Episode 4 - Staying Curious: Lessons from 25 Years in Cybersecurity
Episode 4 - Staying Curious: Lessons from 25 Years in Cybersecurity
0:00 / 0:00
About the episode
In Episode 4 of Corelight Defenders, I sit down with Angela Loomis, Corelight's Director of Technical Account Management, to explore her remarkable 25-year journey in cybersecurity. Angela shares her unconventional entry into the field, starting from a background in television production to becoming a leader in security strategy. We delve into the importance of curiosity in cybersecurity, discussing how diverse experiences enrich the profession, and whether formal education might dampen that curiosity. Angela also reflects on her roles across various organizations, emphasizing the value of deep product understanding and customer engagement. Join us for an insightful conversation that highlights the evolving landscape of cybersecurity and the lessons learned from decades of experience.
Episode transcript
Download transcriptEpisode 4 - Staying Curious: Lessons from 25 Years in Cybersecurity
Welcome to Corelight Defenders. I'm Richard Bejtlich, strategist and author in residence at Corelight. In each episode, we explore insights from the front lines of NDR, network detection and response. Today, I'm speaking with Angela Loomis, Director of Technical
Account Management at Corelight. Welcome, Angela. Good morning, Richard. So, at Corelight, we have a wide variety of backgrounds, and some of us have worked in security for many years and others have just recently started. Uh, would you please share with our audience how you got started in security? I started in security about 25 years ago, back in 1999.
It was definitely a different entry point back then than this- the college students are, are doing today. We didn't have any programs in cybersecurity. There were no majors. My major in college actually was video production, and for the first seven years of my career, I worked at the local NBC affiliate here in Providence, Rhode Island, um, WJAR. And at WJAR, I was the only female technical director for the 6:00 and 11:00 o'clock news, which was really fun.
Basically, anything that happened, um, on the screen during a newscast, I was making that happen by punching buttons and moving switches and stuff on a, uh, great big switcher that, actually, way back in the day, we were using six-inch floppy disks to help program.
See, that sounds so much more fun than security. I think that would be great. It was fun, but it was definitely a high-pressure environment. But one thing that television really taught me was, uh, respecting deadlines, because with live TV, you need to be prepared. You're going on the air whether or not you're prepared- Yeah. ... so it's a good thing to really respect deadlines and get your work done early, and I've used that all throughout my career. Hmm. That's cool. That- I- maybe it's jumping in a little bit here, but a- a theme that I've encountered in my career is the early people in security, they had a, a diverse background. So you came from television production. I came from something different. Now it seems we are getting more people coming out of formal programs. Right. Can you talk a little bit about your views about whether that's good? Are we losing anything? I think one of the things that's different when you go through a formal program, and comparing that to folks like me who sort of joined this field out of curiosity, is that you probably lose some of that, "Hey, I don't know anything about this. Let me just jump in and figure it out."
When you have a formal program teaching you, you're more likely to stick with the curriculum, and I think, you know, that's, that's really good that we do have those programs today. But at the same time, I wonder if it's taking the curiosity out of it. This- One of the reasons I really like this field is that you learn something new every single day, and I've always been a person to jump into things even if I didn't really understand it fully, because that's how I learned how to understand it. And I wonder- Yeah. ... if that's missing because there's a, a formal curriculum now. How I made the jump from, um, technical director to Director of Technical Account
Management over 25 years, when I first started in 1999, um,
I had, I had just married my husband. It was a second marriage for both of us. He was actually the director for the news, and so I was the technical director, and looking at how local news w- was changing, it really made sense for one of us to get out of that field. So, I decided to get out. And what I did was I looked around and I'm thinking, "What can I get into that pays about what I was making in television?" Which wasn't incredibly a lot at the time, but, you know, when you have a family and you wanna support them, you're looking for something that'll probably give you an equivalent step, right? So, I,
I ended up finding a Microsoft NT admin class, and I took that. Now, I never took the certifications. I'm sort of bad about interesting things, learning it, but never getting certified. So, I did take the, the Microsoft NT admin class back in 1999, and then there was this little startup in Providence, Rhode Island called Virtual Media Technologies, and they were actually a web hosting company, but they were making the move to being a managed security services provider, which in 1999 people hardly knew what a firewall was. Hmm. So, I ended up, um, in 1999, in the summer, talking my way into an internship there, and part of it was I wanted to make sure that I really did like this, and the second part of that was it was the summer, and summer where I live in Rhode
Island is spectacular. So I wanted to have some freedom. I didn't want to be tied down to, to full 40 hours a week. By the end of that summer, I think I started in May or June, by the end of the summer, they were begging me, "Please come work for us." And I think there were about ten of us at the company at the time.
