Unusual Journeys Into Infosec featuring @JackLeonardme
Part Eight of the Unusual Journeys Into Infosec series by CyberSecStu of The Many Hats Club, who talks to @JackLeonardme about his journey.
Welcome back to another Unusual Journey Into Infosec, where we donât need to airbrush the imperfections from our past to improve the rich texture of our future (it almost worked).
In this chapter we learn the Journey of Jack Leonard who made the transition from Designer>Infosec Professional.
Iâd be lying if I said I didnât love the âsky is fallingâ, fast-paced adrenaline fuelled world of Infosec- Jack Leonard 2017
I first knew about Jack after he replied to my Tweet requesting unusual back stories in December 2017. His background immediately stood out, and was very interested in telling his story.
For those who may have not come across his background, Jack Leonard is an Irish Entrepreneur, Creative Director & Developer. He likes to distil information & data into powerful, heuristic stories.
His work has been featured in WIRED, Forbes Magazine, Mattermark & The Irish Times. He is an IDI & AIGA accredited designer, and is amongst the youngest recipients of multiple design awards.
This is his story⌠(December 2017)
CyberSecStu: (CSS): First of all thank you for agreeing to this. My vision is to help break the illusion that you have to follow a certain route to have a career in Infosec.
Jack Leonard (JL): SureâââItâs something that I think is really important. [ highlighted in part by public reaction to Equifax CSO not having a Infosec background post-breach ]
CSS: Exactly! A very valid point. Can you tell me a little about yourself and how you ended up in this wonderful industry?
JL: Sure. So most of my background is that Iâm a multidisciplinary designerâââIâve worked everywhere from identity design to information design for security.
About two years ago I joined the founding team of @barricadeio three years ago[acquired by Sophos one year ago] as a designerâââand grew with the company from there.
In an attempt to democratise security for the masses I set out to design a series of infographic data visualisation pieces, etc to help democratise the esoteric security world for the massesâââthrough this, I had to do a tremendous of research obviously to distil the topics into something simpler. While I hadnât had much contact with the security world before thisâââI wasnât averse to it.
The infographic because wildly successful and weâre featured in WIRED, Sunday Business Post, The Hacker News, CSOonline etc. Through creating them I managed to learn a huge amount about security, soon after started penetration testing as a side hobby, branched into OSINT, took Offensive Securityâs CEH course, and decided to start a CISSP last fall. Since Barricade Iâve worked with a number of other security startups to help them make security a little bit more understandable, less convolutedâââwhich I believe Iâm in a unique position to do being both a designer and someone who understands Infosec.
Hereâs a sample of one our Infographic aimed at an audience that wasnât very technical
CSS: Love the Infographic- really clean, simple and hits the points really well. So how did you get from design into Infosec, because thatâs an interesting move?
JL: Really the main motivation was 1) interestâââitâs always been a dynamic and interesting scene for me, even from the outside 2) Iâd be lying if I said I didnât love the âsky is fallingâ, fast-paced adrenaline fuelled world of Infosec. thatâs something thatâs hard to find anywhere else.
CSS: Yeah thatâs what I love, every day is a new and exciting (and sometimes an all consuming) challenge!
Did you have any barriers to getting into the industry?
JL: Not Really, I was closer to it than most when starting outâââDesigner at an InfoSec Startup. And from that had a clear cut path and lots of mentoring.
CSS: Ok, from another perspective, what do you think are the biggest challenges people face when trying to enter into the industry?
JL: I think a lot of newcomers try to go an academic route, which I think is rather useless. Security is a hands-on approach and always has beenâââReal-world application work is very important. I thought of my development of InfoSec as I did when I was a designer, I focused on building up a portfolio of people and projects that Iâd worked on. Pentesting/OSINT/whatever.
I also think Security groups as a whole can be quite closed offâââItâs a little more difficult than other industries âto get your foot in the doorâ if you donât know someone already on the inside.
CSS: What advice would you give someone whoâs either just starting out, or is looking to jump industries?
JL: Have fun, and find an area of InfoSec that you like. InfoSec is something thatâs very easy to experiment with, and thereâs a lot of malleability. If you find a track that you like youâll have no trouble following it; but donât make the mistake of rushing into the totality of the security world just because you saw two episodes of Mr Robot!
CSS: Thank you for this, and for sharing your journey.
There are a few lessons we can distil from Jack Leonardâs journey, first is to focus on the areas of Infosec that interest to you. This is something that has come up more than once in the series.
We canât know everything right away, so specialising helps, personally from experience you will retain more information if you enjoy what you do and are interested in your chosen track.
Although Jack mentioned that it is hard to get your âfoot in the doorâ within the Infosec industry, I would also add that using Twitter, Slack channels and various discord servers to build your network will help to get you known quickly, therefore open up potential opportunities.
Finally, I will be publishing a list of recommended sources and Twitter lists in part 10 of this series to help those who may not know where to start.