Mark Nunnikhoven: Providing clarity about security. [Cloud strategy]

A

You're listening to the Cyberwire network, powered by N2K. And now a word from our sponsor. Spy Cloud identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire.

B

Hi, my name is Mark Nunikoven and I'm the distinguished cloud strategist at Lacework. I didn't know exactly what I wanted to do and I'm of the age when computers were just becoming a thing and we were fortunate enough that my father was in the military and he saw the computer revolution coming and got a old Commodore 128 for the family and from the moment that entered it sort of crossed the threshold. I fell in love with it. I loved tinkering with it, programming it, pushing it to its limits. So I knew for a very long time that I wanted to do something with computers and what that was changed depending on sort of the year, but it was always around computing back in the day as you remember. But some of the listeners might not. Computers were not nearly as polished. You know, the interface was a basic language interpreter, so you were programming right out of the gate. And sure when you're little you're just, you know, using pre made programs. But very quickly my father took me to some local user groups and you know, there was great magazines at the time where you're typing in code and once I started to see that, you know, hey, I could kind of bend this machine to my will, set me on a path. And so I was doing a lot of self driven learning around programming through my teenage years. Started with my first job when I was 15 working for Bell Northern research on a high school co op and then a contract after that doing testing and some light programming on what eventually became a set top box for cable television of all things. I had a lot of turbulent times on the personal side of things through high school, which I actually ended up dropping out of high school a couple of times. Eventually graduated, but same thing with university and college. I kicked around a little bit. I did one year of what would be junior college in the US and then one year of University, but the college was in computer programming. University was actually in cognitive science for the first year, which I really, really loved. But I didn't finish either of them. At the time I was working, I was actually doing sales for IBM and that was going well. I'm not really learning a ton in the first year course courses and because I've had this self interest for so long. And I just kind of ended up just staying in the working world from then on out. Though eventually I did go go back to school later on in life from sales at IBM, I went into the Canadian federal government. And I spent a little over a decade with the Canadian federal government. And as much as there are challenges in a large bureaucracy, it was fantastic from the security experience. And that's really when things started to veer into the security world. I had some experience, obviously, I've been developing and writing code for a long time, but when I got into the government there was, you know, you're legally mandated to pay attention to security, which is a wonderful thing for a security practitioner. Looking back at it, I don't have to convince them they have to care. And so I spent a decade there in a bunch of different roles. And the wonderful thing about the Canadian public service is that once you're in, it's easy enough to bounce around from role to role. So I spent some time in service delivery, in platform architecture, in security policy, and about halfway through I actually went back to school and instead of going back to get a bachelor's, I went into a graduate program to get a master's in cybersecurity. When I finished my master's so that information security degree, I specialized in forensics. And so I was starting to do a lot of attack analysis. And of course, if you're defending a nation state, you're seeing a lot of really in depth, crazy attacks. In a good way. Well, at least a good way if you defend against them. I had a lot of interesting scenarios and sort of just a breadth of experience that I think would be really hard to replicate in a private company or organization. I just loved it because there's always something new to learn. And that's really what's driven me throughout my career, is finding an opportunity where I can keep learning. A good friend of mine called me and said, like, hey, I've got a good opportunity that I think you'd be really interested in. Here at Trend Micro. I sat down with my friend and we had a good chat. It's not that common to leave the public service once you're in it, but the opportunity was too good to pass up. I was going to be able to help build Trend Micro's cloud business out. And it was eye opening, to say the least. But just the cultural dynamic of going from public service, where it's a series of lifetime employees, you know, people rarely leave, to the private sector, where we're concerned about how much business, what's the revenue, what's the projections, and we have customers that we need to keep happy. It was very, very different, but very positive in that difference. What we're doing here at Lacework. And for me, what really got me is he said sort of the magic words, he said, you know, we're looking at how to automate cloud security and we're looking at how to leverage data, a lot of data, and being a nerd at heart, loving computers from an early age and loving math from an early age, I'm like, okay, there is a lot of cool stuff that we can do with that, especially trying to drive that automation. And I've long felt part of the reason for moving out of the public service was that the cloud is an enabler to do security in a much more modern way. You know, for me, that really comes down to two really simple things. Did I learn something new and did I share something to help somebody else learn something new? And that's really what drives me day after day. And whether that's helping somebody on a team here at Lacework, or whether that's sharing something out on social or making a video or writing something up or, you know, teaching a course. And the dark days happen, especially over the last year and a half, I think, for all of us. Dark days tend to be where I'm meeting to meeting to meeting and, you know, nothing's going right. But what gets me out of those days normally is I will try to carve out 15 to 20 minutes for myself and read a novel. If I can help someone understand something a little bit better, if I can provide some clarity and if I can do that consistently over the course of my career, I think that's really what I'm looking for. I know I've taught a number of courses and continue to teach as much as it's small. When you can explain a problem that someone's stuck on or help them reason through a challenge, the reward you get from that, I think is more than rewarding enough. And if I can keep doing that every day, that's going to add up to a really fulfilling career for me. Foreign.

A

Now a word from our sponsor. Threat Locker Keeping your system secure shouldn't mean constantly reacting to threats. Threat Locker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com.