Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What it takes to be a security incident responder

Bob Violino | June 22, 2017
A wide range of technical skills and curiosity about the mechanics and goals of an attack are key for effective incidence response.

”If you think of an MBA mixed with legal courses, compliance courses and digital forensic courses, that is what that degree was,” Sherman says. He received a second masters degree, in digital forensic science, to show prospective employers that he was not “just a manager,” but a technical contributor as well.

“When I was going through my second masters degree, many of my friends asked me, ‘Why would you get a second degree?’” Sherman says. “They also pointed out that it won’t make me any more money. I didn’t complete my second masters degree for more money, or recognition. I did it for myself.”

Working in the IT field taught Sherman that technology is constantly changing, that within six months what was new is now old. “Well, I believe that cyber security puts that to shame,” he says. “There is always a new threat, new vulnerability, a new indicator of compromise.”

As a child, Sherman had a deep curiosity about how things worked, “That eventually morphed into an analytical mindset,” he says. Once he began working he kept wondering about how things worked. He wanted to know how IT departments and administrators worked and what they did.

In 2011, he joined General Electric as a senior cyber investigator. In this post, he learned about the need to keep digging for information when responding to incidents. “This has solidified my work ethic in both digital forensics as well as incident response,” Sherman says.

Shortly after that, Sherman joined NASA’s Glenn Research Center as incident response manager. There his team addressed internal and external threats, and assisted with security projects as well. He updated senior leadership on technical areas, and worked closely as a “coach” among security specialists, he says.

As response manager, Sherman gathered meaningful metrics for senior leadership, providing a monthly "gap analysis" to the threats being addressed. With this information, his team was able to secure the environment further for the protection of NASA. In 2016, Sherman began his current position at Flower Foods, where he oversees security incident management.

One of Sherman’s most important criteria for where to work is the level of importance the organization places on cyber security. “If the leadership of the organization does not have a focus on security, it becomes an uphill battle from the start,” he says.

Throughout his career progression, Sherman has done what is necessary to reach a director of incident management role. “I have learned many technologies [since] the beginning of my career, and slowly morphed into what I believe is a ‘coaching leader’ style,” he says. “When I work with my team I believe it is as important to lead as well as dig in when necessary.”

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.