Rick Howard: Give people resources. [CSO] [Career Notes] - CyberWire Daily

Summary6 min read

CyberWire Daily Podcast Summary
Episode: Rick Howard: Give People Resources. [CSO] [Career Notes]
Release Date: April 6, 2025
Host/Author: N2K Networks

Introduction

In this episode of CyberWire Daily, Rick Howard, the Chief Security Officer (CSO), Chief Analyst, and Senior Fellow at CyberWire, shares his extensive journey in the cybersecurity field. From his early life in South Dakota to his pivotal role in protecting the Pentagon’s communication systems during 9/11, Rick provides invaluable insights into the evolution of cybersecurity and the importance of providing resources to empower individuals and organizations.

Early Life and Military Career

Background and Motivation
Rick Howard begins by recounting his upbringing in South Dakota, the son of a gold miner. Determined to forge a different path, he enlisted in the Air Force through the early entry program during his senior year of high school. His ambition and the support of his community led him to receive an appointment to West Point, a turning point that redirected his career towards the military and, eventually, cybersecurity.

Rick Howard [01:29]: "That was the best thing that's ever happened to me. And I was able to get a military academy appointment because of that. And that was my ticket out of being a gold miner from my hometown."

Academic and Technical Foundation
At West Point, Rick pursued a degree in Computer Science, laying the foundation for his future endeavors in communications and network management. His technical proficiency was further honed in the US Army’s Signal Corps, where he built networks for tactical units and expanded his expertise into broader areas of cybersecurity.

Transition to Cybersecurity

Military to Commercial Sector Shift
Rick details his transition from military service to the commercial sector, catalyzed by his interest in cybersecurity and inspired by Bruce Schneier’s book Secrets and Lies. Recognizing a strategic opportunity, Rick contacted Counterpane, a company founded by Schneier, to leverage his military experience in a burgeoning field.

Rick Howard [01:29]: "So I called them and said, hey, you guys should give me a job. And they did. So that's how I got out into the commercial sector."

Role at Counterpane
At Counterpane, Rick managed the global Security Operations Center (SoC), one of the first Managed Security Service Providers (MSSPs). He describes the SoC environment with its large display screens and dedicated analysts, emphasizing the innovative nature of the work and the collaborative team that drove success.

Rick Howard [01:29]: "We had one of those fantastic rooms where the big screens in the front and analysts in the back."

Leadership at iDefense and Verisign

Establishing iDefense
Rick’s career trajectory took him to iDefense, acquired by Verisign, where he led the commercial intelligence group. His leadership involved managing researchers focused on malware and vulnerabilities, as well as overseeing a team of cybersecurity professionals proficient in languages like Chinese, Russian, Spanish, and French.

Human Intelligence Operations
One of Rick's notable initiatives at iDefense was deploying multilingual cybersecurity experts to engage with malicious actors globally. This approach enabled the collection of actionable intelligence, which was then sold to various government organizations, enhancing national cybersecurity defenses.

Rick Howard [01:29]: "We sold that research to a bunch of government organizations back in the day, and it was a lot of fun."

Transition to Palo Alto Networks
Rick’s success at iDefense led to his role at Palo Alto Networks, where he continued to influence the cybersecurity landscape, managing sophisticated security operations and contributing to the company’s strategic direction.

Current Role at CyberWire

Joining CyberWire
Rick shares the serendipitous moment that led him to CyberWire: his passion for podcasts and a desire to create content. A conversation with the CyberWire team resulted in him taking on the role of CSO and leading his own podcast, providing him with a platform to disseminate his ideas widely.

Rick Howard [01:29]: "So here I am, the chief security officer of a startup called the Cyberwire and I get to work on my own podcast and you guys give me this giant platform to present my ideas."

Mission-Driven Cybersecurity
Rick emphasizes that cybersecurity is more than a business venture; it is a mission dedicated to preventing harm to individuals and organizations. He reflects on the ethical and societal implications of cybersecurity work, underscoring the importance of remembering the mission's purpose.

Rick Howard [01:29]: "One of the things I like about the cybersecurity field is it's this profession is more than just the business bringing money in. You are actually have a mission that is trying to prevent bad things from happening to good people."

Personal Stories and Experiences

Pentagon Command Center Resilience
One of Rick’s most profound experiences was his role as the network manager at the Army’s command center in the Pentagon during the September 11 attacks. Prior to the attacks, Rick and his team had implemented robust redundancies in the communication systems, ensuring resiliency against catastrophic failures.

Impact of 9/11
When the 9/11 attacks occurred, the Pentagon’s communication systems, fortified by Rick’s preparations, remained operational. This resilience was critical in maintaining military command and control during and after the attacks, showcasing the tangible impact of effective cybersecurity measures.

Rick Howard [01:29]: "We spent a year making all of that better. Triple, quadruple redundancies. Lots of different places to fail over and our team did a fantastic job."

Legacy and Pride
Rick expresses immense pride in his team's achievements, highlighting the successful implementation of resilient communication systems that stood the test of a national crisis. This experience solidified his commitment to cybersecurity as a crucial discipline for national security.

Rick Howard [01:29]: "Because of the devastation of the planes hitting the building, because of the redundancy that we had built in to our communication systems, the Army's communications center was the only one functioning the day after the 911 attacks. Right. And we're very proud of that."

Conclusion

Rick Howard’s journey from a South Dakota mining town to the forefront of cybersecurity leadership exemplifies dedication, strategic thinking, and a mission-driven approach. His experiences underscore the importance of resilience, innovation, and ethical responsibility in safeguarding national and global security. Through his role at CyberWire, Rick continues to influence the cybersecurity landscape, providing resources and insights that empower both professionals and the broader community to navigate and mitigate cyber threats effectively.

