As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?
With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.
In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command and Strategic Cyber Threat Analyst.
Did you go to college? What did you go to school for?
I went to several colleges and obtained several degrees, but the most important and recent is what is now known as the University of Maryland Global Campus. I chose that school for its cybersecurity degree.
I’ve also got degrees in communications, and that is probably the most used degree in my career. The cyber knowledge was there; I just needed the formal education and degree as a way of showing I’m not just a writer and researcher but I’m also an educated analyst.
What was your first role in IT?
My first role in IT was actually as a pseudo-IT guy for my squadron in the Air Force way back in 1997. I’m coming up on 30 years in the business, and it was the best decision I made. When I started in IT, I was actually in a contracting squadron. We wrote contracts for construction, services, etc. Our squadron had no real IT support to speak of, and I had a decent amount of knowledge.
So I volunteered, and the rest fell into place along the way.
What pushed you to pursue security?
Security came along much later. I worked as the IT specialist for the first six years in the Air Force. I decided to pursue a different Air Force career, and I went to school for what would become another degree. I cross-trained in Russian to become a linguist. I’d always wanted to learn a foreign language, and Russian intrigued me: the alphabet, the culture of “every person” Russia. I wanted to be more on the tip of the spear in defending the U.S., and that was the best way for me.
Explore jobs in cybersecurity
What is the most valuable skill you learned in your role?
People skills. When you do the type of work we do, you have to learn to interact with all different kinds of people. Some have a lot of cyber knowledge, some have less, but all have something to bring to the table and discussion.
A perfect example is my co-worker Nick and I have a meeting with between eight and 14 people every morning. Our meeting is a great way for us to all share information about threats, breaches, vulnerabilities. One of the most important things we do is collaborate with each other as a direct result of these meetings. The knowledge I have differs from theirs. I provide what I know, and that allows them to add more context to whatever it is they’re working on. It’s probably the best meeting I have.
What soft skills do you think make a person successful in cybersecurity?
To be successful in this career field, you have to be ready to learn something new every single day. Cyber is an ever-evolving career. What’s dangerous today will still be dangerous tomorrow, but you’ll also find that there are new dangers. Keeping up with the latest in those areas is the only way to progress. Every day is something new that we’ve never seen. And even if we have seen something similar, no two threats are the same.
My best advice is to put yourself in the mindset to never stop learning. That applies to the career and to life in general. Learning is a lifelong process.
Any parting thoughts?
If you’re looking into a career in cybersecurity, IBM is a great place to dive in. There are programs for internships and several growth platforms that can meet any kind of career in cyber, and the people are second to none. I’ve made lifelong friends and colleagues at IBM.