How would you describe your role?
I’m responsible for all things information security at the company. This extends to protecting all of Ridgeline’s assets, equipment, proprietary information, personnel, and all of the data entrusted to us by our customers. I keep them safe from intrusions, compromises, and unauthorized disclosures of activities, applications, and sensitive data that we manage on their behalf.
How would you describe your leadership style?
Growing up in the military, I was able to be an observer of many different styles of leadership, and I’ve been able to pick and choose the things that work well while trying to avoid some of the things that don’t. I want to walk the walk as a leader, so I’m always very sensitive about what I require of my employees. I want to filter things down to them that are worth their time, and I roll up my sleeves with them to get things done.
What’s something new you’ve learned recently?
I’ve recently learned about how you can leverage vulnerabilities in the CI/CD pipeline to access sensitive information from production systems through that pipeline. I picked this up during a Lunch-and-Tech session at Ridgeline where one of our software developers presented on the topic. It was helpful because it gave me a baseline that I then used when my team participated in a Holiday Hack challenge a few months ago. The event was a series of mini challenges, and one of them was related to exploiting a CI/CD pipeline. So, I got to leverage my understanding I picked up from the presentation at Ridgeline and actually get the chance to run code and read sensitive files off of a production server through the pipeline which was really interesting.
What’s your super power?
I think my super power is that I never get tired of learning. In the information security field, this is a really important skill because there’s not any room to just be comfortable and say, “Well, I’ve mastered everything there is to know.” The field is changing all the time. There’re always new technologies being released and new attacks related to those technologies. So, it’s an arms race, meaning there is never a shortage of new things to learn. I’ve been in the field for more than 20 years now, and what I’ve come to realize is that the more you know, the more you know you don’t know. Being able to keep learning is essential.
What’s something going on at Ridgeline that you’re excited to see grow or develop?
The most important thing that we’re doing right now is staying on top of the threats that exist and how they can impact Ridgeline so that we can be very targeted in our response. It can be difficult sometimes to know if we’re investing in the right things, if we’re spending time in the right areas, if we are aligned against the right threat. I’m excited that we’ve recently been able to bring on a cyber threat analyst because I think it’s important to have a dedicated person who can focus on emerging threats to the company and IT services. They’re tracking the emergence of different attack campaigns so that we’re always positioned well to protect ourselves.
How would you describe Ridgeline’s culture?
One thing that struck me at the very beginning of my time here and has held true throughout is just how collaborative Ridgeline is. There is never a shortage of people who are invested in the thing you need to get done and who are willing to dedicate time and energy to help you understand the problem, solve it, and maybe come up with a new solution that you hadn’t even considered. Also, I think the people we work with are inherently fun to be around which is fulfilling.
Can you tell us about a time where you were inspired or impressed by the great work of another Ridgeliner?
I had a Research and Development employee that was assigned to my team who had never done information security before, but he was well-versed in programming. He was hungry to learn and, in the time that he was at Ridgeline, he really applied himself to build technology that allows us to better visualize when things occur that are outside of the norm. It’s technology that we still use today. It was amazing to see how quickly he was able to adopt all of the things we were throwing his way. He found a means to create something with a lasting impact. It was pretty incredible.
What is unique about Ridgeline?
I think one of the things that stood out to me when I was in the interview process and trying to decide where I was going to work was that – especially coming from the military and federal government – decisions are made quickly and this allows us to innovate and be successful in the space. I find it hard to imagine other companies being able to do that as quickly and efficiently as we do.