Becoming an Analyst Part 2: Educational Foundations

July 17, 2017 • Amanda McKeon

Ever thought of becoming a threat intelligence analyst? This is the second in our occasional series of behind-the-scenes looks at Recorded Future, where we drop in from time to time on team members, to find out what it is they do, how they do it, what made them choose their careers, along with some advice for anyone considering the field. They share their stories, in their own words.

In this episode, we introduce you to Wendy DeLuca and CW Walker. Although they come with experience in analysis and cyber security, neither of them had a conventional technical educational pathway to working in threat intelligence. We’ll find out why, and why both of them consider that an asset.

This podcast was produced in partnership with the CyberWire and Pratt Street Media, LLC.

For those of you who’d prefer to read, here’s the transcript:

This is Recorded Future, inside threat intelligence for cybersecurity.

Dave Bittner:

Hello everyone and thanks for joining us for episode 15 of the Recorded Future podcast. I’m Dave Bittner from the CyberWire. Today’s program is the second in our occasional series of behind-the-scenes looks at Recorded Future, where we drop in from time to time on some of the Recorded Future team members to find out what it is they do, how they do it, what made them choose their careers, along with some advice for anyone considering the field. They’ll share their stories in their own words.

In this edition, we introduce you to Wendy DeLuca and CW Walker. Although they come with experience in analysis and cybersecurity, neither of them had a conventional technical educational pathway to working in threat intelligence. We’ll find out why, and why both of them consider that an asset. Stay with us.

Wendy DeLuca:

So, ever since I was in fourth grade, I always remember being in fourth grade — I wanted to be a police officer my whole life, to actually get into physical security and all throughout … as soon as I could, as soon as I was 18, I started taking police tests, and all throughout college I did state police tests, local police tests, took the civil service exam in my hometown, and I got pretty far into some of those processes.

And then, it wasn’t that I wasn’t interested anymore, but as I was going through school, I did an undergrad program and then right after my undergrad I did a master’s program at Salve Regina University down in Newport, Rhode Island, and it was kinda funny how it all happened, but I needed to pick one more class, and my professor was like, “You know you, you’ve already actually picked all the classes you need to concentrate in cybersecurity and intelligence.” That was the concentration name within the master’s, and I said “Okay. I’ll take the class.” The last class I needed to fulfill that requirement, and my thought going into taking that class, it was called “Cyber Methodologies”, was literally that it would look good on a resume. So, kinda from there it was more just natural.

I started applying. I googled “hot security companies in Boston.” And so, I found my first job. It was EndPoint Security Applications, and then from there I made the transition to threat intelligence, but it definitely wasn’t planned, and I don’t really think I had a big passion or dream to get into threat intelligence or cybersecurity in general, but it just kind of happened naturally like that.

Dave Bittner:

But that’s a bit of a switch. If you had spent a good part of your life dreaming about pinning on a badge and strapping on a gun, what was that actual transition, was there a moment of … was there an “aha” moment, or did it just kind of happen?

Wendy DeLuca:

I think a little bit of both. While I was finishing up my master’s, I actually worked at a local police department, like in my hometown. And I really, really enjoyed it, but it was definitely a lifestyle. You have to be really dedicated, too. You’re working, usually like four days on, two days off, completely opposite of most of your friends and your family, when they work Monday through Friday and have the weekends off and you’re … your schedule’s rotating.

So, that didn’t scare me at all, I was completely okay with all that, but my perception — and I don’t think this is necessarily true everywhere — but I want to have a lot of kids, and I want a big family. And so, being a female, I saw other females who had children, or were pregnant, were getting more of the desk jobs, right, for natural, obvious reasons. You don’t want them on the street, anyways. They probably wouldn’t want to be there themselves.

