Lightning Round with Jeremy Brown
Why should you consider a career in cybersecurity?
Jeremy Brown, Vice President of Threat Analysis at Trinity Cyber, believes that our industry is one of the most exciting career paths available today. “Thanks to innovative technology and changing mindsets,” says Brown, “There are options beyond responding to malicious code that has already infected a network.” As a guest lecturer at a Columbia University cybersecurity course, Brown will be addressing the future leaders of this industry—and he can’t wait to see the creativity they bring to this dynamic, exciting field.
Here, Brown answers a few quick questions on working in cybersecurity today.
It’s understanding and deconstructing how innovative attackers are today. I’m constantly amazed while playing the ‘game of chess’ that happens in real time between attackers and defenders online. It really motivates me to stay focused on what’s possible, and to constantly question what defenders think of as cutting edge. Plus, I get to defend networks with our own revolutionary tech every day. That’s something that just puts a smile on my face.
The topic is Malware Analysis & Reverse Engineering and it’s taught by Mike Sikorski, who is one of the cybersecurity industry’s technical leaders, the founder and leader of the FLARE team at Mandiant, a board member of Trinity Cyber, and someone I’m proud to call a mentor. This course has caused a lot of excitement since he began teaching it as he wrote one of the earliest and most influential books on the topic — Practical Malware Analysis — and has brought that skillset into the classroom.
I aim to leave students with an overall understanding of how malware C2 is blocked with most defensive solutions and how that is a much less elegant and effective way to deal with it. Instead, I propose that ROCKEYE malware C2 can be modified, removed, or replaced depending on which stage of operation it’s at. Students will leave the lecture knowing that there are more options in defending against malware C2, and they can apply that creativity wherever they land in the industry. As an example, after I gave the lecture last year, I had a group of students reach out to me for help with their senior thesis project—and they were getting ready to head out into industry jobs shortly thereafter.
Our industry has a huge talent shortage and a high barrier to entry. I’m certain that with better K-12 exposure and smoother transition into STEM fields in college, specifically in cyber defense, we can help address that gap. We need to teach students how to critically analyze problems and help them break down technical issues into manageable and understandable chunks.We need to address systemic knowledge gaps that lead to finding quick, unreliable solutions such as identifying and blocking indicators of maliciousness and instead, train the next generation to analyze the problem and find a better and more effective solution.
I believe there’s a lot of opportunity to push boundaries and solve big challenges for customers and the industry. Cybersecurity in general is more than ready for a leap of innovation that uncovers the strategies and techniques attackers employ. I believe Trinity Cyber technology is the beginning of that innovative leap, and I can’t wait to see what others come up with as we embark on a new era of preventative cyber defense.