Welcome to Episode 1 of the Building a Life and Career in Security Podcast.
My first guest is Justin Weissert. Justin is currently the Director of Proactive Services at CrowdStrike. I met Justin when we were both at KPMG. I still remember interviewing Justin for an internship. Amazing how far he’s gone. Justin talks on the podcast about his career, successes and do-overs.
[content_toggle style=”1" label=”Show%20Episode%20Transcript” hide_label=”Hide”]
Justin Weissert: I didn’t have incident response experience at the time, so I left a career where I was very stable and had a good reputation, and was doing very well, and went and tried to do something completely different just to expand my skillset.
Speaker 3: From the jayschulman.com studio, this is the Building a Life and Career in Security Podcast. Now your host Jay Schulman.
Jay Schulman: Hey thanks, it’s Jay, and welcome to the pilot episode of Building a Life and Career in Security Podcast. I wanted to do this podcast as a little bit different from how I do the website jayschulman.com. Jayschulman.com is very much about me, and I really wanted the podcast to be about our guests. I want to start with each guest having three of the exact same questions. First, talk about your journey to your current job. Second, talk about a key decision or event that has had a positive effect on your career. Finally, talk about a do-over, something you’d do differently.
My goal throughout all of this is to help you grow your career by listening to the successes and struggles of others instead of just listening to me talk all the time. If you do want to hear what I think, make sure to stop by my website, jayshulman.com, and sign up to receive this podcast along with information on growing your career. I’m planning on doing about 12 to 15 episodes per season. A season in in the fall, and then a season again in the spring. After listening to all of this, if you’re interested in recording your answers for the podcast, I will have information on that at the end.
Our first guest on the podcast is Justin Weissert. Justin’s currently a principle consultant at CrowdStrike, an incident response firm. I met Justin back when he was an intern with KPMG, and I’ve followed his career ever since. As I’m going to ask all of our guests, I want Justin to talk about his career in his own words.
Justin Weissert: I guess to describe my journey, I would start with Notre Dame, which I attended Notre Dame, graduated in 2007. When I first started there I was a computer engineer. Quickly decided after a few science classes that that was not for me, and got out of engineering. As they like to joke about in the engineering intro courses, it’s like, “If you leave engineering, please don’t go to the business school.” But I did. I went to the business school. I started off in accounting, and then I moved to finance, and finally discovered this major called Management Information Systems, which I had never heard of when I first went away to school.
It just seemed like the perfect mix of computers and business that I was looking for. That was probably the last two years of college at Notre Dame. I did that major and it was perfect. It was exactly what I was looking for. Fast forward a little bit, junior year I went away to Australia, studied abroad, and missed the fall career fair, which, when I got back, I went and talked with the guidance counselors or whoever it was at that time. They said, “Well, most of the career people come out during the fall semester, but there will be some people in the spring.” I don’t know why she said this, but she said, “I would recommend you take a look at KPMG. Based on where you are, I know they’re doing a lot of hiring, et cetera.”
Ended up at KPMG for an internship after my junior year, and at that time they hired I think, what, 75 to 100 interns. In the Chicago area they basically made offers to all but about two or three people. That’s how I got into KPMG, and from KPMG I started, as most people did, in IT audit. Actually rolled in with Mr. Jay Schulman here and moved into the information protection and business resiliency group. Spent about, I think it was six years altogether at KPMG, six or seven.
Then finally one day, between moving back to Pittsburgh for three years, got a call from somebody now at my current company, at CrowdStrike, and she asked if I was interested in moving to Manhattan Beach, California, which I said, “It’s a beach, yes I’m interested.” That’s how I ended up at CrowdStrike now. I’m doing instant response, more on the proactive side. I also do a lot of strategic work, remediation.
Jay Schulman: Thinking back through your entire journey, did you have a key decision that you made, or was there a particular event that happened that, if you think about it, really set you off in the right direction?
Justin Weissert: I actually think it goes back to the first project I worked with you, Jay, and moving … It’s funny because you described this afterwards, or somebody described this afterwards, that you just needed somebody that was going to walk in and be confident with the client. Somehow, my name got thrown out there, so appreciate that. Really, I think the key event or decision that took the most positive effect on my career was working on that project, getting away from the IT audit side of things, because I wasn’t happy. It was good good experience, don’t get me wrong, but it wasn’t interesting work for me.
Working on the project that we shared together made that transition for me from IT audit into the information protection realm which really has set the rest of my career into place, and framed my experience into information security, and has broadened my horizons. I think within KPMG you just get a wealth of information and experience across all different aspects of information security. That was obviously a great a learning experience. I don’t think I would still be doing IT audit today but being able to make that transition as early in my career as I did was probably the most positive effect that any one decision has made on my career.
Jay Schulman: You talked about confidence, which is really interesting. What role do you think confidence has in the information security field?
Justin Weissert: Yeah, I think it’s interesting. In any consulting role you have to have confidence because you’re going in and you’re talking to the customer, and they want to know that who they’re talking to knows what they’re doing. That’s one aspect of it, but nobody wants you to tell them, “Okay, I’ve done this before, just listen to me.” It’s a combination of, I think, confidence and also understanding the customer’s needs. Yeah, I think, for me, I’ve always been the kind of person that can walk in, read something, read the room, understand what the customer is looking for, and provide answers that put them at ease.
Jay Schulman: It makes it sound like the career has been fantastic. There have been no setbacks at all. I’m sure something out there hasn’t been perfect. Thinking through that, is there something that, given the opportunity, not that we get the opportunity, that you’d pick a do-over, something that you’d do differently the next time around?
