CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| |NOVEMBER 20248CIOReviewIN MY OPINIONFROM THE GROUND UP: BUILDING A CYBERSECURITY CAREERRandy Marchany is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. Randy is currently a senior instructor for the SANS Institute and joined SANS in 1992. He was recently part of the team that wrote version 8 of the Center for Internet Security (CIS) Controls. He has written or co-authored over 45 papers on cybersecurity. Awards include the 2024 Capital ORBIE Finalist CISO Public Sector award, 2024 OnCON Top 10 CISO award, SANS Difference Maker Award in 2021 for his contributions to the cybersecurity field, 2016 Shirley C. Payne IT Security Advancement award, the 2000 SANS Institute's Security Technology Leadership Award, the 2003 VA Governor's Technology Silver Award (team), and EDUCAUSE Excellence in Information Technology Solutions (Team) Award in 2005. He is a co-holder of three cybersecurity patents.Through this article, Randy offers a valuable perspective on the evolution of cybersecurity and the importance of early adoption and community involvement in shaping the field.Career Growth and Preparation for Current RoleIn a way, I was lucky that I got into cybersecurity when I did (1992). Since it wasn't a "thing" back then, we had the opportunity to shape it. The biggest break I got was back in 1991-2 when I got an email from a startup called the SANS Institute. Alan Paller, SANS founder, liked a presentation we did at their second annual conference and invited us to participate in some projects he had in mind. He was a genius at finding people all over the country who wanted to participate in the creation of an industry. Let's be clear, at the time we didn't know we were part of a larger group that was involved in this "creation". The SANS connection was a small part of a larger group of tool builders, practitioners and some management types. The connections we made thru Alan wound up being a great resource for sharing and testing ideas. Working at a university was another key factor in my career. We were using cutting edge technologies 3-5 years before the commercial world. Some of the things here at Virginia Tech that I think were cutting edge were a) Bring Your Own Device (BYOD). The university started requiring students to purchase a personal computer in 1984. b) connecting to the "internet" in the late 1980s. Universities were among the first entities to connect to the Arpanet, Bitnet, Internet and this allowed the creation of defacto standards that promoted interoperatibility across different platforms. System administrators and academic users became familiar with connecting to other resources on the internet. The Morris worm of 1988 opened our eyes to the impact of a security attack and allowed us to find out about new security teams like the CERT (Computer Emergency Response Team) at Carnegie-Mellon University. Virginia Tech was one of the early members of the Internet Storm Center (then called the Dshield project, isc.sans.org). We provided a good portion of the intrusion detection By Randy Marchany, Chief Information Security Officer, Virginia TechRandy Marchany
< Page 7 | Page 9 >