This year’s RSA Conference Security Scholar pitch-off during College Day truly showcased diversity in all its forms, emphasizing its importance across the industry, now and for the future. From gender, to ethnicity, to socioeconomic background, so many different demographics were represented both on stage and walking the conference floor. But what many may find surprising was the diversity in age among a traditionally young student population.
We were able to speak with Eric Lankford, 52, who is working on his master’s degree in cybersecurity at the NYU Tandon School of Engineering. After getting his start in IT, Eric took a non-traditional path to security, not making the change until his late thirties.
What encouraged you to make the shift from IT to cybersecurity?
“It just kind of happened organically. I was working in organizations where there was a need for somebody to move into a cybersecurity role, and I was the one to raise my hand. I’ve always been open to learning new things, and the opportunity was exciting.”
What interests you most about the cybersecurity industry?
“The big topic that everyone has been talking about this year at RSAC is AI, which I’ve been interested in for a long time, working with neural networks early in my career. Something that I’ve found particularly fascinating is the computer/brain interactions being discussed - where that’s going and how that will help humanity in the future.”
Are you learning about AI security in your master’s program?
“It’s so new that it's not really a focus now in academia. Sure, there’s some research being done, but it’s not part of the curriculum. But I think since RSA Conference and others are now so focused on the topic, we can expect to see a shift in what the next generation of practitioners are learning.”
What do you think the industry still needs to work on?
“From a people standpoint, you hear diversity talked about - not just diversity of race and gender - but diversity of background and experience. If there’s an English major or a biology major interested in cybersecurity, let's include them! They provide a unique perspective and will look at a problem differently than someone who’s been in security for a long time. On the industry side, we still need to work on the basics. I read a 2015 McAfee report that said the bulk of breaches are still occurring because of a lack of basic security hygiene - passwords, insecure accounts, admin rights, all these things. McAfee states that we’ve banged this drum for decades, and it’s still the most likely method of attack or breach. It’s great to talk about stuff like AI and zero trust, but if you’re not doing the basics that’s going to be your Achilles heel.”
You touched on diversity in all forms in your last response. Can you tell us a little bit about your experience as a nontraditional security student making a career change? Has the industry been receptive?
“It depends a lot on the company culture and the role, but in general I’d say the industry has been open to it. I think sometimes a hiring manager may look at someone who’s older and think they may not be as easy to train, or may not be working much longer, but I’d like to see the industry get to a place where they are able to better appreciate someone who’s willing to learn, who has a passion for it, and who’s going to say ‘Throw me into it. I’m willing to do the work.’ That’s what companies need to look for.”
What does the future look like for you after you finish your master’s program?
“I currently work for a small defense contractor, which I enjoy. But I’m interested in moving into more of a strategic leadership role versus the more technical work I have been doing. But mostly I’m excited to continue learning. Maybe not in a formal capacity - I don’t know about going on to a PhD or anything - but in this industry it’s a constant necessity.”