My Path to Leadership
For those who have had the opportunity to interview with me, you know that I start every interview by sharing my background. There are specific reasons for this, which I’ll outline in a future blog post, so stay tuned. I have been very fortunate throughout my career to have a series of lucky breaks and timing, and to the best of my ability, I have taken full advantage of these breaks. I wanted to share a bit more on my background than most know, going further than I would during a formal interview.
The Early Days
While many entrepreneurs say they started their careers off with a paper route or selling candy, I have no such story nor do I really care to have one. Sure, I would shovel snow in the winter with my brother for a few neighbors for a nominal fee or help my brother with some odd jobs he was doing for other neighbors but I would never call myself an early entrepreneur because I never cared to start a business. My first true taste of work (incoming pun intended), was when I started at McDonalds at the age of 14 (also following in my brother’s footsteps). I worked at McDonalds for three years, growing from a regular employee to Crew Trainer (my first time having to wear a tie which could explain why I hate ties so much now) to Manager at the ripe age of 15. It was an amazing experience and one I couldn’t fully appreciate at the time, but I cherish the time I spent flipping burgers, taking point on the cash register, and leading teams of people with diverse ages and backgrounds.
After a change in ownership of McDonalds that brought a whole slew of changes including cost savings at the expense of older employees, I moved to Staples where I spent a year selling computers, routers, and other electronics. It was here where I learned that I couldn’t sell something if I didn’t believe in it. I remember one specific day where a young man, maybe 10 or 12 years old, came in to buy his first laptop. After guiding him through the decision process based on his needs, he opted for a shiny new HP model that was around $600 dollars, one of the cheaper models of the time but was perfect for what he needed. As we walked to the register, I asked the obligatory question of, “Do you want a warranty with this?”. I had never intended for him to buy a $300 dollar warranty on a $600 dollar laptop, it was just the one question you were forced to ask on each sale. He caught me off guard with an immediate “yes”...I almost tripped over my jaw when I heard it. I spent the next five minutes trying to talk him out of it, but he had made up his mind (I can appreciate the decisiveness), so I rang him up and handed him his new (and fully protected) laptop. I will never forget the guilt I felt, which was made worse when my manager posted a copy of the receipt in the breakroom to congratulate me and show it off as a win to the other sales associates. The timing worked out as shortly after that I was going off to college at the Rochester Institute of Technology (RIT) to study systems administration, networking, and computer security.
Perhaps as a punishment for myself from the Staples incident, but really for money, I worked at a moving company during summer breaks from college. To this day, people don’t believe me when I say that it was one of my favorite jobs, though I suppose it’s the mindset of how I looked at what I did. I was paid to travel the east coast (sleeping in a truck and brushing my teeth at truck stops), learn a different language (mainly so I could understand the many jokes being slung my way), and work my body to the extremes - all while smiling and talking with customers to see if I could earn a larger tip. I learned lessons from that crew that stuck with me for life (work smarter, not harder). That job helped support me through college. One summer, I opted to stay at RIT to take summer classes so I could graduate early. To help pay the bills, I got a job at UPS unloading trucks at 3 AM in the morning while taking 24 credit hours - this was also one of my fondest memories as I built one of the most efficient routines I’ve ever had and worked it to perfection (this also could be why I’m such a morning person). I remember when I was taking a class on Zen Buddhism where the professor found out about my schedule, stepped back shocked, and called me a true bodhisattva (someone who has generated bodhicitta, an enlightened mind). As someone who had been practicing meditation for years by that time, it was a huge compliment for me, and one that I still cherish to this day and use to center myself.
I was fortunate at RIT to be a Resident Advisor, where I managed an all boys floor of 25+ students from my sophomore to senior year. I was also fortunate that I lived on a mainstream floor that had hearing, hard of hearing, and deaf students. Being immersed in so many different capabilities, cultures, and backgrounds allowed me to learn to come at problems differently as I quickly learned sign language. I also managed to land a job in the information security office at RIT, where I had my first taste of what security was like. It was there that I managed a vulnerability scanner that looked for vulnerabilities in the RIT campus network. These experiences, while small, still created a foundation as I prepared for the start of my real career. By this point, I had been working for almost six years in a variety of odd jobs, just grinding away to do what I had to do driven by a work ethic I learned from my father.
My Real Professional Career
In what can only be called a divine act, my first lucky break came as I searched for my first job. I was randomly looking for jobs on the now defunct Security Focus forums when I stumbled across a job posting for a senior consultant at Mandiant. I didn’t know what Mandiant did at that time, nor even know what forensics was. All I knew was that I needed a full-time job because that’s what society told me I had to do. I applied for the job, a position I wasn’t even close to being qualified for but I figured I had nothing to lose. But as luck would have it, I got a call to interview for an entry level position because Mandiant was just starting to look for college graduates. My first interview would change my life forever.
