RH-ISAC: What is your background in cybersecurity? Where did you get your training and education?
Jordan: My cybersecurity career started with my current company, BigCommerce, about three-and a-half years ago. I was in another role at the same company and was given the opportunity to meet our cybersecurity team to learn more about the field. These team discussions really sparked my interest in the area, inspiring me to pursue a path to get on the team. After months of research, reading, and participating in capture the flags, I landed in my dream career with a job on the cybersecurity team.
Since then, I have had the opportunity to lead several landmark projects that have been beneficial to both the company and to my career growth, resulting in deeper technical knowledge, real-world exposure, and promotions.
As far as knowledge and training, Udemy courses have been invaluable to learn coding and a basic introduction to cybersecurity terminologies, trends, and training the eye in what to look for. In addition to Udemy, I also transitioned into Vulnhub to gain practical hands-on digital security experience through hosting my own vulnerable machines.
From there, I began to hone my skills against HackTheBox machines and obtained certifications from EC-Council and INE (formerly eLearnSecurity). I am continuing to evolve by working towards other certifications from INE that will pave the way for the Offensive Security certifications soon. I also keep up with ongoing trends by following industry-related podcasts and news feeds.
RH-ISAC: What made you decide to get into cybersecurity?
Jordan: I’ve always been interested in the IT space. While I wasn’t entirely sure what I wanted to do, I caught up with an old colleague at a previous job, and he mentioned some of the certifications he had and briefly explained what he was doing. This intrigued me. What was going to be a quick conversation turned into hours. The best part of that conversation? My ex-colleague and I now work together at BigCommerce! I love my career. Knowing that I’ll go to work and always learn something new is ultimately why I decided to get into cybersecurity. There’s always a level of importance involved with the work. Cybersecurity is a field that forces you to think outside the box and constantly adapt to the threat landscape.
RH-ISAC: What is your current role? What do you do in the day-to-day?
I’m currently an Infrastructure Security Engineer, but I wear multiple hats. Tasks vary, from writing scripts to benchmark cloud environments against CIS, NIST, PCI etc., to triaging vulnerabilities. I will go from scanning one day to performing a penetration test the next. Day-to-day, we monitor misconfigurations, operating systems, packages, connections, storage at rest/transit; the list goes on. Effectively anything that touches the infrastructure is put under the microscope.
I’m also a contributor during compliance audits. I’ve been a part of several audits now, assisting our GRC team in providing the evidence the auditors are seeking. But this is by no means a complete list of my roles and responsibilities. As I’m sure many other cybersecurity professionals can agree, our day-to-day changes frequently.
RH-ISAC: What do you enjoy most about working in the cybersecurity field? If you’ve had past careers, how has cybersecurity differed?
Jordan: This one is easy: the continuous learning and then applying what I learned to my role. I also thoroughly enjoy the team I work with. They really are a second family to me. Seeing them level up in their careers and share information with everyone, including myself, is crucial for our field.
I can’t say I’ve had “past careers” as much as I’ve had several jobs before getting into cybersecurity as part of a discovery phase, if you will. At that time, I wasn’t entirely sure what I wanted to do as a career and had interests elsewhere in retail, sales, marketing, and even landscaping. The biggest difference between those jobs versus this career is my pure excitement about the field. I can talk about cybersecurity for hours.
RH-ISAC: Sharing and collaboration are key to what we do. Can you share a story of how you were helped or when you helped another?
Jordan: This is why I’m such a huge fan of RH-ISAC. I’ve never been strong in OSINT, or simply, I never put a lot of focus into it. A few weeks after joining RH-ISAC, I joined the Weekly Intelligence Call, where everyone was providing updates. We got on the topic of social engineering and how much information can be gathered by threat actors from public-facing sources to learn about targets.
I really had no idea just how easy it is to find someone’s information online. I’ve dabbled with the OSINT framework from time to time, out of curiosity, but I had never truly grasped how easy it is. I don’t recall who the person was, but the way they explained OSINT and common tools was fantastic. Immediately all the light bulbs in my head started going off, and everything just clicked.
RH-ISAC: What do you think is the greatest benefit that the RH-ISAC community brings to your company?
Jordan: This may go without saying, but purely the information sharing. In the world we live in, cybersecurity is everywhere. It’s a part of everyone’s life, whether we like it or not. With the threat landscape always changing with new TTPs, we need to share what’s going on. As an RH-ISAC member, it’s nice to see that we’re not the only company dealing with a specific event. Being able to take that information and start threat hunting in our own environment, not only levels up our security engineers, but increases the security posture of our company with each exercise we go through.
RH-ISAC: What do you enjoy outside of work?
Jordan: I normally enjoy being outdoors, but living in Austin, Texas, where BigCommerce is headquartered, it’s hot! If it’s bearable outside, we try to get the dogs out and go to a park or lake. Otherwise, you’ll often find me cooling off inside playing video games, on Discord, or watching movies.