But, I want to have a lot of kids, and so, I figured the time I’m having kids is probably 30 to 40. That’s the time when most people in that law enforcement career are really accelerating and rising up the ranks, and I just, honestly didn’t see that happening for me, personally. Not saying that you can’t do both. I know there’s probably a ton of women who have kids and are balancing it, and are very high up within that chain. I just didn’t see it for me. And so, that was one side of it, and then once I got into my first job in cybersecurity, I loved it. It was fascinating. A lot of the stuff I had learned in my master’s program I was seeing being applied, more of like the hands-on experience versus just the book learning, and I also got to have a regular schedule. It was a little bit of both.

CW Walker:

I wish that I had focused a little bit more on technology in school.

Dave Bittner:

That’s CW Walker.

CW Walker:

For me it was more of a hobby. Building computers in my basement, tinkering with things, and I ended up getting an undergraduate degree in political science and a master’s degree in intelligence, and found that there was actually a little bit of an overlap between my intelligence studies and cybersecurity. And so, I was able to marry something that I loved as a hobby with what I was learning to support government clients, eventually, and build a career out of it. Which is best case scenario in my life.

Dave Bittner:

So you come out of school, what kind of job opportunities were there for you?

CW Walker:

I went to school at a small university called the Institute of World Politics, which focuses very, very heavily on national security, intelligence, and the instruments of statecraft. And while I was there, I focused all of my research on cyber warfare, the ethics of electronic conflict, deterrence, and things of that nature. So, when I left school, I had a pretty good repertoire of things that I was comfortable talking about with regards to intelligence and security, and there are a lot of positions available for people that understand both the technical aspects of security, but also the geopolitical aspects. You know, researching Iranian or Chinese or Russian threat actors that may be going after banks, or governments. And so, that kind of fed me into the private sector security space. The background knowledge of geopolitics was really helpful in informing my day to day workflow.

Dave Bittner:

And so, what kind of tasks were you performing, throughout your career before you landed at Recorded Future?

CW Walker:

So, before I landed at Recorded Future, I worked both in the private sector security space, for a social media cybersecurity company, and then also as a contractor working as a cyber analyst for the government. So, a lot of my work was focused on Eurasian advanced persistent threats and learning about their TTPs, you know — tactics, techniques, and procedures — and how to track them across their campaigns.

Wendy DeLuca:

One of the classes I took was NIMS, it was National Incident Management Systems, so that was the job I actually did at the police station, was emergency management. And so that was more of a certification class that we had taken. We got our level one there and I was able to actually apply that within a job. So, that was something I felt very prepared to do, but I think overall, and this is something that you just learn through learning, and education is just how to think critically. Maybe one thing doesn’t work, try it a different way. Try thinking of it a different way.

And there’s, I know everyone says this, but there’s many ways to solve a problem, and just because I solve it this way and you solve it that way, no one’s way of solving it is better than the other. We’re just solving it different ways because we are thinking of it and applying different skillsets to solve that problem. So that’s one thing that, from all the education I’ve ever gotten, all the experiences I’ve ever had, that’s how I would apply it to my day to day now, is just thinking critically, and just getting the problem solved. But it can be solved in many different ways, many different angles.

Dave Bittner:

So, as you entered the professional world, what kinds of things aligned with what you had learned in college and were there things that were different from what your expectations were?

Wendy DeLuca:

My master’s, I did most of the classes thinking I was gonna go into law enforcement, so a lot of them were the true and true criminal justice type of classes, so, and what I do day to day it’s very different than what I actually learned in school, because only a subset of those concentrated in cybersecurity were actually things I do today.

To be honest, not a ton of what I did in school actually applies to what I do now, but I think that’s a good thing, though, because a lot of times when I tell people what I do and they ask what I do, they automatically think I have a computer science background, or a coding background, and I don’t think you need to have those types of backgrounds to get into cybersecurity. Of course that helps, it would definitely help with some of the more technical aspects of the job, but I think it’s moreso having a propensity to learn. Knowing how to learn, knowing how to be a critical thinker, and, of course, communication. How do you communicate what you’re doing, especially in a job like mine, where it’s communicating value of a product to a potential buyer. I think communication skills are always something that can be improved on and definitely a great learning skill.

