We recently interviewed Joshua Copeland, the Director of Security Operations Center (SOC) at AT&T, based in Louisiana, United States. In his previous positions, Joshua managed the Cybersecurity teams, Unit Security, and traditional operational IT functions. In this interview, he talks about the challenges that excite him in his Director position, how organizations can adapt their security to be ready for tomorrow’s malware attacks, and further questions. Enjoy the full interview below.

1. Firstly, thank you for taking part in this campaign, Joshua. Can you tell us about your professional background and areas of interest?

I have an interesting path in cybersecurity starting early in my career doing desktop support and working up through the typical system admin sidetrack doing server and application administration with light networking. I crossed over doing more governance-related work as my start in the real security side of the house. I eventually land in security tools engineer and then, later ran cloud platforms before finally transitioning into the security operations/analyst side of the house.

2. As we noticed, you are currently working as a Security Operations Center (SOC) Director. Could you please share with us what are the challenges that excite you in that position?

One of the best, and sometimes worse things about working in a SOC and managing a SOC is that there is always something new. New vulnerabilities, new exploits, new technologies to integrate. Being in a SOC means really having to stay on the bleeding edge because you are one of the cyber first responders.

3. Let’s now talk a bit about malware. What key malware trends have been dominating 2021 and what should we expect in 2022 and years to come?

I think we are just going to continue to see ransomware explode. With large hacking groups essentially corporatizing it, ransomware is just too profitable to give up. The ability to recycle existing tools for new exploits and the general unwillingness to do proper cybersecurity coupled with the willingness for organizations to pay makes it a win-win for the bad actors.

4. How can organizations adapt their security to be ready for tomorrow’s malware attacks? Please walk us through your top recommendations.

It really comes down to starting with the foundational items. Have a formalized vulnerability management program, not just a patch management program that is tightly tied to a risk acceptance model. Understanding the risks is the key to accepting risk. Having a robust program that really speaks to your threat landscape and what your layers of mitigation are driving good decision making.

5. What types of cyber threats are the most complicated to detect? Maybe you can give an example from real life?

Honestly, I think insider threat, where the person is taking things they are supposed to have access to. There are limited methods to really flag people who are doing what, according to their role, are supposed to do but then exfiltrating that for nefarious purposes.

This is the kind of individual where typical insider threat flags like accessing things outside of normal hours, things outside of their scope, downloading/printing files just aren’t going to flag because what they are doing is part of what their actual job is.

6. What do you predict to be important trends in cybersecurity in the next 3 to 5 years? AI? Blockchain? Machine Learning? Zero-trust?

For tools, I think AI/ML will be the next big leap for cybersecurity. The ability for tools to start doing the things that we would typically have a Tier 1 Analyst do is going to be huge in the ability to automatically identify and remediate issues.

From a larger perspective, compliance with all the new laws, regulations, and governances that are being rolled out globally and really understanding what applies to an organization and how to comply is going to be huge! An organization is going to have to spend a significant amount of time to ensure its practices are meeting the bars these rules are creating.

7. How do you stay up to date with industry news and updates regarding cyber security? Feel free to share your top 3 sources with us.

This is honestly the hardest part of working in cybersecurity! There are so many things you need to know and only so many hours in the day. For me, it’s having RSS feeds from tons of different security and threat-related sites, going on the dark web itself, and keeping up with professional organizations that promote information sharing within the field that have done well to keep me abreast of the current state of cybersecurity.

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.