going to need to have people like, yeah, sure. You can apply a bunch of different AI to it, but there's still going to be somebody who needs to supervise it all. Make sure it's all working. Make sure it's all you know, working together, integrated together, you ensure all of your systems are continuously logging, having monitoring in place for that. So that's, you know, if I were to look into the crystal ball, I don't see it changing a whole lot. What I see is it becoming more empowered to do things faster, to do things more efficiently. And then also the challenge of securing more and more systems, you know, understanding different types of networking, infrastructure, applications, identity, compliance, all of those things. Still relatively important.
Mick Leach: OK, I love it. Yeah, absolutely. Absolutely. So let me ask you this, because you touched on some interesting things in there. And I want to kind of double click into a few of them. One of them was around, right, if you could feed in your sort of your run book, process procedures for analysis of a variety of different use cases. If you could feed something like that in to an AI system, a machine learning system that has now lots and lots of data, previous decisions and how those have worked through, do you think there's a time when at least the tier-one analysis is fully automated by an AI bot of some sort? And then it's, let me unpack that a little bit more just to give you clarity and for the listeners. What I'm saying is not that the analysts wouldn't be there, not that AI's replacing analysts, but that a lot of that initial data enrichment false positive elimination All of that is done That currently is being done by a tier one analyst human analyst could be later done by an AI machine learning bot that then brings higher fidelity higher efficacy alerts to that are fully data enriched to a tier-two analyst.
Eric Zielinski: In my opinion, think if that were to happen, it should be built within to the correlation engine that you're using. Right? So the tool that you're using should be providing that tier one. And I swear I've had a vendor try and sell me that exact thing before, you know, and I'm like, wait a second. I call BS. I don't really think that your tool can do all that. You know, I still think I'm going to need that, that tier one analysis in, in all cases I did, but, yeah, I mean, you know, I think the better that we can get at understanding, you know, what's actually happening. And to me, it's I've had this complaint for a long time with security vendors. It's your tool is too complex. Like, you know, I've got to train my team hours upon hours just to use your solution. And if somebody leaves and I have to hire somebody else, then I have to train that person hours and hours on how to use your solution and it's so customized for our environment that, you know, am I really getting the value out of it that, you know, I'm paying for? Well, that's a hard problem to solve. It really is.
I think if you can get a more simplistic view of what is happening across your environment and be able to manage it, respond to it, and prevent different types of attacks from occurring using this solution, you've got gold right there. I don't think it exists because all of a sudden, like I was talking about my career when I started, we had two tools. We had a IDS sensor and a firewall. And that's how we were securing major companies with that. That was it. Today. How many security tools do organizations have? Do they even know? That's my question is, do they even know how many they have? Oftentimes they don't, right?
Mick Leach: It's OK, we're going to buy a tool that will tell us what tools we have.
Eric Zielinski: Yeah, and then we'll only use like 15 % of it. We won't fully operationalize it.
Mick Leach: Yes. Frustrating. Don't, get me started, Eric. I refuse to get started. But you're right. I mean, that is as a security professional, that's always been one of the biggest frustrations is that we buy these very, very expensive, very elaborate tools that are incredibly complex to manage and to implement properly. You know, Mick Douglas, I had Mick Douglas on, you know, a couple of months ago now and he has a whole company who's devoted to helping folks like get the most out of their solutions because they can't and it's such a specialized skill that you do you often need a consultant to come in and help you really especially if you want to get time to value You know, yes, we could spend two years figuring this out learning I could send folks to training. We'll try and fail try and fail try and maybe succeed or we can bring in an expert who does this for a living and get time to value in six months instead of two years. CISOs like you, certainly in your last gig and even now as a cloud security leader and app sex leader, have to make these decisions.
Eric Zielinski: Yeah, no, absolutely, you wanna have confidence, right? That you're investing in solutions that are protecting your company and that are not leaving you vulnerable to attacks. And it's hard to really show that confidence with these solutions, aside from saying, well, we haven't been breached in five years, right? But tomorrow, it could happen.
Mick Leach: Absolutely. Okay, bridging forward here, great discussion so far and I thank you for that. We always love to talk about the getting into a security operations role, right? So some career guidance. If we have some listeners today that are thinking, man, this sounds freaking awesome. I want to do that. You talked about digital forensics and cloud security and AppSec and middleware and I mean, the whole thing, I want to be part of this. What advice would you give them? How do you get started? What's the pathway?
Eric Zielinski: So first of all, I love this question because I'm very passionate about helping others get into cybersecurity. I get asked that question more often than not from all different types of people, people who are just graduating high school and looking for what they should do in college and they're somewhat interested in cybersecurity and they ask me some questions about it. Or from people who are in the middle of a career that they hate and want to get into cyber because they've heard really cool things about it or people who are even in cyber security and want to move on to their next role. so, you know, first and foremost, what I would say is, you know, feel free to reach out to me on LinkedIn. I love to give people advice and have conversations about this. so I'm open, you know, add me to your network. I'm open to have conversations about this, but the way that I look at it is, you know, really look at the entire roadmap of roles in cybersecurity and figure out what you're passionate about and what you're excited about and what you could see yourself doing day in and day out. And then build yourself a career plan around that particular role. Now you may not be able to, you know, land that role as an entry-level, you know, professional, but you can build a plan to get yourself there. Right.