CW Walker:

As professionals we really get into the weeds, we like the minutiae, and we love talking about indicators of compromise, and new vulnerabilities and exploits, and proof of concepts, but some of the most valuable courses and experiences that I’ve had were from stepping away from, essentially, those tactical parts of the intelligence cycle and starting to focus more on operational and strategic. Briefing senior policy makers, or executives about challenges or risks facing their organizations, without getting into the weeds. Being able to explain really complex and difficult technical concepts to decision makers in terms that they understand, and ultimately I think that’s where we’ll see the most value in threat intelligence and security, is when we do get the C level and board members that may not have a background in technical concepts, understanding what we’re working on and how they can help either with resources, or time, or changes in strategy.

Dave Bittner:

Talk to me about collaboration. My sense is that there’s a real sense of teamwork there at Recorded Future. How important is that among you and your colleagues, that you collaborate and share information with each other?

CW Walker:

Collaboration is critical. Absolutely critical. And I think that this is one thing that we do really, really well at Recorded Future. We’ve got a lot of people with pretty different backgrounds and expertise. I’m pretty comfortable with Russian threat actors, especially in the criminal space. There are other folks that know North Korean threat actors extremely well, or different processes that they’ve applied through their careers, coming up through different intelligence agencies than those that I worked at. And so it’s really, really valuable to reach out to other folks and say, “Hey, this is something that I’m working on. This is a challenge that I’m facing. Have you seen this before? How would you approach this?” and getting some different views from different people is critical. And I think that that’s one thing that, as an industry, we sort of are already focusing on, and I think we could do a little bit better. Understanding that even though there are folks that understand a little bit of everything, jacks of all trades, if you will, really focusing on something that you’re passionate about and that you understand very well, and then leaning on other people, in their areas of expertise. And I think that that’s, that’s where I found the most success at Recorded Future and elsewhere.

Wendy DeLuca:

It just is a really nice place to be, because we all have our skillsets, we’re all trying to accomplish the same goal, but we come at it at different angles, which is what I think is so refreshing is that, you might be solving a problem, and you bounce it off of a colleague, and they take a totally different spin on it, but you think, “Oh, wow. I didn’t think of it that way.” And so, then the next time you go to solve a similar problem, you’re going to add in or incorporate the skills that that colleague had just informed you of. So, you’re always adding and building onto your skillset, based upon the skillsets that your colleagues have. And it is a really team, collaborative approach, which is why I love being there.

Dave Bittner:

I’m curious as you were coming up through school, were there very many other women in your classes?

Wendy DeLuca:

Nope. Not at all, and I think … yeah, I have a lot of male friends. I think some of that is because in all my schooling, especially when you’re looking at a criminal justice type background, which is what I was so gung-ho for, it was 95% male. And then, especially in the technical world, it’s 95% male. I’m the only female on my team now. There’s 10 of us. I don’t mind it at all, I love it. But I do think, again, that females come to the table with a different skillset, right? And so, I think diversity in total, not just gender, is really good, right for the workplace.

Dave Bittner:

I think it’s unusual … you said that one of your priorities, something that was important to you coming up was that you knew you wanted to have a large family, and that was … that is, I suspect, continues to be a priority for you. I think a lot of women, particularly in the tech fields, would perhaps be hesitant to say that, or maybe would put, feel that saying that out loud might hold them back in their careers. But what’s your take on that?

Wendy DeLuca:

Yeah, I think it can be seen as, I’ll put this in quotes, “a liability,” because you’re going to be on leave and then your focus is clearly going to be family, and I can’t even … I don’t have children, myself, but I can’t even imagine. I have a dog and I can barely keep up with a puppy. So I can’t imagine what it would be for having children, right? And so, yeah, I think people are … women are cognizant of that, and they shouldn’t have to be.