Hmm. And back then, the company became... Every two years it became something else. So we started out as Virtual Media Technologies, then we became DefendNet, and we got some, some funding. We ended up, um, supporting three different firewall platforms. Sort of one for the very small business, one for a medium-sized business, and one, uh, for, for large enterprises, and I helped build that business. At one point I thought we were gonna lose our funding, so I stepped away from working for a vendor and went to work for a local bank for a couple of years. So that was really fun. Um, one of the things that stands out to me from, from that experience was that, like I said, I like to learn things. So, they sponsored me to go to a
SANS class, and I came back from the SANS class, and I started...... experimenting with the things that I had learned. And it was an application security class. So, I'm working in this tiny little bank. We have all of these third-party service providers, and
I'm doing things that I probably today wouldn't, you know, wouldn't be allowed to do. Hmm. But testing and seeing what I could find out, and I uncovered a few things.
And the following year, SANS was looking for speakers for the Audit and Security Controls That Work conference. And on a whim, I submitted a proposal. I got a phone call, probably about a month later, and it was Stephen Northcutt on the phone. I almost fell over, I'll tell you, Richard. Because back then, I think it was 2004, SANS was still relatively affordable. And for me to get a, a, a phone call at work from Stephen Northcutt offering me the opportunity to speak at a SAN-
SANS conference, that was just absolutely amazing. Yeah. That's cool. Uh, you brought something up that we had talked about previously that I think would be interesting for the audience to hear. You told me that you prefer working for vendors as opposed to the enterprise, and I'm pretty much the opposite. Sorry, Corelight.
I've always preferred working in the enterprise, even though I've been at Corelight now for a while. Can you tell me why that is? To me, in a vendor environment, you're learning about a product deeply, and then you're, you're understanding your customer's challenges and looking at what your product can do and mapping that to the certain capabilities that will help them achieve what they need to do. And it sounds like that sort of consulting engagement you have with a customer is what is interesting to you. Absolutely. And actually that's, it's true, not just for Corelight, but for most of my career, that was what I did. So, VeriSign, it was a, a building in Providence,
Rhode Island. We had a physical SOC. We had a full 24-by-7-by-365 SOC, and I actually worked for, it would, i- i- it was a rep- a p- a reporting position. I was taking information from, um, certain customers' IDS sensors and firewalls and putting together monthly security reports for the first part of my work when I came back. Um, but, but basically, we had a very tight group of maybe
200 people in Providence. And from there, the company changed or was acquired, it seemed like every two years, and I moved through different roles at about the same rate. So, I stayed in the reporting role for a couple of years. Then I moved into working with a team that was more research and develop- development focused. One of the most interesting things there, so, you know, as an MSSP, you're collecting information from all of your customers, and we had everything going back. And I think I can say this now because it's been 20 years, right? But we had everything going back into an Oracle database. And at the time, because the data was coming in at, at such a fast rate, it was very challenging for us to be able to pull data from that and do some analysis.
And what we ended up doing at one point is we stood up this skunkworks project. We were allowed to pull stats, sort of summary stats information on a, on a daily basis at one point, and we started bringing that in, and I started learning, um,
MySQL, and I started learning how to do data analysis before Excel, uh, upped their
65,000 line limit. So originally, you know, I'd pull data directly into Excel and I'd make pivot tables and figure things out for the customer that way. Once we had this skunkworks project in place, we started doing cross-customer analysis, which was super interesting. Mm-hmm. We were using Snort. We were using Nessus to do scanning.
So, it was, it was very sort of open source oriented, and at the time, I think we probably had 200 to 300 customers. We found out that one customer was responsible for 35% of all the IDS data that came into the platform. Ouch. One customer. Isn't that amazing? Yeah.
And we ended up- W- Do you know why? ... starting to do tuning. Oh, yeah. Oh, yeah. Back then, customers would put the IDS systems outside their firewall. Mm-hmm.
We don't see that so much anymore. And obviously, that generates a tremendous amount of noise. Yeah. And with this particular customer, they had, um, scans, obviously scans constantly, but they also had a couple of alerts, informational level, that we never did anything with. They literally would just go into what they called the low event, low priority event processing system.
