This month’s member spotlight is Christopher (Chris) De La Rosa, senior threat intelligence analyst at DICK’S Sporting Goods. During our conversation with Chris, he expanded upon his unconventional path leading to his career in threat intelligence and his day-to-day duties. Keep an eye out for Chris at the upcoming RH-ISAC Summit as he is hoping to present.
Tell us a little bit about yourself and your background.
Chris: I am a senior threat intelligence analyst at DICK’S Sporting Goods. I have been on the team for going on two years. Prior to joining GSG, I worked for six years in managed services, specifically working with different clients at VMware, EY, and A&M.
How did you get into cybersecurity, and how did you get into the role that you are currently in now?
Chris: It was a natural progression from working at the help desk. I had an interest in cybersecurity, and I was fortunate to be given an opportunity. My wife is in cybersecurity as well which is why I was able to make the transition from your typical SOC analyst to threat intelligence. Her work always interested me. She helped give me guidance on how to get into CTI, what to study, read, and listen to. She was the one that tipped me off to IntelTechniques by Michael Bazzell. Then, once I acquired that book a few years ago, it was off to the races.
What is your day-to-day like in your current role?
Chris: My day-to-day is not consistent. It depends on my research, the business needs, and how ever I can help the team, which includes threat writing, open-source intelligence (OSINT), working with digital fraud, marketing, social media operations, and legal. Even working with different members of the RH-ISAC.
You were able to travel to Phoenix, AZ this year for the Regional Workshop that kicked off our events season. Tell us how that compared to past RH-ISAC events you have attended?
Chris: It was great being able to meet different RH-ISAC members. I enjoyed seeing some friends from RH-ISAC, like JJ. It was cool to meet them in-person. Since the workshop occurred at PetSmart, Chris Trudel was there, and I got to talk to him. He was one of the presenters, so it is great to listen to your friends who are presenters. You have an opportunity to hear about different areas I typically would not work on, such as vulnerability management or automation.
What were your main takeaways from the workshop?
Chris: One of the main takeaways for me was everyone has the same pain points. We are all customer facing, so the challenges are very similar regardless of the company. For instance, phishing attacks are the main vector that threat actors use to target us and customers. You receive thousands of emails a day so you need to manage the workload and find a way to automate what you can. With automation, it helps make our lives easier as it helps with the staffing. If you do not have the headcount and you are understaffed, it helps you get through the day. You are going to need a good tool set, and people who can help code to make that happen. That was one of the main topics discussed during the workshop.
Automation not only eases the burden on CTI analysts, but it also helps with retention because you can focus on more interesting issues that require human touch. Would you agree that automation helps?
Chris: Definitely, I think it makes the OSINT in the research a lot quicker. A lot of people can do the manual process of OSINT, but if you have a tool that scrapes all those data sources, it helps you focus on the more important things.
Besides the Regional Workshop you just attended, how else are you involved with the RH-ISAC?
Chris: I am in a few of the RH-ISAC interest groups. My favorite one is the dark web working group. We have bi-weekly syncs, where we work on different items members bring. We review different ways we can improve as analysts and bounce ideas off each other. A few members of the dark web working group and myself gave a talk at last year’s RH-ISAC Summit which was great to be a part of. I appreciate the opportunities that I’ve been given by the RH-ISAC, and more specifically Muktar Kelati is awesome. I cannot say more great things about him.
Are we going to see you at the Summit this year? Or any other upcoming RH-ISAC events?
Chris: Definitely, I’ll be attending the Summit again. COVID limited the amount of human interaction I had the last few years. It was great to attend the Summit and meet people in-person. Hopefully, I’m going to be giving another talk at the Summit this year.
What advice do you have for individuals looking to either enter the cybersecurity field, or to those who might be in the field already and trying to decide their next steps?
Chris: Definitely, trying to find what you really enjoy. I did SOC work for a while, and I always had an interest in doing research. My path into cybersecurity was unconventional. I received a degree in liberal arts. In college, I was a history major so I never would have imagined that while in school, I would be in my current career.
It helps if you can figure out what you are passionate about and what you like. For me, my passion is threat intelligence. Anything I can learn, identify, or new OSINT techniques. I’m always trying to find new tactics people can use, to make work a little bit easier. For cybersecurity professionals who are new to the retail industry, I recommend joining the RH-ISAC weekly call and Slack channels. There is a lot of good information sharing that occurs there. The Slack channels are always good, because people are constantly posting recently released reports, new finds, or articles.