Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/13/2020
06:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

A Paramedic's Lessons for Cybersecurity Pros

A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.

The young, high-pressure, and highly technical fields of emergency medicine and cybersecurity have more in common than you might think. Their practitioners share similar traits and challenges, and they have many lessons to teach each other, says one man who worked in both. 

Rich Mogull, an analyst at Securosis and CISO of DisruptOps, entered the emergency medicine field as a college student and spent 10 years as a paramedic and EMT before starting his IT career. For the past 20 years he has worked parallel careers in cybersecurity and emergency response, learning along the way how similar the two young, intense, and highly technical fields can be.

"I kept seeing all these parallels between the two," Mogull says. "The job's never done; we don't have control over our environment. I don't know what the next call's going to be as a medic, and I don't know what the next threat's going to be as a security professional."

Employees share several traits, he explains, such as flexible thinking and the ability to adapt to different situations as they unfold. Experts in both fields have to deal with real-time incidents, chronic systemic failures, and constantly changing research and work environments. They have to zoom out and see the bigger picture; they have to stay up to date on technical proficiencies.

The downsides are also similar: burnout, mental health, and substance abuse issues affect both fields more than others. Employees question their ability to build long careers and mentally cope in high-pressure jobs. Mogull points to the problem of not wanting to learn anymore, a challenge in two fields where "that's the way it's always done" is at odds with new information.

He presents an example from his early days in emergency medicine: As a student, he learned that if someone was bleeding out, the patient should be given an IV and loaded up with fluids. "When I first started in the early '90s, we knew that was just making your blood Kool-Aid," Mogull says. Fluids reduced oxygen-carrying capacity because they diluted red blood cells; more pressure caused a patient to bleed faster. Even so, they had to keep blood pressure up, so they did what they had always done. It took years of experience and learning, he says, to move away from this practice.

On the cybersecurity side, he uses the parallel of forcing password resets every 90 days, even if they have multifactor authentication (MFA) turned on. This doesn't reduce the risk, and it doesn't help a user in any meaningful way if their password is compromised because MFA is enabled.

"There's just all these things that we do that … I think if you really take a step back and look at it, the current research, science, and risk profile changes things."

The Educational Evolution
Emergency medicine is a relatively young field — the first paramedics didn't hit the streets until the early 1970s — but it still has a few years on cybersecurity. Infosec is following a similar path in its development, Mogull says, pointing to education as an example. When he trained as a paramedic, there was no strong standardized education and training varied state by state. Since then, he says, there have been advances in standardization on the baseline level of education. 

The same can be said of cybersecurity, where "we're having more of a recognition of the kind of training and continuous education we need," he explains. There is still work to be done — being able to take a five-day crash course and get a CISSP "I don't think does us any good," he notes — but overall, the industry is creating more structure around how its professionals are trained.

Consider incident response, where quality assurance is growing more respected and businesses are building out playbooks and run books to prepare for cyberattacks. A lot of "off-the-cuff" incident response approaches are being swapped out for more structured processes, better visibility, and tooling and automation. "In security, we're really early in that process of recognizing the value of those road maps and those checklists," Mogull adds.

Managing an incident is a key skill that translates across emergency medicine and security. Responders in both fields have to take in the scene, quickly focus on the problem, and be prepared for something unexpected to show up. The step-by-step process is similar for both.

Managing Mindset: How Employees Cope
Both of these highly technical, high-pressure fields are recognizing the mental health and substance abuse issues affecting employees who regularly handle hard situations. While everyone has different coping mechanisms, Mogull points to some that are top of mind.

This isn't about mental resiliency, he explains, but a concept called "anti-fragility." Resiliency means you keep taking hits but don't let them affect you, which is tough because it's not sustainable. Anti-fragility is about responding, adapting, and improving from difficult situations. It's not about deflecting everything but about being able to absorb it and continue.

Mogull also points to the benefits of context shifting, which has worked well for him in his parallel paths. In college, for example, he would go from his EMT shift to living a normal college life. Being able to divide and compartmentalize those worlds gave him a different mindset. His thinking changed when he put on his uniform and went out on call. Still, he adds, coping mechanisms are different for everyone and professionals will need to find what works for them.

"That's what I think a lot of it comes down to," he says. "It's recognizing that you can't just deal with terrible things all the time and not have it affect you. The question is, how can you let it affect you and move forward?" 

Mogull will share stories and lessons about his parallel careers in an upcoming Black Hat USA talk, "The Paramedic's Guide to Surviving Cybersecurity," on Thursday, August 6.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for detail on conference information and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.