Mm-hmm. O- only the high criticality IDS events would actually generate tickets and, and have the SOC work on them. Mm-hmm. Up until that point, we hadn't done tuning, which is- Wow. ... really, when you think about that, that's pretty amazing. Yeah. But you remind me that in the earlier days of security, there's probably an equivalent today, I don't quite know what it is, but in the earlier days of security, if you spent any time as a defender, eventually you became a database admin
. You had to learn the, you know, you had to learn SQL and that was how- Yes. ... you interacted with your data. Can you tell me a little bit about sales engineering? Sure. At one point, I had a couple of friends who were sales engineers. There was an opening and they said, "Oh, you should come over to sales engineering. You have the right personality for it. You'd really enjoy it." And they were absolutely right. I ended up getting that sales engineering role and spent a, probably about 12 years as a sales engineer. And like you said, there are very few women sales engineers. For the most part, except for, um, a stint at Secureworks, every sales engineering team I've been on, I've been the only woman. Hmm. Now, with sales engineering, there's a lot...... that rolls up into that job.
There's travel, you get to go out and meet customers face-to-face. You still get to tap into, that part that I really enjoy is when I understand the technology deeply and can hear what the customer's challenges are and understand how to use our technology to solve those challenges. And in sales engineering, what you're doing is, you're going into these discussions with customers, you're understanding their challenges, you're putting together proof of concepts,
I think they're called proof of value today. Mm-hmm. At the time, they were proof of concept, and walking them through a, a couple of test cases and saying, "This is how it would work for you. Let's see how it would work for you," and getting that technical win. I was lucky enough to go to the WiCyS conference last year.
Corelight was a sponsor, so that was the 10th year of WiCyS, and that's, um, WiCyS is Women in CyberSecurity. Mm-hmm. And one of the speakers at a luncheon that I went to is Kimberly Bejon from Fortinet, and she said, "Okay, everybody who's been in this field who's actually working in cybersecurity, I want you to put your hand up right now." So all of us who are working, we put our hands up. There were a lot of students, so they're sitting there looking around. And so Kimberly continues, and she says, "For those of you who have, who have worked in security for five years or fewer, please put your hand down." So there were a number of people that put their hand down, and she did it again for five y- for 10 years, and she did it again for 15 years.
And at that point, she stopped, and she said, "All right, everyone, I want you to look around. All of the women who have their hands up right now," and I was one of those women, "these are the pioneers.
These are the women who made it possible for you to enter this field by breaking that glass ceiling." And you know, it's funny, I never thought about it like that, and it really struck me. That's great. Wow. Thank you so much. I wish we had more time.
You know- I know. ... with Corelight, we, we try to keep things moving along for o- our customers who are out there defending. Thank you for joining us and for sharing your thoughts on security with our audience. It was great, Richard. Thank you. Thank you for joining us on the Network Defenders. podcast, sponsored by Corelight. We will see you on the network.
You've been listening to Corelight. Defenders. To stay informed with expert intelligence on today's cybersecurity challenges, please subscribe to ensure you never miss an episode. We'll see you on the network.
Account Management at Corelight. Welcome, Angela. Good morning, Richard. So, at Corelight, we have a wide variety of backgrounds, and some of us have worked in security for many years and others have just recently started. Uh, would you please share with our audience how you got started in security? I started in security about 25 years ago, back in 1999.
It was definitely a different entry point back then than this- the college students are, are doing today. We didn't have any programs in cybersecurity. There were no majors. My major in college actually was video production, and for the first seven years of my career, I worked at the local NBC affiliate here in Providence, Rhode Island, um, WJAR. And at WJAR, I was the only female technical director for the 6:00 and 11:00 o'clock news, which was really fun.
Basically, anything that happened, um, on the screen during a newscast, I was making that happen by punching buttons and moving switches and stuff on a, uh, great big switcher that, actually, way back in the day, we were using six-inch floppy disks to help program.
See, that sounds so much more fun than security. I think that would be great. It was fun, but it was definitely a high-pressure environment. But one thing that television really taught me was, uh, respecting deadlines, because with live TV, you need to be prepared. You're going on the air whether or not you're prepared- Yeah. ... so it's a good thing to really respect deadlines and get your work done early, and I've used that all throughout my career. Hmm. That's cool. That- I- maybe it's jumping in a little bit here, but a- a theme that I've encountered in my career is the early people in security, they had a, a diverse background. So you came from television production. I came from something different. Now it seems we are getting more people coming out of formal programs. Right. Can you talk a little bit about your views about whether that's good? Are we losing anything? I think one of the things that's different when you go through a formal program, and comparing that to folks like me who sort of joined this field out of curiosity, is that you probably lose some of that, "Hey, I don't know anything about this. Let me just jump in and figure it out."