Luckily, my employer is beyond amazing with that. I’ve seen them let people take longer leaves, get paid for it, let them work from home more often, it’s … I think the tide is turning, though, especially in technical companies, start up companies, where you’re having things like unlimited vacation policies, or work from home, just get your work done no matter when you do it, just make sure it gets done. And so, yeah, I think there is a … especially I think in corporate America, it’s probably worse where there’s more, it’s more strict with time off and vacation, and leave. We have paternity leave at our work here, which is really nice. We also have a Swedish founder, and I know Europe is better about those type of things than unfortunately the U.S., than the U.S. is.

But, yeah. I think it crosses females’ minds that, do you want to put career first, do you want to put family first. I think there’s a way to do both, but you have to be in the right field, in the right job that would allow you to do both. Again, I don’t think a law enforcement job, as I saw it, and again this is just my perception. I didn’t think I could … it’s either like, you’re on or you’re off. You can’t work from home as a police officer, whereas in the technical world, my job, I work from home all the time. So, I easily could have, be rocking a child in a crib next to me while I’m doing admin work or doing some computer work.

Dave Bittner:

When you think about people coming up through the field, people who are interested in the types of things that you do, knowing what you do with the experience you have, what would your advice be to someone who may be interested in pursuing that kind of career?

Wendy DeLuca:

I would definitely recommend getting some sort of technical or coding background. I know every company is always looking for coders, for people who have those hard technical skills, but that’s not just all of it, right? I think you need to be well-balanced. So, having even a liberal arts education, and sometimes I’ve seen, in both the employers I’ve had, where we’ve hired people with art majors. And you think, how does someone with an art major do something technical? It’s the fact that they are probably a critical thinker, no matter what they studied in school.

But I think having a well-rounded background is important, and if you can have any technical skills it will only help make any transitions into the technical world a little bit smoother. When people talk about concepts and security fundamentals, you’ll know what they’re talking about, versus me, I would have to always Google it first, and watch videos to first understand it. But, it’s not anything that you can’t teach yourself, or you can’t learn. There’s a wealth of knowledge out there, and even your peers, which is why, again, you go back to the team question. If you don’t know something, I’m sure there’s someone in your office who does, right? And so bouncing those questions off of your colleagues can always be a first step, but again, there are many resources out there, there are coding classes online, free coding classes online, that can help people get some of those technical skills. But if you’re in school, in a position to take them, I would take them then. Kind of get them out of the way, have that foundation just so you can understand the vernacular, and some terms of the industry.

CW Walker:

It kind of depends on the background of that person. If it’s someone with a technical background, I encourage them to think broader about the geopolitical concepts that certain attacks may have. Thinking about state-level actors and why someone may target a specific organization. If it’s someone that has less of a technical background, and it’s more focused on intelligence, even if they’re not necessarily interested in going into cybersecurity, I encourage them to think about how states and intelligence agencies are leveraging security flaws in their agencies or in the technologies they use to collect information that may harm U.S. interests. And so I think that as an industry and as new people start to enter that industry we need to become a little bit more broad in our focus, while still maintaining that niche interest, and becoming experts in that, but understanding the global context of the things that we’re working on. And that’s what I try and recommend to folks that I’m mentoring.

Dave Bittner:

Our thanks to Wendy DeLuca and CW Walker for joining us and for sharing their stories.

Don’t forget to sign up for the Recorded Future Cyber Daily email, where every day you’ll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.

You can also find more intelligence analysis at recordfuture.com/blog.

We hope you’ve enjoyed the show and that you’ll subscribe and help spread the word among your colleagues and online. The Recorded Future podcast team includes Coordinating Producer Amanda McKeon, Executive Producer Greg Barrette. The show is produced by Pratt Street Media, with Editor John Petrik, Executive Producer Peter Kilpe, and I’m Dave Bittner.

Thanks for listening.