Justin Weissert: I’ve been thinking about that, and I think we all do, but in my experience … It was funny because when I moved from Chicago back to Pittsburgh, I have a good buddy of mine that said, “Are you sure you want to do that? You’re moving from a top region to a small state and small city.” I said, “Well, I think it’s just the right move for me, going back to be around family, friends, whatever it might be. It’s also an opportunity for me to go somewhere and build that area, and build our information protection group there.”
It’s not something that I would do over. I value the time that I spent there, but I question sometimes whether, had I stayed in Chicago, whether I would have been further along in my career. I think I certainly made good decisions in Pittsburgh. It was a hard market to try and sell into, and I ended up out of Pittsburgh on a long-term engagement down in Texas anyway. Over the course of my career, I would think that that’s probably the one decision that I question the most, was leaving Chicago and going to Pittsburgh.
Jay Schulman: All right, so thinking back to the Justin Weissert intern that I met however many years ago it was, what advice would you give to Justin today about your career and where you ended up, at least where you are today?
Justin Weissert: I think it goes back to the question about moving to Pittsburgh and that being a challenge for me, but I think, ultimately, throughout my career I’ve made a number of decisions, and each one presented a certain level of risk. Moving from IT audit to information protection, which was an unknown for me at the time. Moving from Chicago to Pittsburgh, not an unknown, but certainly a step that took me out of a major market and into a smaller market. Then even coming to CrowdStrike now, I didn’t have instant response experience at the time, so I left a career where I was very stable and had a good reputation, and was doing very well, and went and tried to do something completely different just to expand my skillset.
I would say when you’re presented with something that’s a challenge, and if it excites you, go for it. If it’s difficult, then that’s worth working at. If it’s status quo, and you’re just going to work and going through the motions, you probably want to look for that next challenge, and even if it is something that you may fail at. By coming to a startup like I did, that was a risk, but it was something that I was willing to do. I think that would be my advice to myself, is take the risks and do it all over again.
Jay Schulman: You joined CrowdStrike now, and completely different career from what you were doing at KPMG, thinking about your resume, thinking about how they contacted you, since it was such a departure from what you’re doing today, how did they find you? How did you guys come to the conclusion that you’d be a good fit there?
Justin Weissert: Yeah, ironically that was the same question that I asked when they contacted me, was … I did some research on CrowdStrike, found that they’re a top tier instant response team, they have technology, they have a lot of guys that are doing forensics and things of that nature, things that I had never done before. The first conversation I had with Wendy Rafferty, who’s now the VP of Services at CrowdStrike, was, “I understand. This company sounds great, and I’m really interested, but I want to be very straightforward with you. I’m not the most technical person that you could hire here.”
Her response was basically, “We have a lot of the technical guys. We have the guys that can do the forensics. What we need is somebody that can interface with the customers, somebody that can do the PM work, somebody that can learn the technical side of it.” For me, it was an opportunity to expand, because I think something that I said earlier was that at KPMG I think it gives you a lot of experience across a lot of different areas, whether it’s pen testing, or identity and access management, vulnerability management, and strategy projects. One of the things that I never really got a handle on was the incident response base, and I think part of that was because, at least when I was there, that was rolled up into the forensics team, which was a different group.
For me, this was a great opportunity to fill in that gap on my information security resume. It was a win for me. Hopefully it’s been a win for them. I think everybody’s been happy that I joined. That’s how that conversation went. In terms of how they found me, it was actually on LinkedIn. Wendy reached out to me on LinkedIn. I’m not sure exactly what she was searching for when she found me, but yeah. She reached out on LinkedIn. We did a couple of Skype conversations, phone conversations, and then she flew me out to California, and the rest is history.
Jay Schulman: It sounds like an outstanding career that you’ve had so far, and certainly I spent a good part of it with you. KPMG, CrowdStrike, what’s next for Justin?
Justin Weissert: I think CrowdStrike’s an interesting one because we’re still … Technically I don’t know if we’re still a startup, but we’re still in a phase where we’re looking to either be acquired, or do an IPO, so that’s an interesting dynamic to it. If we were to be acquired by somebody, depending on what that company is, would I want to work there? Could I work my way up? I’m constantly looking to move to the next level, and better myself, and better those around me, so that could be an interesting dynamic.
I’ve always thought potentially the CISA role could be something for me. It’s an interesting question because I think nowadays that role is becoming even more technical. It could be something at the CIO level. It’s interesting too because when I left KPMG, I was entertaining ideas of going to industry, and lo and behold, I ended up at another consulting firm. The next move may still be consulting, but the more I think about it, the more I’m probably going to end up in industry somewhere.
Jay Schulman: I have no doubt, Justin, you have great things still to come. Thanks to Justin for joining us today. Hopefully Justin’s career journey helps you with your own personal journey. If you have comments or questions about today’s podcast, shoot me an email. [email protected]. After listening to Justin today, if you’re interested in being a guest on the podcast, you can do one of two things. Email me at [email protected], or if you actually want to try out for the podcast, dial 224–788–2935 and leave your answers on the voice mail system, and I’ll get back to you personally in just a couple of days. Thanks for listening to our pilot episode, please subscribe to this podcast on iTunes or at jayschulman.com/podcast.
Speaker 3: Thanks you for listening to the Building a Life and Career in Security Podcast with Jay Schulman. For more information and to subscribe go to jayschulman.com.