That first interview was where I met Steve Surdu, the man, the myth, the legend. Someone I now call a friend, a mentor, and who I still consistently and shamelessly syphon knowledge from. After a nail-biting interview process that I was positive I flubbed, I got the job offer on the spot and then waited anxiously to graduate early from RIT and move to Northern Virginia to start my new job.
Before I started, I thought I was going to be doing proactive services, akin to hacking into companies to find their weaknesses. I showed up the first day and was handed a hard drive and an Encase dongle (a program that allows for the forensic examination of computer systems). I transformed into a sponge, soaking up as much knowledge as I could. In the six years I spent at Mandiant, I had an amazing opportunity to lead and support hundreds of engagements with threat actors ranging from nation-state threats to hacktivist groups to organized crime. It was long hours with lots of travel, but it was always exciting and I worked with the smartest people in the industry and built life-long friendships and inside jokes along the way. It was also here that I experienced accelerated growth where I moved from a consultant doing analysis, to training and mentoring new consultants (something I always loved), leading complex investigations with large teams of analysts , and managing and mentoring a team of consultants (the parallels to McDonalds’ career path are not lost here). It was at that point that I realized how much I loved leading people and developing them to be better than I was or ever could be. Something Steve Surdu said always stood out to me, “You are successful as a leader when the people you lead become more successful than you.”. After FireEye acquired Mandiant, I saw a shift in the company with and a soft push to sell more products. With flashbacks to Staples looming on my mind, I realized it was time for a change and that I needed to get back to a smaller company to try my hand at building something.
I took this to an extreme and joined The Crypsis Group, in force with Mike Wager and Matt Ahrens, two titans in the field. I jumped head first into building and leading a professional services team focused on incident response services – thankfully my sweet spot that I had honed at Mandiant. It was there that I had the opportunity to build a team from the ground up, work with some crazy smart people, and help build a brand from near nothing. Again, it was super hard work (usually the main ingredient in the greatest accomplishments) and something I’m immensely proud of what the team accomplished. After some leadership changes and shifts in company direction, I realized it was time for me to step back from incident response. Perhaps it was burnout or something different but I just didn’t have the passion nor felt that it was my purpose anymore to serve that niche. I often tell people that I played the game of Incident Response and I beat the final boss - it wasn’t a challenge anymore and it felt as though it was on autopilot, a feeling I don’t have the stomach for. I’ve never been someone to replay the same game twice or watch movies again, (there are only a few exceptions!) so I realized I needed a different type of challenge. With the foundation the original team built, The Crypsis Group sold to Palo Alto Networks for $265M just a few years after my departure.
My next stop took me on what I considered a sabbatical away from incident response where I could regroup and provide value to a company in a different manner. Will Peteroy and Josh Carlson at Icebrg provided me the opportunity to lead their Strategic Partnerships team who supported incident response firms using Icebrg’s network sensors during their forensic investigations. It was here that I learned the true value of partnerships and had the opportunity to work with another crazy smart team with deep roots and passion for threat intelligence. Not too long after I started, Gigamon acquired Icebrg and I was thrust into Channel Partnerships, something I knew nothing about. Thankfully, I had a great boss, Michelle Hodges, who was patient with me and gave me a ton of rope to navigate and define the go-to-market approach for the Icebrg technology. This was coupled with building Channel Services that Gigamon partners could deliver. Once I defined the direction, settled my team, and got the engines roaring, I knew it was time to get back into the startup mode.
I rejoined forces with Mike Wager and we started MOXFIVE. This was, in all sense of the phrase, built from the ground up. We had nothing but a vision to start leading the way. Like any true startup, we had an idea of where we wanted to go, and that changed as opportunities presented themselves. In particular, we had the unique opportunity to build a new services concept that merged my background in incident response and partnerships. It was something that was very exciting and also where I learned that I had a passion, and a knack, for taking very complex problems and breaking them down into smaller solvable chunks to push past “impossible” situations. As MOXFIVE grew over the years, I found myself back in the incident response world that I had previously hung my hat up on. As I plotted out what I was looking for in a career and in life, I realized that I was no longer passionate about the problem we were working to solve. I knew it was time to move on. With the foundation of another company built, I gave the keys to an amazing team of individuals that I was honored to work with and learn so much from.
The Continuing Journey
I often reflect back on past lessons as I continue my journey to appreciate the immense progress I have made and know I will continue to make as I progress in life. I have been fortunate to stand on the shoulders of giants and build on the lessons they taught me. When you can reflect internally to continue to grow and put in the necessary effort to evolve, there is nothing that cannot be solved. As I continue my journey and grow as an individual, I recognize I should start sharing the lessons I learned and continue to learn. It is for this reason that I started betaviser, to ensure that cyber security professionals or any professional, can gain access to the tools, frameworks, strategies, and knowledge that I’ve learned and implemented throughout my journey to accelerate their own growth. As humans, we can grow or decline - I for one choose growth. If I can provide the mechanism for others to grow with me, and ultimately beyond me, then I know I will have lived a life of significance.
-Jason