🐈
» Programs » Community Blog » Career CloseUp: Director, Cyber Fusion Center
Page options

Career CloseUp: Director, Cyber Fusion Center

MelindaM
Community Member

 


Thank you so much for your time. I'm wondering if you can share what you do day to day.

 

I report to the chief information security officer. My team specifically is responsible for detecting and investigating, mitigating any threats or attacks. Cyber attacks against Upwork. We're basically the security operation center. But a cyber fusion center is slightly different in the sense where we have investigation detection, alerting mitigation, incident response, all of those things under here. We also have threat intelligence, is another team under me. And then next year we're looking to build an offensive security teams as well. Everything cyber-threat related comes in to my team, we have thousands of alerts and events per day. It's when it reaches certain criteria that we then say, oh this is a security incident and then we go into basically like this incident response mode, you've practiced, practiced, practiced, for months and months and months to make sure you're ready for this. Okay, this is the World Series and the Super Bowl and everything all combined into one. You got to be ready and you got to put your best foot forward. Every single time I come out of that, I have, you know, a greater understanding of, you know who I am, a greater understanding of who my team is, a greater understanding of, you know, what the improvements we need to make or what we did really well. It gives me a great appreciation for it too. You know, coming out on the back end of, you know, sometimes if you have a security incident, you're working 24/7 for a couple of weeks and you know, it's, you know, maybe a month before you get a day off, but then you finally get to breathe and you look back on it. I don't want to say it's cathartic, but it is like, you know, I just finished the marathon, you know, I can sit down, I can reflect on what does this mean for building me as a person. Historically speaking, your operations teams are a lot more, firefighter-tactical, etcetera.

 

You know, we're, we're trying to move the bar at Upwork from being reactive to the cyber threats that are coming, into being more proactive. Most recently we implemented a security orchestration automation, basically an automation platform that as threats are being detected, it's automatically grabbing them, you know, either grabbing enrichment for the alerts to give the analyst more information or taking it and completely mitigating the threat without us ever having to touch it. I really love my job. I'm very, very passionate about cyber security. Specifically, I'm very much a geek at heart. I grew up with technology, you know, ever since I was a very small kid, I've just been working on computers and working on technology, high school I was banging away, hacking in my mom's basement. Not literally, but you know, and learning stuff a lot of my own.

 

A lot of turmoil going on during my late teens, early twenties and trying to kind of keep up with a lot of the things that were going on in my personal life. I just went and got a job and next thing I knew I was like wow I'm doing things that, you know, some people went and had formalized education for and I'm doing them because, you know, I taught myself. So I'm self taught pretty much. I got a job repairing computers. Next thing I know I'm pulled into a sys-admin job at another company. This was 25 years ago, you didn't have dedicated security teams at the time or at least most companies didn't. You had well whoever the most technical person is in the room just let them be the security person. I was working I.T. and doing infrastructure engineering and my boss literally turned to me and said, "Hey go ahead and try and hack our site let's see what happens." That was the first time I think I really applied all of my kind of basement-hacking into a profession and really getting into, well these are kind of some of the things I could do. It wasn't until years later I got my first title of Manager of the Security Operations Center. I had a former colleague reach out to me and say, "Hey I've got the security operations center, do you want to run it?" And I said wow I've, you know, I've basically been doing security my whole life. But I've never actually gotten into and actually had that, that opportunity to really get in and drive the security operations program. Immediately I realized this is where I need to be. I feel like it was really part fate and part of the nature of infosec--where there's a severe deficiency of people to the amount of positions that are open, we have a lot of options for jobs out there right now with in this particular field. Faith just came to me and said, hey, here's one of those jobs and I jumped right in and I've never looked back.

 

For the last 15 years I've been building security operations teams for enterprise businesses like Paypal, American Express. I built their security operations programs at different times when they were going through like splits or mergers and stuff like that. Normally when you get to a director level, you start pulling back a lot more and more from the technology. While I don't micromanage my team, I do have very in depth and very heavily technical conversations with my team. I was in that position years ago I was, I was an analyst, so it's still, you know, trying to get in and trying not to go and drive an investigation in one way or another. But, you know, really, I try my best to constantly stay up to date on what they're investigating, what we're seeing and then using that to go and strategically plan what we want to do going forward. I've had role models and mentors throughout my career at different stages of my career.

I've been working as a director for about the last six or seven years and I've worked with Paul Black, our Chief Information Security Officer for quite a few of those years. We worked together at Paypal, at McKesson, and now here. Paul, I think, has been really instrumental in helping me to develop even more. He's a very empathetic person, he knows a ton, but he never acts like a know it all. He asks good questions. In particular, I think the most important thing for me is that he's very focused on us as people. Which I understand is a cultural thing that we have here at Upwork, but he specifically embodies that. And so, I think if I look at who's somebody I really look up to and who do I want to be when I grow up--I wanna be Paul Black, I want to grow towards what he's doing and a lot of the example that he set for me.

 

Alot of people come to me and say, "Hey my kid's really into cyber security, how do I get into it?" I think the number one most important thing is this is not a job that you can do just because it's a job, I've heard people say I'm getting into cyber securityy cause I hear there's money in it, great, you're not gonna last, there's such a high burn out. You have to have another reason to be here and doing this, it gets tiring, it really weighs on you. Number one, be passionate about it, but number two, don't let it take over your life, don't let it consume you. You know, you have to have that time to go and reflect on yourself as well where I am right now is knowing that I'm a critical component to this company too, ensure that we're protecting Upwork, we're protecting Upwork customers, were protecting Upwork employees. We are the front line of defense against what is a constant battle that's going on. So by coming into work every day, it's, you know, what's gonna be the new cool thing that we're defending against? What's gonna be--and you know, there's gonna be a hard day's as well. That's primarily what it is, you know, just really a passion for cyber security, you know, I believe very heavily in the Upwork culture and I want to be a positive part of it.

 

This article was submitted by and expresses the views and opinions of the individual listed as the author. They do not necessarily represent the views or opinions of Upwork, and Upwork does not explicitly sponsor or endorse any of the views, opinions, tools or services mentioned in this article, all of which are provided as potential options according to the view of the author. Each reader and company should take the time needed to adequately analyze and determine the tools, practices, and services that would best fit their specific needs and situations.

5 Comments