The Morning Ritual that Made my Career



image source: www.coffeenate.com
Each morning, I wake up, take a shower, put on a pot of coffee, and get dressed – in the same fashion as many working Americans. What happens next in my routine however, has successfully set me apart from my peers in the cybersecurity industry.
After I tighten my tie and make my way down the stairs of my three bedroom townhouse in Northern Virginia, I prepare a cup of Bulletproof Coffee for myself and sit down at my kitchen table with my new Surface Proand catch up on everything I have missed during the night before. No, I do not check my work email, as I am sure many others might do. Instead of waking up to the job, I spend the first 20 minutes of my morning seeing what is going on in the rest of the information security community.
I got away from Facebook over a year ago, and it has made a world of difference. Instead, I peruse the headlines in my Twitter stream and join in discussions on various IT and security communities on Google+. No, this is not a plug for the two social media platforms. Twitter gives me breaking news and information (sometimes before there is even an article or white paper available), and Google+ provides a means of conversing with other, like minded individuals (in more than 140 characters).
This simple, yet relaxing, part of my daily routine effectively prepares me for my day in several ways. I can see the latest vulnerabilities and exploits, and determine whether or not they apply to the systems and networks of which I am responsible for protecting. I also get to see the issues that other Cybersecurity professionals are having with their environments.
Let’s face it – the workplace is competitive, no matter what your role is. By understanding current security issues and concerns, I am able to draw decisions from a much larger knowledge base. I am able to ask critical questions and address problems quickly, making meetings shorter and virtually eliminating communication shortfalls that plague most organizations.
I wake up every morning and take the time to stay current in my passion. It has made all the difference in my career.
If any of you would like to know more information about the various Google+ communities of which I am a member, or seek suggestions on who to follow on Twitter, let me know. Likewise, if you have some other favorite cybersecurity news mediums that I have not mentioned, please do not hesitate to share them in the comments section, below.
I learned long ago that leveraging the collective knowledge and experiences of the community has a great impact on individual success.
Steve P. Higdon has been working in the information security field for over ten years, providing support and consultancy to several public and private sector organizations. Steve holds several industry certifications and can be reached via email at infosec@stephenhigdon.com and on Twitter at @SteveHigdon.

How to be Successful in Cybersecurity: Getting Away from “Explicit Deny”

image source: http://cisco-ccna-exploration.blogspot.com


I have the pleasure of being a member of several cybersecurity communities on Twitter and Google+. Comments that I have read there, combined with my newer understanding of the industry are what drive this post.


For my entire, albeit relatively short career in information security, there has been a general ideology of automatically saying “no” to new technology, software, and capabilities. That is, until there is enough pushback. The difference that I have seen between general IT professions who claim to be security guys, and those who actually fill the role in a large organization, is their approach to addressing new capabilities. I attribute this gap to two critical things – laziness and cowardice.

The successful cybersecurity professional embraces new capabilities, no matter how much effort or research is required for securing them.

This concept was one of the most important lessons from my new job. I always had the mindset that security professionals were expected to apply “Explicit Deny” to the entire environment, not just router configurations. Instead of the automatic “no”, we should be exploring ways to decrease risk to an acceptable level, while keeping up with the emerging capabilities that are introduced through advancing technology.

If you found this post helpful, please do not hesitate to share the information. I am not so much aiming to glean credit for the concept, but rather to encourage up-and-coming cybersecurity professionals to consider my own lessons learned in the field.


Steve P. Higdon has been working in the information security field for over ten years, providing support and consultancy to several public and private sector organizations. Steve holds several industry certifications and can be reached via email at infosec@stephenhigdon.com and on Twitter at @SteveHigdon.