It was a day like any other at security solution provider RSA back in 2011 on the day the data breach began. Damien Manuel, at that time an enterprise account director at the Australian office, had only been in his position for a few months when he saw the historic hack unfold. People internally began to lose access to critical systems. Manuel realized that something was up. The official word internally was that a system upgrade had failed. Behind the scenes, the U.S. side of the business was limiting access to keep the malware from proliferating. By the next day, things had gotten worse. Going public about the breach was unavoidable. It was one of the first compromises of a big-name security vendor, and the results were chaotic and expensive. From high-level damage control management to the nuts-and-bolts costs of replacing hardware authentication tokens, the damages totaled $66 million. It was later discovered that it began, as so many data breaches do, via human error.
“It was the result of an HR person in Australia who clicked on an email attachment [that] was an Excel file that had a zero day flash vulnerability embedded in it,” Manuel said. “That was able to give the intruders access into certain systems and move throughout the network.”
Having seen the costs of such a breach first-hand, Manuel has plenty of insights into all of the different moving parts of hacks and their aftermath. But this incident is only one of the many experiences that have honed his cybersecurity expertise and business acumen, and inform his understanding of the evolving issues that face the world of IT security. He has served in different capacities at National Australia Bank and is currently the chief information security officer at Blue Coat Systems, where he handles cybersecurity for operations within Australia and New Zealand and works with industry leaders to help them secure their operations. With years of experience making one of the most heavily-targeted areas of business more secure, his mind is always on cybersecurity.
And it’s not just Australia’s financial sector that benefits from Manuel’s scrupulous understanding of the tech world. He also shares his knowledge as a subject matter expert (SME) for CompTIA – and the whole world of IT is safer because of it.
Manuel got his start in contributing to CompTIA’s certification exams a decade ago when, having most or all of the CompTIA certifications then available, he answered a call for SMEs to help build out the CompTIA Server+ exam. Since then, he has contributed to the CompTIA Advanced Security Practitioner (CASP), CompTIA Security+, CompTIA Network+ and CompTIA A+ exams. He also sits on the CompTIA SME Technical Advisory Committee (CTSAC), where he vets top industry talent to come on as SMEs themselves. He sees CompTIA’s certifications as playing a clear role in helping the security world keep up with the threats.
“[CompTIA certifications] give a minimum benchmark in terms of the kind of individuals you should be recruiting in your organization,” Manuel said. “It’s very difficult to go into the market and find the best people through reading CVs. A lot of the time it’s through understanding what kind of certifications or accreditations these individuals have. CompTIA provides that benchmarking level, particularly with the security exams.”
The future of cybersecurity does indeed call for the best people. Manuel has watched the cybersecurity world change significantly, even since the RSA breach in 2011. Financial data breaches have grown so prevalent that people tune them out. But at the same time, hackers have gone from targeting almost exclusively financial information to, as in the case of some of 2015’s high-profile security breaches, personal data – with quite a different impact.
“The pivotal change has really been the Ashley Madison breach,” Manuel said. “Losing your credit card details or maybe your social security number is really not a big deal. The bank will just replace the credit card and there might be some financial loss. But with people losing their private personal information, the fact that you’ve been using that type of service; your life is impacted. Your social life, your home life, and it’s very much an impact you can’t reverse or back away from. The consequences of something like that are quite large compared to your credit card.”
Likewise, the threat actors have become more malicious than data thieves or website vandals, or even organized malware extortion rackets. It’s no secret that terrorist groups with an interest in disrupting and destroying have an eye on cyberspace. New targeted malware models, too, require a rethinking of how enterprises approach security and understand potential disk.
So the way we think about cybersecurity is changing, and with advanced-level certifications that demonstrate IT pros can think creatively about security events, CompTIA is helping the world navigate these shifting paradigms.
As Manuel continues to make sure that CompTIA provides the best industry benchmarks for what IT professionals need to know, he has a word of advice for how those pros can meet the future demands of the IT world. He advises aspiring techs to learn the business side, so as to communicate IT needs to c-levels in enterprises, and to get involved with a mentor and take advantage of the wealth of knowledge those with decades of experience hold. Finally, he gives some advice about the mindset a successful IT pro needs to have.
“Never stop learning,” Manuel said. “Things change so rapidly. You have to keep on top of the ball. Always make sure you’re constantly updating your skill-set and that you’re capable of doing pretty much everything from an IT perspective; whether its security related or general IT.”
Matthew Stern is a freelance writer based in Chicago who covers information technology, retail and various other topics and industries.