Notable Quotes

Rick Howard [01:29]: "That was the best thing that's ever happened to me. And I was able to get a military academy appointment because of that. And that was my ticket out of being a gold miner from my hometown."
Rick Howard [01:29]: "We had one of those fantastic rooms where the big screens in the front and analysts in the back."
Rick Howard [01:29]: "We sold that research to a bunch of government organizations back in the day, and it was a lot of fun."
Rick Howard [01:29]: "One of the things I like about the cybersecurity field is it's this profession is more than just the business bringing money in. You are actually have a mission that is trying to prevent bad things from happening to good people."
Rick Howard [01:29]: "Because of the devastation of the planes hitting the building, because of the redundancy that we had built in to our communication systems, the Army's communications center was the only one functioning the day after the 911 attacks. Right. And we're very proud of that."

This detailed summary captures Rick Howard’s extensive career, his contributions to cybersecurity, and the underlying mission that drives his work. It provides a comprehensive overview for listeners and those interested in the field to understand the critical aspects of cybersecurity leadership and resilience.

Loading summary

Transcript3 lines

[00:02]
A
You're listening to the Cyberwire network, powered by N2K. Hey, everybody. Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.
[01:29]
B
My name is Rick Howard, and officially I have three titles. Chief Security Officer, Chief Analyst, and Senior Fellow at the Cyberwire. Unofficially, I'm an amateur geek, professional kibbitzer, and a general purpose security wonk. I grew up in South Dakota, and my dad was a gold miner. But I knew that I had no interest in being a gold miner, so I needed a way out of that place, right? And my way out was enlisting into the services. I volunteered to join the Air Force. I went in the early entry program my last year in high school, which means I joined up in, you know, during the Christmas break before high school ended. And then what happened is I had a lot of people pull for me and they got me an appointment to the United States Army's preparatory school. This is a program to get me into West Point. And that was the best thing that's ever happened to me. And I was able to get a military academy appointment because of that. And that was my ticket out of being a gold miner from my hometown. I've been a geek my whole life, but not a. Not a full time geek. I was never one of those guys that pulled radios apart and put them back together. I have no man skills. I love computer games. And I always thought that I was gonna figure out some way to be involved in the gaming industry somewhere because I played them all the time. And my only way to do that while I was at the military academy to pursue Computer science as my degree, because I had that background that led me directly into the communications fields in the US army, the Signal Corps, which led me into building networks for tactical units in the army, and then bigger networks as I moved up in the ranks, which finally led me into cybersecurity, where I did my last job before I retired. I was the commander of the Army's Computer Emergency Response Team, which basically let me coordinate offensive and defensive operations for the U.S. army. I was reading a fantastic book by Bruce Schneier, okay, Secrets and Lies. It's a really great one. And I just happened to look at the back cover and realized that the headquarters of the company that he founded, Counterpane, was just down the road from Felt Belvoir, where I was stationed. So I called them and said, hey, you guys should give me a job. And they did. So that's how I got out into the commercial sector. My job at Counterpane was to run the global SoC. It was one of the first MSSPs that was ever put out there. And we had one of those fantastic rooms where the big screens in the front and analysts in the back. I was there at Counterbrain for a number of years, and then I got a call from an old buddy of mine that says they needed someone to come and run the commercial intelligence group iDefense that Verisign had just bought. They needed someone who had some experience with intelligence to come in and run this commercial organization. What a great job to have. It was. I had all these researchers that did all kinds of interesting research on malware and vulnerabilities. But we also had this other side, this human intelligence side, where we had cybersecurity professionals who spoke foreign languages like Chinese and Russian and Spanish and French. And we put those folks out in the country to talk to the black hats out there. They talked to us. So we sold that research to a bunch of government organizations back in the day, and it was a lot of fun. So that's how I got the Palo Alto Networks, and it was a fabulous job. All those people are really smart. And I thought I was going to retire. Retire. You know, I'm an old guy, right? But I had come on the Cyberwire daily podcast, and I'm a huge podcast fan. When I was thinking about what I was going to do after I knew I wanted to do something fun on a lark, I called you and said, hey, you should let me do a podcast for you. And you guys said, you should just come work for us. So here I am, the chief security officer of a startup called the Cyberwire and I get to work on my own podcast and you guys give me this giant platform to present my ideas. I can't be happier. It's fantastic. One of the things I like about the cybersecurity field is it's this profession is more than just the business bringing money in. You are actually have a mission that is trying to prevent bad things from happening to good people. That's why I hope I remember that we gave that a shot. I may have been successful, may not have, but we certainly were trying and I hope people remember that. I have one more story that I'd like to say. I was the network manager at the Army's command center in the Pentagon during 9 11. All right. And I got there about a year before the event happened. We had no resiliency built into any of our comm systems and this place was the army headquarters. All the orders or the army around the world came out of this place and all the services were on one giant server that if it failed everything would be dead. So we spent a year making all of that better. Triple, quadruple redundancies. Lots of different places to fail over and our team did a fantastic job. And then 911 happened. Back then in the Pentagon, the command centers, the service command centers were all in different places. The Army, Air Force, Navy, Marines, they were all had their own command centers. But because of the devastation of the planes hitting the building, because of the redundancy that we had built in to our communication systems, the Army's communications center was the only one functioning the day after the 911 attacks. Right. And we're very proud of that.
[08:23]
A
Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production costing 10 times more to fix. AUX Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application security benchmark from AUX Security D.