Nathan Wenzler, Senior Director of Cybersecurity at Moss Adams, a Seattle, Wash. based accounting, consulting and wealth management firm:
SC: How long have you been in security?
Nathan Wenzler: 22 years
How has your discipline changed over the years?
I think my own discipline has changed as the Information Security discipline changed over the years. Initially, it was just seen as a subset of IT, focused on technology and implementing as many tools as we could to defend networks. Over time, however, InfoSec has come to be regarded as a risk management discipline that stands on its own, and adopting that risk mentality has absolutely changed the way I approach projects and challenges. Not only do I use a more measured methodology, but I’m more inclined to bring in non-technical solutions into play rather than just buying the first piece of software that sounds like it would help.
How has the industry changed for women over the years? More or less opportunity?
In relative terms, I think it’s easy to say that there’s a lot more opportunity for women now than there was 20 years ago, but we still have a long, long way to go to address the inequality women face in this industry. There are a number of fantastic organizations out there that are bringing women in tech together and performing outreach in order to encourage more women to get involved. But, we still have an outdated cultural norm in many corporations where working with technology is still seen as a male-only skillset. I’m certainly proud of the efforts that have been made by many groups, but, we all still need to do a lot more to create equality in our industry.
What has been your biggest surprise during your cybersecurity career?
I find the overall sense of blasé about protecting your identity and other personal information still shocks me on a regular basis. I was certain that as more and more data breaches happened and more people fell victim to identity theft or financial loss, the more people would care about protecting their own data and would take action. And while some do, it’s nowhere near as many as I had thought. Perhaps the flood of data breaches has made people numb to it all, but, even before it became a near-daily occurrence, I found most people just didn’t care what happened to their information. I definitely did not expect to see that mindset be so widespread.
Did you ever foresee that it would be the daily newsmaker that it has become?
Absolutely. As more and more companies and services relied on data and technology, the more they would become targeted by criminals and other malicious actors. Information is power, and the more we started to rely on technology for everything in our day to day lives, the more power we shifted to databases and cloud-based firms. It was only a matter of time for the attacks to ramp up to the point where we’d start seeing incidents reported as often as we see now.
What has been the biggest threat you have faced or simply seen develop during your tenure in the industry?
The greatest threat in technology I see today is also the greatest benefit that has been pushing advances at a blistering rate: automation. Developers, when building today’s applications, are able to simply and easily automate the decision trees that drive all of the workflows and processes that allows us to buy products online or pay our bills or communicate across the planet. But that same automation, in the hands of someone with malicious intent, can be used to scale out phishing attacks that can be sent to millions of email addresses simultaneously, push ransomware across global networks or execute denial of service attacks that can bring down nearly any website. The tools we’ve built to create are the same that get used to break it all down. While we keep pushing forward to advance technology, we’re also advancing the ability for attackers to be more successful, and that enablement is what I consider to be the greatest threat we face today.