SANS: What made you choose to work in security?
Security chose me... sort of. I had intentions of becoming a software developer as that was what I was attending college for, but an opportunity arose to acquire some “easy” credits by joining an intern program at a local DoD agency. This agency specializes in security and, before I knew it, I was hooked.
SANS: What was your first SANS course and GIAC Certification (if applicable)?
When working the DoD job I mentioned previously, there was a requirement to attain an industry certification for my particular, security-focused job role. There were a few options available for me, but there was a private SANS course just for my organization just around the corner that, when taken and the associated certification was achieved, would allow me to meet my requirement. This course was MGT512 and the certification was the GIAC Security Leadership Certification (GSLC) which I successfully completed in 2010 (#4629).
SANS: What courses do you teach / author?
My first SANS class that I taught, very early in the “certified instructor pipeline” is not actually one that I teach today – MGT414: SANS Training Program for CISSP® Certification. This is what really kicked off my SANS instructor journey. However, due to great demand in SEC530: Defensible Security Architecture and Engineering, a need arose to bring in more folks to teach it, and I was one of them.
Given my background in many facets of defense, I taught many successful runs of this course. After some time, the new cloud curriculum was launched and, with it, writing of a new course, SEC488: Cloud Security Essentials, was underway. I was pulled in to help author the first version of the course and eventually became the sole author and lead instructor of the course.
SANS: Why do you teach, research and practice information security?
It’s my way to give back to the community. I could easily have stayed in my previous job roles, defended a few environments, then retired, but I feel I can reach way more people in a positive way by spreading what information I have obtained throughout the years in various industries.
SANS: What tips can you provide newcomers to cyber security and defense?
Learn as much as you can about how things work. It is much easier to defend an application or architecture you understand than throwing commercial tools around it - hoping for the best. To really up your game, understand how attackers can possibly abuse your environment and defend accordingly.
SANS: Who has influenced your information security career?
There were many! Although one sticks out in my mind. Throughout the first decade or so of my career, I, unknowingly, was under-utilized by the agency I was working for until, one day, a former Deputy Director took a chance on me. To this day, I cannot thank Brenda Davidson enough for the opportunity to work outside of my comfort zone by “getting my hands dirty” with several technologies, writing courseware for several key defensive roles within the DoD, and allowing me to thrive. This increased my drive tenfold and led me to take even more chances throughout the rest of my career – landing me where I am today.
SANS: What do you want people to know about you?
I want to learn from you as much as you want to learn from me. None of us are masters of all, so hearing your stories of your particular challenges and how you overcame them extends knowledge to me and then to future students I will instruct. You’re as much a part of the teaching experience as I am.
SANS: Favorite quotes, songs, or books?
Quote: “Don’t count the days, make the days count.” – Muhammad Ali
Song: “Ride On” by AC/DC
Book: Can’t pick one as a favorite, but currently reading “Think Like a Monk” by Jay Shetty
SANS: Tell us about things you enjoy that people may not expect.
I’ve been playing guitar since I was 12 years old and will continue to do so until I cannot physically do so anymore.
About Ryan
Ryan's passion for information technology started in 2001 when he found himself constantly trying to make his high school's computers and even calculators do things that they weren't exactly intended to do. They lacked games, so he learned how to create some. Yes, some may call this hacking. Ryan called it "fun", which led to attending college with intentions of becoming a software engineer. During school, Ryan obtained an internship with a very cybersecurity-minded organization -- the Defense Information Systems Agency (DISA). Ever since then, he’s been hooked on cybersecurity. Ryan is the author of the new SEC488: Cloud Security Essentials and an instructor for SEC530: Defensible Security Architecture and Engineering. Learn more about Ryan here.