When you have a formal program teaching you, you're more likely to stick with the curriculum, and I think, you know, that's, that's really good that we do have those programs today. But at the same time, I wonder if it's taking the curiosity out of it. This- One of the reasons I really like this field is that you learn something new every single day, and I've always been a person to jump into things even if I didn't really understand it fully, because that's how I learned how to understand it. And I wonder- Yeah. ... if that's missing because there's a, a formal curriculum now. How I made the jump from, um, technical director to Director of Technical Account
Management over 25 years, when I first started in 1999, um,
I had, I had just married my husband. It was a second marriage for both of us. He was actually the director for the news, and so I was the technical director, and looking at how local news w- was changing, it really made sense for one of us to get out of that field. So, I decided to get out. And what I did was I looked around and I'm thinking, "What can I get into that pays about what I was making in television?" Which wasn't incredibly a lot at the time, but, you know, when you have a family and you wanna support them, you're looking for something that'll probably give you an equivalent step, right? So, I,
I ended up finding a Microsoft NT admin class, and I took that. Now, I never took the certifications. I'm sort of bad about interesting things, learning it, but never getting certified. So, I did take the, the Microsoft NT admin class back in 1999, and then there was this little startup in Providence, Rhode Island called Virtual Media Technologies, and they were actually a web hosting company, but they were making the move to being a managed security services provider, which in 1999 people hardly knew what a firewall was. Hmm. So, I ended up, um, in 1999, in the summer, talking my way into an internship there, and part of it was I wanted to make sure that I really did like this, and the second part of that was it was the summer, and summer where I live in Rhode
Island is spectacular. So I wanted to have some freedom. I didn't want to be tied down to, to full 40 hours a week. By the end of that summer, I think I started in May or June, by the end of the summer, they were begging me, "Please come work for us." And I think there were about ten of us at the company at the time.
Hmm. And back then, the company became... Every two years it became something else. So we started out as Virtual Media Technologies, then we became DefendNet, and we got some, some funding. We ended up, um, supporting three different firewall platforms. Sort of one for the very small business, one for a medium-sized business, and one, uh, for, for large enterprises, and I helped build that business. At one point I thought we were gonna lose our funding, so I stepped away from working for a vendor and went to work for a local bank for a couple of years. So that was really fun. Um, one of the things that stands out to me from, from that experience was that, like I said, I like to learn things. So, they sponsored me to go to a
SANS class, and I came back from the SANS class, and I started...... experimenting with the things that I had learned. And it was an application security class. So, I'm working in this tiny little bank. We have all of these third-party service providers, and
I'm doing things that I probably today wouldn't, you know, wouldn't be allowed to do. Hmm. But testing and seeing what I could find out, and I uncovered a few things.
And the following year, SANS was looking for speakers for the Audit and Security Controls That Work conference. And on a whim, I submitted a proposal. I got a phone call, probably about a month later, and it was Stephen Northcutt on the phone. I almost fell over, I'll tell you, Richard. Because back then, I think it was 2004, SANS was still relatively affordable. And for me to get a, a, a phone call at work from Stephen Northcutt offering me the opportunity to speak at a SAN-
SANS conference, that was just absolutely amazing. Yeah. That's cool. Uh, you brought something up that we had talked about previously that I think would be interesting for the audience to hear. You told me that you prefer working for vendors as opposed to the enterprise, and I'm pretty much the opposite. Sorry, Corelight.
I've always preferred working in the enterprise, even though I've been at Corelight now for a while. Can you tell me why that is? To me, in a vendor environment, you're learning about a product deeply, and then you're, you're understanding your customer's challenges and looking at what your product can do and mapping that to the certain capabilities that will help them achieve what they need to do. And it sounds like that sort of consulting engagement you have with a customer is what is interesting to you. Absolutely. And actually that's, it's true, not just for Corelight, but for most of my career, that was what I did. So, VeriSign, it was a, a building in Providence,
Rhode Island. We had a physical SOC. We had a full 24-by-7-by-365 SOC, and I actually worked for, it would, i- i- it was a rep- a p- a reporting position. I was taking information from, um, certain customers' IDS sensors and firewalls and putting together monthly security reports for the first part of my work when I came back. Um, but, but basically, we had a very tight group of maybe
200 people in Providence. And from there, the company changed or was acquired, it seemed like every two years, and I moved through different roles at about the same rate. So, I stayed in the reporting role for a couple of years. Then I moved into working with a team that was more research and develop- development focused. One of the most interesting things there, so, you know, as an MSSP, you're collecting information from all of your customers, and we had everything going back. And I think I can say this now because it's been 20 years, right? But we had everything going back into an Oracle database. And at the time, because the data was coming in at, at such a fast rate, it was very challenging for us to be able to pull data from that and do some analysis.
