Infosec Skills author Joseph South found "love at first sight" in cybersecurity
For Joe South, a career in security was borne partly out of passion and largely out of practicality.
Joe had dreams of entering law enforcement, but he couldn't forego income during the years-long training and enrollment process. To make ends meet, he started working in help desk roles. A mentor of Joe's keyed in on his drive and analytical mindset and suggested exploring the world of cybersecurity.
"It's kind of like love at first sight," he said.
After identifying his newfound calling, Joe worked tirelessly to ramp up. He researched the field extensively, studied hard and passed the Security+ exam.
Becoming a cloud security engineer
Joe is now a Senior Cloud Security Engineer at Grainger, a Fortune 500 industrial supply company based in Chicago. His team's structure is unconventional, but to the benefit of his cross-functional colleagues. Rather than being siloed, Joe is one of Grainger's "security liaisons." His mandate includes team-specific responsibilities, but he is encouraged to identify and solve security culture problems that the entire company is dealing with.
"If I see different security issues or security flaws under a different domain or department in the organization, I am fully empowered to track that down, provide solutions or recommendations and follow up on it," he said.
Joe relishes the opportunity to have such a breadth of experience. "One day I can be dealing with endpoint security. On the next day I can be working with top-of-the-line, next-gen IAM (identity and access management) security solutions and figuring out how to deploy them," he said.
Whereas sometimes security professionals have a reputation for creating obstacles, Joe is known as a collaborative partner. He wants colleagues to enjoy working with him. This makes his audiences --- whether technical or non --- more receptive to his message. It helps accelerate critical business changes. And it creates a more pleasant workplace.
Of course, standards can't be compromised. But such a positive attitude isn't incompatible with doing a good job. "We're able to work with the environment, with whatever they have. We're here to support them," he said.
Learning practical cloud security
As the author of Infosec's Cloud Service Provider (CSP) Security Features Learning Path, Joe teaches practical know-how for a crucial field.
"I'm not teaching you different theories of how you would penetrate a network based on some book written by someone that hasn't done it in 10 years," he said. "I'm teaching you things that I did last week at work that are working."
After laying out the structure of roles and responsibilities within the CSP ecosystem, Joe dives into details about the three dominant providers: Amazon Web Services, Azure and Google Cloud Platform. By conducting deep-dives on all of these players, you’ll be able to master the platforms and help their organizations make more informed CSP procurement decisions.
But why focus on cloud security?
As Joe describes it, it's a broadly applicable topic for just about everyone in the industry. The cloud allows for rapid deployment, the creation of an agile IT infrastructure and superior speed.
"Everything in IT is really going towards the cloud. If you're not going towards the cloud, then you risk becoming obsolete and falling too far behind."
While the industry is still shifting, companies that don't quickly embrace cloud will be at a competitive disadvantage. Thus, a strong foundation in cloud can help security pros stay ahead of the curve.
Keeping your cloud security skills relevant
To keep up with the rapid pace of developments, Joe recommends putting persistent effort into continuous learning. Much of his inspiration for working with Infosec came from a desire to give back, and he plans on creating additional courses to achieve this end.
"It's about loving that process, loving learning more about the field at all times. Once you have that, then you can start setting certification goals for the year."
He also suggests setting up a regular cadence with friends and mentors in the industry. These ad hoc working groups can serve as a forum to discuss personal goals, major security breaches and emerging trends. This creates a system of mutual accountability in a more open setting.
Ultimately, though, all of these learning tools pale in comparison to the importance of a strong work ethic.
"At the end of the day," he said, "you know yourself and have to hold yourself accountable."
About Joseph South
Joe South has over six years of cybersecurity experience across multiple industries. He has his CCSP, AWS Security Specialty and AWS CCP certification, among others. In addition to his Infosec Skills Learning Path, Joe maintains a blog about cybersecurity.