So maybe your first role in cybersecurity is you know, security operations center analyst. You know, I've seen a lot of people who have went the help desk path and got a, you know, role in IT help desk, learn how to troubleshoot, learn how to problem solve. Those are two key skills that you absolutely need as a security operations center analyst. You can learn the tools, like, you know, it's not a matter of all the experience that you have using those tools. Tools can be learned. What it is is just having that mindset and being able to you know, figure out, you know, how do I respond to this? What would I do in this situation? Who would I inform? So I'd say that, you know, second piece of advice I would say is, you know, really leverage your network, build your network, get out to events. You're talking about local conferences. They're relatively inexpensive. There's many, many that are free online. And, you know, there's oftentimes you can listen to these things in the background, right? You don't have to be fully engaged, but you can have them on when you go for a walk. can listen to them in the car, whatever it is. I think there's a lot of value there. And then third of all, HomeLabs. I'm a huge fan of doing things at home. Get hands-on experience with the open source tools that are available. There's so many tutorials.
There's no excuse to you know, in my opinion, there's no excuse to show up to a job interview and say that you've got, you know, all of these cyber security certifications, but yet haven't even done anything hands-on. Download some tools, run it in a lab. You can run it in the cloud for free these days. Learn those security native services. And when you get that interview, you show up and you say, I've got this home lab I've ran all of these different tools. I know how to do vulnerability scanning, I have a web application firewall, I've got a sim set up in my lab, I have simulated all of these attacks and this is how I would actually respond to it. That to me is gonna go a lot further than just trying to tell me that you've passed some certification test. I mean there's value in certifications, absolutely. I'm not saying that there's not, because I have several of them and I believe in them and there are values in degree programs too as well, because I have degrees as well. But I think that being able to demonstrate that you've gone above and beyond outside of those certifications in those degrees is going to differentiate yourself when it comes time for interviewing. mean, would you agree, Mick? I you've interviewed a lot of people too, right? We were on a lot of interviews together.
Mick Leach: We were, we were. Yeah. No. I agree wholeheartedly, right? I I, love to see, and I, you know, I've spoken about this, our long time listeners will know that this, this is an area I am, I too am passionate because, you know, I think, the folks that I have always seen be most successful in, especially security operations roles, anything operations, engineering, architecture, the more hands-on aspect of, of cybersecurity. The folks I've seen be very successful there are tinkerers by nature, right? These are the folks that aren't afraid to roll up their sleeves and build a box, build their first computer, aren't afraid to open the hood of their car and figure out how things work, change a radio, whatever the case may be. shoot, the last gig or two gigs ago, one of the guys we hired was like a drone builder who used to just build racing drones for giggles on the side. So it's whatever you're into You know, it's hands-on tinkering that I think will ultimately set you apart because then you're applying head knowledge and making it Tangible hands-on knowledge and I think there's value there.
Eric Zielinski: Yep. And I think the thing that often goes unspoken is, cause I a hundred percent agree with you, but, is the repetition and the discipline because you can't just spend time tinkering with something for eight hours on a weekend and say, yep, I'm good. I'm right. Yeah. I mean, you know, I mean, I look at it like, you know, it's like, you know, if you go to a personal trainer, if you go to the gym and you're trying to lose weight or you're trying to gain muscle, whatever it is, set that goal and you have to work on it, right? You can get started, but if you don't keep going and you don't keep learning and keep trying different things, it's gonna hold you up, I think. You're not gonna accomplish that goal. So, set realistic goals, learn a new tool in 30 days. It can be done, it's not hard.
There are YouTube tutorials, podcasts, and lots of resources. For example, back in my day, I had five books at the bookstore that I could go to to learn cybersecurity. And guess what? I bought those five books, and I learned them. I did.
Mick Leach: Absolutely. I know, I know. I get it. But now, right, with the internet at our disposal, with YouTube, I mean, even things like TikTok, I mean, there's just so many avenues to learning that there's really no excuse for not going after it. So, agreed wholeheartedly. Okay, listen, last question, I promise. If someone can only take away one thing from our conversation that's been pretty wide-ranging. What would you have them hear? What would you have them take away from you as kind of the one thing?
Eric Zielinski: Be open to change, adapt to emerging technology, and continuously learn. That would be my biggest takeaway. That is what you need in this role. Don't expect to, you know, be in a cybersecurity role and do the same thing day in and day out. You're going to get new things thrown your way and be open to those new things. If you don't understand it, ask questions, ask your peers. Ask your network, read books, research it. Ask GenAI. A lot of times they got the answer. Right? Right? So, you know, this, that's the takeaway for me. It's just like, and that's what's kept me so interested in this industry and in this field is that it continuously changes. There are brand new teams that are being created. I'm sure that these probably already exist, but there's probably already, you know, AI security engineers out there that didn't even exist a few years ago. But now there's teams, there's roles, there's opportunities to land a job as an AI security engineer.
Mick Leach: I have seen roles that are like prompt security engineer or prompt injection specialist, crazy stuff that two years didn't exist, and now does. So awesome. Well, Eric, thank you so much for your time. I appreciate it. What a great conversation that we've had. It has been a genuine pleasure to have you on the show.
Eric Zielinski: I appreciate your time, Mick. It was a lot of fun and best of luck to you.
Mick Leach: All right. Well, thanks, Eric. I appreciate it. Folks, this has been SOC Unlocked: Tales from the Cybersecurity Frontlines. I'm McLeach, your host, and reminding all of you cyber defenders out there to keep fighting that good fight. You're the tip of the spear, so stay sharp. Thanks for tuning in. Don't forget to like and subscribe and check out our other SOC Unlocked episodes. We'll see you all next time. Thanks.
