Name: Ed Skoudis
Title and company: Instructor and Fellow, SANS Institute; Founder, Counter Hack
Number of years in the information security industry: 20
RSAC: What was your first job in the infosec industry?
Skoudis: Working at Bellcore helping the Baby Bells secure their early IP networks.
RSAC: What does the RSA Conference 2017 theme, “The Power of Opportunity,” mean to you?
Skoudis: Information security, when done well, can provide an organization with real power to get things done. Instead of inhibiting business, information security can help enterprises and agencies operate in a more flexible Internet-and-cloud-centric way, opening up all kinds of opportunities for efficiency and new offerings.
RSAC: What is the #1 trend that infosec professionals need to be paying attention to right now?
Skoudis: The growing proliferation of Internet-connected smart devices holding sensitive data, and those devices' reliance on the cloud.
RSAC: How can the industry balance the opportunities with new and growing technology with keeping our data (and people) secure?
Skoudis: We really need to test these new technologies in-depth before fielding them. So often (heck, nearly always) technology is deployed first, and then we find security holes and fix them later. That’s a big problem. We need to analyze new technologies for security vulnerabilities earlier in the lifecycle, conducting vulnerability analyses and penetration tests of them so we can shore up their security.
RSAC: You help more than 3,000 infosec professionals each year improve their skills through the SANS courses you’ve created and often taught. What does it mean to you to know that you are helping prepare the next generation of infosec pros?
Skoudis: I am deeply honored to be able to help people develop their skills to defend their networks and fight the good fight. It’s so exciting to see my students in so many different types of organizations, applying and building on the things I’ve been fortunate enough to share with them. It makes me smile.
RSAC: What advice do you have for up-and-coming infosec professionals?
Skoudis: Pick an area and study it hard. Really hard. Learn what everyone knows, and then explore for subtle but important facts that aren’t widely known. There’s so many areas to choose from, including penetration testing, cyber-defense, digital forensics, application security, and much more. Then, within your area, choose a specialty, such as web applications, mobile, wireless, cloud, etc. As you study your area and specialty, build and use a low-cost lab for hands-on practice. There are so many great opportunities for learning today… reading blog articles, web sites, technical manuals, and much more.