By Mike Wiacek, CEO and Founder
One of the hardest challenges in cybersecurity is hiring for cybersecurity. If I were to channel my inner Austin Powers and live dangerously, I might say it’s one of the hardest areas of high tech to staff – period. Why? I believe that cybersecurity suffers from inaccurate stereotypes, intentionally opaque technologies, and, perhaps the biggest hurdle, a self-deselection bias that dissuades qualified candidates from applying. At Stairwell, we’re actively trying to change how we think about these realities and build a company that eschews guys in dark hoodies as the metaphor for how smart modern cybersecurity looks and acts.
Watch any TV show or movie, and odds are you can spot the security guy. He is dressed in black, looks somewhat goth, and is often so pale he reflects the sun in semi-unnatural ways. While it makes it easy to identify who the hacker is for narrative purposes, it perpetuates a stereotype that someone working in fintech or ad tech doesn’t have to overcome.
The security person doesn’t need to be a guy, doesn’t need to look like they fell out of the Twilight book series, and doesn’t need to be any particular skin color. What makes a good cybersecurity engineer is often intrinsic and not outwardly visible at all. They appreciate hard problems, think about how others may have tried to tackle them, and then have an insatiable desire to outwit those designs with something completely unexpected. What makes someone a good problem solver in software engineering, in general, makes them a great software engineer working in cybersecurity.
Opaque ivory towers
Let’s assume you want to know how some three-letter agencies hack their adversaries. My gut tells me there are only two possible answers:
- Incredibly hard work researching, studying, developing, and managing operations.
That’s it. You have to decide which one is the more likely of the two. If you’ve ever wondered how a firewall works, how antivirus software is able to scan files with hundreds of thousands of signatures in less than a second, or how spam ends up in the spam folder and not your inbox — then the same two potential answers apply. Magic or hard work?
The solutions to all of these challenges aren’t found in incantations or secret tribal knowledge, but rather they’re found in the application of the basics: data structures, algorithms, and the ability of hard-working engineers to break down complex challenges into the fundamentals that underpin everything. While the outcome may seem like magic, it is still insights, innovation, and hard work that make magic happen.
This is one of the most common things we hear when we speak with engineers who have chosen fields other than cybersecurity. If we ask, “Why not cybersecurity?”, we universally hear, “Oh, I don’t really know anything about security.”
This type of thinking is, I believe, reinforced by the first two hurdles of inaccurate stereotypes and opaque ivory towers. But even if we overcome them, there is an implicit expectation that you must be a cybersecurity expert to accomplish work in this domain. This should not be so. After all, do engineers working on Google Ads have degrees in advertising? Or do the engineers working at Intuit have degrees in accounting? The unifying trait all software engineers have is that we are trained at solving problems.
Some recent work we’ve been tackling involves using trie data structures to compactly represent incredibly large datasets across distributed machines, efficient scheduling systems to prioritize throughput and minimize user-visible latency, and scaling clustering algorithms to work at a multi-billion document scale. These don’t sound like cybersecurity projects and they shouldn’t. Because they are really just engineering solutions built from computer science first principles that solve really hard cybersecurity problems.
The benefit of working on challenges like these at a cybersecurity company is that you will grow in your core capabilities while attaining a level of expertise in security that you never imagined.
Wear whatever you want
Every day, our lives are more impacted by commerce, education, and connections on the internet. Keeping organizations safe is now more important in the daily lives of internet users than ever before. At Stairwell, we are a team dedicated to helping organizations Outsmart Any Attacker. And that mission is achievable because we aren’t thinking about security the way everyone else does. We aren’t looking for folks in dark hoodies, but people who want to solve hard problems.
At Stairwell, we’re going a step above, and we’d like you to join us.
Mike is passionate about security and building out a team culture that is collaborative, honest, and dedicated to helping our customers outsmart attackers. Earlier he was a co-founder and CSO of Alphabet's Chronicle and the founder of Google's Threat Analysis Group.