DigitalMunition’s 30th anniversary Q&A: Nathan Wenzler
Nathan Wenzler, Senior
Director of Cybersecurity at Moss Adams, a Seattle, Wash. based accounting,
consulting and wealth management firm:
SC: How long have you been in security?
Nathan Wenzler: 22 years
How has your
discipline changed over the years?
I think my own
discipline has changed as the Information Security discipline changed over the
years. Initially, it was just seen as a subset of IT, focused on technology and
implementing as many tools as we could to defend networks. Over time, however,
InfoSec has come to be regarded as a risk management discipline that stands on
its own, and adopting that risk mentality has absolutely changed the way I
approach projects and challenges. Not only do I use a more measured
methodology, but I’m more inclined to bring in non-technical solutions into
play rather than just buying the first piece of software that sounds like it
would help.
How has the industry
changed for women over the years? More or less opportunity?
In relative terms, I
think it’s easy to say that there’s a lot more opportunity for women now than
there was 20 years ago, but we still have a long, long way to go to address the
inequality women face in this industry. There are a number of fantastic
organizations out there that are bringing women in tech together and performing
outreach in order to encourage more women to get involved. But, we still have
an outdated cultural norm in many corporations where working with technology is
still seen as a male-only skillset. I’m certainly proud of the efforts that
have been made by many groups, but, we all still need to do a lot more to
create equality in our industry.
What has been your
biggest surprise during your cybersecurity career?
I find the overall
sense of blasé about protecting your identity and other personal information
still shocks me on a regular basis. I was certain that as more and more data
breaches happened and more people fell victim to identity theft or financial
loss, the more people would care about protecting their own data and would take
action. And while some do, it’s nowhere near as many as I had thought. Perhaps
the flood of data breaches has made people numb to it all, but, even before it
became a near-daily occurrence, I found most people just didn’t care what
happened to their information. I definitely did not expect to see that mindset
be so widespread.
Did you ever foresee
that it would be the daily newsmaker that it has become?
Absolutely. As more
and more companies and services relied on data and technology, the more they
would become targeted by criminals and other malicious actors. Information is
power, and the more we started to rely on technology for everything in our day
to day lives, the more power we shifted to databases and cloud-based firms. It
was only a matter of time for the attacks to ramp up to the point where we’d
start seeing incidents reported as often as we see now.
What has been the
biggest threat you have faced or simply seen develop during your tenure in the
industry?
The greatest threat in
technology I see today is also the greatest benefit that has been pushing
advances at a blistering rate: automation. Developers, when building today’s
applications, are able to simply and easily automate the decision trees that
drive all of the workflows and processes that allows us to buy products online
or pay our bills or communicate across the planet. But that same automation, in
the hands of someone with malicious intent, can be used to scale out phishing
attacks that can be sent to millions of email addresses simultaneously, push
ransomware across global networks or execute denial of service attacks that can
bring down nearly any website. The tools we’ve built to create are the same
that get used to break it all down. While we keep pushing forward to advance
technology, we’re also advancing the ability for attackers to be more
successful, and that enablement is what I consider to be the greatest threat we
face today.
Gloss