Nick Mitropoulos is the CEO at Scarlet Dragonfly, a company that handles a range of security services like SOC, Incident Handling and Vulnerability Management to name a few. He has over 16 years of experience in various industries ranging from consulting, education, telecommunications, healthcare, investment banking, financial, energy, oil and gas, insurance, pharmaceutical, law, military and news. His breadth of experience combined with his love for teaching are crucial in helping his students better grasp the various facets of security.
What made you choose to work in security?
After reading numerous security articles whilst in high school, I got hooked on how attackers were operating and thought it would be amazing to find ways to stop them and promote security. I still remember collecting newspaper bits about an attacker repositioning a satellite so he could have better signal reception. Security is all I ever wanted to do and the only thing I have ever done since. I love every minute!!!
What was your first SANS course and GIAC certification (if applicable)?
I took SEC301 (with GISF as its certification) quite a few years ago with Doc Blackburn teaching it. Fast forward to the present, having taken several courses since then, I have found that the most difficult thing to do is to choose which SANS course to take next.
What courses do you teach?
I teach SEC401: Security Essentials: Network, Endpoint, and Cloud. When I attended it, I fell in love with the material. The reason is it combines all fundamental areas of security in a unique way to provide students with a holistic understanding. It enables them to participate in any security discussion actively and constructively and allows them to already possess a definite understanding of most topics they will encounter. It also has quite a lot of labs and up-to-date material that caters to even the most demanding students. It is truly a remarkable course.
Why do you teach, research, and practice information security?
I can’t think of a higher calling than teaching. It’s a privilege to be educating the next generation of security professionals and knowing what they learn in class will help them in real life. Instructors get an opportunity to shape the future of their students. I can’t even count how many times students have asked about career advice, training pathways, and suitable courses to take after this one. There’s no greater feeling than to be able to provide them with that input that can literally change their lives.
Research is what makes us better. Gives us an edge in being ahead of the attackers and puts us in a position to think proactively to improve our approaches.
Practicing security is what allows me to put research and concepts we discuss in class to the test to see how our methods cope in the real world. Attackers can be very sophisticated and skilled these days and we owe it to ourselves to be at the top of our game. Plus, I also get to use results from those tests to feed them back to students afterward.
What tips can you provide newcomers to cybersecurity and defense?
Always be prepared, never underestimate attackers, and keep on training and learning new ways and techniques to constantly become better. Be curious about incident root causes, to avoid reliving them. And most importantly, learn from the mistakes of others so you don’t experience them firsthand in the future in the form of a severe breach.
Who has influenced your information security career?
All the SANS instructors in the courses I have attended have been rock stars and true sources of inspiration. Just by being next to them, you get hooked into the security world even more! They give away the “wow” factor. Like, “wow, did he/she honestly just do that?”.
Kevin Mitnick’s books have been truly influential as they depict real-life social engineering examples of how many things we constantly need to be paying attention to so we don’t get compromised. It’s not just about technical tenacity but also paying close attention to every small detail.
What do you want people to know about you?
There’s more to life than defensive security. And that’s offensive security 😀
Favorite quotes, songs, or books?
- "Those who don’t learn from history are doomed to repeat it."
- "We are one incident away from being insecure."
- "They would have got in using another way."
- Digital Fortress by Dan Brown
- Ghost in the Wires by Kevin Mitnick
- Bittersweet Symphony by The Verve
- Viva la Vida by Coldplay
Tell us about things you enjoy that people may not expect.
I genuinely enjoy solving crossword puzzles 😀😀
Read Nick's full bio here.