And what we ended up doing at one point is we stood up this skunkworks project. We were allowed to pull stats, sort of summary stats information on a, on a daily basis at one point, and we started bringing that in, and I started learning, um,
MySQL, and I started learning how to do data analysis before Excel, uh, upped their
65,000 line limit. So originally, you know, I'd pull data directly into Excel and I'd make pivot tables and figure things out for the customer that way. Once we had this skunkworks project in place, we started doing cross-customer analysis, which was super interesting. Mm-hmm. We were using Snort. We were using Nessus to do scanning.
So, it was, it was very sort of open source oriented, and at the time, I think we probably had 200 to 300 customers. We found out that one customer was responsible for 35% of all the IDS data that came into the platform. Ouch. One customer. Isn't that amazing? Yeah.
And we ended up- W- Do you know why? ... starting to do tuning. Oh, yeah. Oh, yeah. Back then, customers would put the IDS systems outside their firewall. Mm-hmm.
We don't see that so much anymore. And obviously, that generates a tremendous amount of noise. Yeah. And with this particular customer, they had, um, scans, obviously scans constantly, but they also had a couple of alerts, informational level, that we never did anything with. They literally would just go into what they called the low event, low priority event processing system.
Mm-hmm. O- only the high criticality IDS events would actually generate tickets and, and have the SOC work on them. Mm-hmm. Up until that point, we hadn't done tuning, which is- Wow. ... really, when you think about that, that's pretty amazing. Yeah. But you remind me that in the earlier days of security, there's probably an equivalent today, I don't quite know what it is, but in the earlier days of security, if you spent any time as a defender, eventually you became a database admin
. You had to learn the, you know, you had to learn SQL and that was how- Yes. ... you interacted with your data. Can you tell me a little bit about sales engineering? Sure. At one point, I had a couple of friends who were sales engineers. There was an opening and they said, "Oh, you should come over to sales engineering. You have the right personality for it. You'd really enjoy it." And they were absolutely right. I ended up getting that sales engineering role and spent a, probably about 12 years as a sales engineer. And like you said, there are very few women sales engineers. For the most part, except for, um, a stint at Secureworks, every sales engineering team I've been on, I've been the only woman. Hmm. Now, with sales engineering, there's a lot...... that rolls up into that job.
There's travel, you get to go out and meet customers face-to-face. You still get to tap into, that part that I really enjoy is when I understand the technology deeply and can hear what the customer's challenges are and understand how to use our technology to solve those challenges. And in sales engineering, what you're doing is, you're going into these discussions with customers, you're understanding their challenges, you're putting together proof of concepts,
I think they're called proof of value today. Mm-hmm. At the time, they were proof of concept, and walking them through a, a couple of test cases and saying, "This is how it would work for you. Let's see how it would work for you," and getting that technical win. I was lucky enough to go to the WiCyS conference last year.
Corelight was a sponsor, so that was the 10th year of WiCyS, and that's, um, WiCyS is Women in CyberSecurity. Mm-hmm. And one of the speakers at a luncheon that I went to is Kimberly Bejon from Fortinet, and she said, "Okay, everybody who's been in this field who's actually working in cybersecurity, I want you to put your hand up right now." So all of us who are working, we put our hands up. There were a lot of students, so they're sitting there looking around. And so Kimberly continues, and she says, "For those of you who have, who have worked in security for five years or fewer, please put your hand down." So there were a number of people that put their hand down, and she did it again for five y- for 10 years, and she did it again for 15 years.
And at that point, she stopped, and she said, "All right, everyone, I want you to look around. All of the women who have their hands up right now," and I was one of those women, "these are the pioneers.
These are the women who made it possible for you to enter this field by breaking that glass ceiling." And you know, it's funny, I never thought about it like that, and it really struck me. That's great. Wow. Thank you so much. I wish we had more time.
You know- I know. ... with Corelight, we, we try to keep things moving along for o- our customers who are out there defending. Thank you for joining us and for sharing your thoughts on security with our audience. It was great, Richard. Thank you. Thank you for joining us on the Network Defenders. podcast, sponsored by Corelight. We will see you on the network.
You've been listening to Corelight. Defenders. To stay informed with expert intelligence on today's cybersecurity challenges, please subscribe to ensure you never miss an episode. We'll see you on the network.
Subscribe now
