Security Expert Interview Series: Reto Zeidler

We recently checked in with Reto Zeidler to learn about exciting innovations within the information security space and his advice to those who are thinking about a career change to become an infosec specialist. Reto is an Information Security Executive based in Switzerland and working as a Chief Managed Services Officer in the network security industry. He also discussed how careers in cyber domain are changing, which we believe you will find interesting. Now, enjoy your read.

Security Expert Interview Series #15: Reto Zeidler

1. Can you tell us your story? How did you get where you are today?

I started my career in 1999 almost accidentally as a IT service technician and later system engineer. It was a time where only a few graduate IT professionals existed (even less in security) and everybody was a newbie.

My luck was to have a couple of very experienced and brilliant people around me who helped to develop myself into this space without making to many mistakes. What always droves me early on was the question how to use IT to solve business problems (honestly, I always dreamed to be a software developer, but never got to it really) – how ever I started to study and ended up in 2003 with a degree in computer science. In 2006 I changed my path towards IT leadership roles and also entered in 2011 the information security industry where I came over Swisscom and IBM to ISPIN Switzerland as an Executive for the Managed Security Services Business.

2. What motivates you to keep pushing ahead every day in the security field?

As I have made this observation many times in the recent years: There are only two reaction of people entering the Information security industry: They try to get away from it as fast as possible or they get caught and decide never again to do something else. I am certainly part of the latter. As I joined Swisscom in 2011 and took over an enterprise security team, I had again a great bunch of people around me from where I learned all about the principles, methods and concepts of security. I don’t really know what it is, but probably it’s the combination of ethics, science-based methods but also a certain kind of uncertainty – all at the same time, that fascinates me at the most, beside the fact that you will  find some of the most brilliant and finest people on earth in this industry.

3. What do you believe are the most exciting innovations and impactful technologies are within information security space?

Well, information security is not really an invention by itself – it some kind it’s a way to deal with risks and threats that we somehow have managed to build into our society (most known as IPv4/6, the internet and Windows). But if I had to create a list of the greatest inventions in cyber security, hashes and Threat Intelligence (sharing) would be on the very top on it.

4. As we can see from your profile you are working as an Information Security Lecturer at the Lucerne University of Applied Sciences and Arts and giving lectures on threat intelligence. What are your 2 most important pieces of advice to our readers to improve their cyber threat intelligence skills?

Almost correct. I lecture Security Intelligence, what Threat Intelligence is part of, but also Security Operation (Center) and SIEM/SOAR concepts. There are two major take-outs that learn students in my lecturing First: Information Security is science (not believing), which means in security we are working with evidence and artifacts, and the second is: We are all students if it comes to information security, no matter how long you are in the industry. You must be able to observe, learn and adopt new things almost every single day.

5. What is one thing every young information security enthusiast should have on their resume that they may not realize, and why?

Nobody find’s its way into information security accidently. If you are passionate about, then a security  person will see that immediately in a first interview. If I am hiring talents – the most important factor in cyber security is the curiosity to understand things and how they work (what by the ways is also known as hacking in its original mean)

6. According to you, how are careers in cyber domain changing and what will employment be like in the near future?

The cyber domain has dramatically changed in the recent years and is still on changing. In earlier day’s security people where mainly the people who did things that nobody understood and talked about risks that nobody else could see. Today, only people who understand information security from a business perspective and can translate the complex concepts and methods behind will survive in a long-term. Information Security has just become to important to our economy.

7. Could you please tell us what was the most important cyber security lesson you learned in 2020?

Almost every day, I still learn something new in one way or the other. What stays in my mind especially from last year:  While news about ransomware attacks and new data breaches floods the news, there was suddenly another kind of news coming in. The stories about some spectacular success of law enforcements against cybercrime. It’s probably way too early to call-off that we are going to turn the table soon, but law enforcement worldwide has learned to work together and strike almost in real time. I think this development is very encouraging.

8. What would you like to say to someone who is thinking about a career change to become an infosec specialist but worries about it being too late on in life?

First, we are still short of thousands of infosec professionals in all forms and shapes in Switzerland and the rest of the world. The challenge in information security is, that knowledge half-life is very short in infosec – the good news is, that half-life of knowledge is very short in infosec. This creates an opportunity for people to enter that space almost from almost any background, at every age and you are able to reach the same experience as somebody who stays for 10 years. Start to learn the baseline principles of information security and then decide for what discipline in security you are most passionate about and then continue on this path.

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.