SET University organised a webinar on cybersecurity with a former CIA officer

On October 19, SET University adjunct professor and cybersecurity expert Nick Gisinto held a webinar Cybersecurity Expert’s Journey Through the Eyes of an Ex-CIA Officer, sharing his own path in the field, necessary cyber skills, and business advices.

Nick went from being an operational officer at the Central Intelligence Agency to creating security programs for Uber and Tesla. He shared this experience, as well as career-building tips and insights from his practice at the webinar.

On moving from CIA to Uber

“The first thing you face when you move from the public to the private sector is that you don’t understand how to apply your skills in a different niche. I never thought that my skills as an operational officer would be super useful in the private sector.

However, I later realized that the approach to protecting intellectual property in the company was the same approach I had learned at the agency – the bad guy mindset. I had to think about how to get access to information that didn’t really belong to me.

The positioning “I’ll help protect you from people like me – because I know how people like me work” gave me a strong advantage. So at some point, I got the opportunity to join Uber.”

About the necessary soft skills

“When I joined Uber and started thinking about the skills I needed, one of the most important skills was critical thinking, sound decision-making, and the ability to think about the overall goals of the company.

In addition, you have to look at the company’s security from two perspectives at once – “I protect the company” (the so-called blue team mindset) and “I look for ways to punch a security hole and carry out a cyber attack” (the red team mindset).”

How to assess risks if you have few resources

If you’re a startup, or don’t have a lot of time or other resources to really critically evaluate your systems, but still want to make sure you’re adequately assessing risks, here’s a simple way to do so based on risk level and frequency.

This risk-based approach means that you identify the most frequent risks in your organization, prioritize them, and then move to the lower left quadrant (dealing with low-frequency, non-critical risks). The reality is that organizations are often limited in time, in financial resources, in human capital, in people. Nevertheless, you have to make decisions carefully.

Nick Gicinto cybersecurity must read

• The Perfect Weapon: War, Sabotage and Fear in the Cyber Age
• The Speed of Trust: The One Thing That Changes Everything
• Dare to Lead: Brave Work. Tough Conversations. Whole Hearts

If you want to develop in the field of cybersecurity or innovation engineering, we encourage you to learn more about our master’s programs, where Nick teaches: Master of Cyber Defense and Master of Computer Science and Innovation Engineering.