Welcome back to another Unusual Journey Into Infosec, where we don’t need to airbrush the imperfections from our past to improve the rich texture of our future (it almost worked).
In this chapter we learn the Journey of Jack Leonard who made the transition from Designer>Infosec Professional.
I’d be lying if I said I didn’t love the ‘sky is falling’, fast-paced adrenaline fuelled world of Infosec- Jack Leonard 2017
I first knew about Jack after he replied to my Tweet requesting unusual back stories in December 2017. His background immediately stood out, and was very interested in telling his story.
For those who may have not come across his background, Jack Leonard is an Irish Entrepreneur, Creative Director & Developer. He likes to distil information & data into powerful, heuristic stories.
His work has been featured in WIRED, Forbes Magazine, Mattermark & The Irish Times. He is an IDI & AIGA accredited designer, and is amongst the youngest recipients of multiple design awards.
This is his story… (December 2017)
CyberSecStu: (CSS): First of all thank you for agreeing to this. My vision is to help break the illusion that you have to follow a certain route to have a career in Infosec.
Jack Leonard (JL): Sure — It’s something that I think is really important. [ highlighted in part by public reaction to Equifax CSO not having a Infosec background post-breach ]
CSS: Exactly! A very valid point. Can you tell me a little about yourself and how you ended up in this wonderful industry?
JL: Sure. So most of my background is that I’m a multidisciplinary designer — I’ve worked everywhere from identity design to information design for security.
About two years ago I joined the founding team of @barricadeio three years ago[acquired by Sophos one year ago] as a designer — and grew with the company from there.
In an attempt to democratise security for the masses I set out to design a series of infographic data visualisation pieces, etc to help democratise the esoteric security world for the masses — through this, I had to do a tremendous of research obviously to distil the topics into something simpler. While I hadn’t had much contact with the security world before this — I wasn’t averse to it.
The infographic because wildly successful and we’re featured in WIRED, Sunday Business Post, The Hacker News, CSOonline etc. Through creating them I managed to learn a huge amount about security, soon after started penetration testing as a side hobby, branched into OSINT, took Offensive Security’s CEH course, and decided to start a CISSP last fall. Since Barricade I’ve worked with a number of other security startups to help them make security a little bit more understandable, less convoluted — which I believe I’m in a unique position to do being both a designer and someone who understands Infosec.
Here’s a sample of one our Infographic aimed at an audience that wasn’t very technical
CSS: Love the Infographic- really clean, simple and hits the points really well. So how did you get from design into Infosec, because that’s an interesting move?
JL: Really the main motivation was 1) interest — it’s always been a dynamic and interesting scene for me, even from the outside 2) I’d be lying if I said I didn’t love the ‘sky is falling’, fast-paced adrenaline fuelled world of Infosec. that’s something that’s hard to find anywhere else.
CSS: Yeah that’s what I love, every day is a new and exciting (and sometimes an all consuming) challenge!
Did you have any barriers to getting into the industry?
JL: Not Really, I was closer to it than most when starting out — Designer at an InfoSec Startup. And from that had a clear cut path and lots of mentoring.
CSS: Ok, from another perspective, what do you think are the biggest challenges people face when trying to enter into the industry?
JL: I think a lot of newcomers try to go an academic route, which I think is rather useless. Security is a hands-on approach and always has been — Real-world application work is very important. I thought of my development of InfoSec as I did when I was a designer, I focused on building up a portfolio of people and projects that I’d worked on. Pentesting/OSINT/whatever.
I also think Security groups as a whole can be quite closed off — It’s a little more difficult than other industries ‘to get your foot in the door’ if you don’t know someone already on the inside.
CSS: What advice would you give someone who’s either just starting out, or is looking to jump industries?
JL: Have fun, and find an area of InfoSec that you like. InfoSec is something that’s very easy to experiment with, and there’s a lot of malleability. If you find a track that you like you’ll have no trouble following it; but don’t make the mistake of rushing into the totality of the security world just because you saw two episodes of Mr Robot!
CSS: Thank you for this, and for sharing your journey.
There are a few lessons we can distil from Jack Leonard’s journey, first is to focus on the areas of Infosec that interest to you. This is something that has come up more than once in the series.
We can’t know everything right away, so specialising helps, personally from experience you will retain more information if you enjoy what you do and are interested in your chosen track.
Although Jack mentioned that it is hard to get your “foot in the door” within the Infosec industry, I would also add that using Twitter, Slack channels and various discord servers to build your network will help to get you known quickly, therefore open up potential opportunities.
Finally, I will be publishing a list of recommended sources and Twitter lists in part 10 of this series to help those who may not know where to start.