Data Defender: What it Takes to Protect Information, Stay a Step Ahead

In high school, Michael Muckin didn’t necessarily set out to have a career in cyber security; he simply enjoyed learning how things worked.

Muckin, a Fellow at Lockheed Martin’s Corporate Information Security Architecture Group and two-time Blackhat speaker, was introduced to computer programming in high school when his football coach—who taught computer programming—told him to take the class.

“Once I was in the class, the problem-solving skills and logical thought process of how you structure things to accomplish an objective really appealed to me,” said Muckin. After graduation, he continued to grow his skills in the U.S. Marine Corps as a communications and intelligence specialist for six years. 

He went on to hold numerous cyber security-related roles including penetration tester, vulnerability researcher, network engineer, software developer and security architect, as well as an independent consultant to Fortune 500 companies.

In his 25 years of working in cyber security, Muckin said one of the most surprising aspects of the field is how little the threat has actually changed.

“People always say cyber security is changing, but actually not much has changed. There are still bad guys with malicious intent just as there have always been. It’s just part of our social structure now,” he said. “What is constantly changing are the mechanisms and techniques of how the attacks happen.”

The rush of trying to stay one step ahead of the bad guys is what Muckin says makes the job so exciting.

“I’m fortunate to be able to work at the enterprise perspective yet still roll my sleeves up and dig into the technology,” he said. “It’s exciting to be able to tear apart the code and figure out what the adversaries are doing, then develop new techniques to prevent them from doing it.”

While it’s not often easy to stay one step ahead, Muckin added that he loves his job because of the people he works with and the difference the team makes.

“We have some of the most talented, dedicated and motivated people in the industry,” he said. “The combination of the challenge and the purpose—knowing that what my team and I do makes a difference—is rewarding.”

For those working in or considering a career in cyber security, Muckin offered the following advice:

  1. Understand technologies at the deepest level possible. Regardless of what you specialize in, you need to have intimate knowledge of the technologies you’ll be working on at the deepest level possible. Don’t just do enough work to pass a class; take time to really understand what the 1s and 0s are doing from the hardware to the application layer. Having that fundamental knowledge allows you to understand how the attackers do what they do so you can develop the appropriate protections to counter them. Like many other professions, those who excel are the ones who have mastered the basics.
     
  2. Learn, practice, integrate. There are a lot of specialties in cyber security. Eventually, you’ll find something that will stick with you. Once you find it, learn it, practice it and integrate it until it’s part of how you operate. People who work in cyber security are extremely motivated and talented, and some of the best education and experience is often self-taught. In fact, the original definition of a “hacker” was simply someone who liked to take things apart and had an intense curiosity to figure out how things work. As the famous saying goes, “hack to learn, don’t learn to hack.”
     
  3. Have the right mindset. People who work in security need to have the ability to ‘flip the switch’ and really think like the adversary. If you can’t turn that switch on, chances are you won’t get as far in this field as you would want to.