Welcome to Episode 7 of the Building a Life and Career in Security Podcast.
Today’s guest is Adam Shnider. Adam is currently Vice President of Professional Services at Coalfire. Besides his roles in consulting, he’s also served as a Chief Information Security Officer.
Adam and I talk about moving from a consultant to a CISO, moving from Chicago to Seattle, and how to deal with lots of travel.
[powerpress] Links from the show:
[content_toggle style=”1” label=”Show%20Episode%20Transcript” hide_label=”Hide”]
Adam : Careers aren’t built by going to work every day and punching a clock. You have to spend that time to learn and grow and look to get different experiences or else you will get stuck in one spot.
Announcer : From the jayschulman.com studio, this is the Building A Life and Career In Security podcast. Now, your host, Jay Schulman.
Jay : Hey thanks, it’s Jay. Welcome to another episode of the Building A Life and Career In Security podcast, the podcast that let’s you see how others grew their information security careers.
Today’s guest is Adam Shnider. Adam has spent most of his career consulting in Columbus, Chicago, and Seattle for companies as small as 35 people to some of the largest in the country. He’s also been a CISO for a public corporation. Adam shares his experiences on growing up in information security, including sharing what it was like to move from Chicago to Seattle.
Adam : My career background is, I started out right out of college. Got recruited through the highest university interview process with Deloitte & Touche. They came in and I got to interview with the partner from Deloitte in what was then ERS, the processing systems integrity group, that focused on the large implementations of the Enterprise Resource and [inaudible 00 = 01 = 20], SAP, the Oracle. Started at Deloitte after that recruiting process, very excited about the opportunity, and just to have a job coming out of school and have a plan before I graduated, which was great.
Deloitte was a great place to start. I learned a lot, got a lot of good training. I really enjoyed my time there. At that point I got an opportunity at KPMG in Chicago when I was at a pivotal point in my early years in my career because it gave me a step up in pay as well as a step up in title as an opportunity to start to get a little bit more involved in leading projects and doing some light people management as a Senior Consultant at KPMG.
Made the move there, spent 2 1⁄2 years at KPMG in Chicago, then on my way to get married decided with my, at the time fiance, to transfer to KPMG Seattle and then spent another 2 1⁄2 years in Seattle KPMG. Both locations offer great opportunity to learn and grow my career to be a manager at KPMG in Seattle.
Then around 2003, Sarbanes-Oxley was coming into play and it was looking pretty contentious between the external auditors, which KPMG was, and I had about 25–30% of my work was doing external audits and didn’t really want to be part of the contentious environment. Decided to take an opportunity to go on the other side of Sarbanes-Oxley at the time, which was to help develop a program at Jefferson Wells that would support customers in getting prepared in doing their own internal assessments and audits for the Sarbanes-Oxley requirements.
I spent just about 5 years are Jefferson Wells, then left Jefferson Wells, spent a little bit of time doing my own contracting, independent thing. Worked a little bit with Microsoft doing some work. Then for 5 years I spent at Coalfire Systems moving up within the company as a Security Consultant turned Director, turned Managing Director, and then a Vice President of the west region.
Real got excited about, not only serving clients and supporting their security initiative, but also building a business because when I started at Coalfire it was 35 people. When I left in 2014, it was about 250 people. I saw tremendous growth. Got to be part of some of the business planning and understanding of how the business functioned.
Finally, the last 8 months when I left Coalfire, I spent with Riverbed Technology as their Chief Information Security Officer. That would take a lot of the work that I had done with clients in the past as a Virtual CISO, as a Security Consultant, as a Compliance Consultant, and as a Auditor and Assessor and put it into practice for the short time I spent with Riverbed to accomplish a whole lot of great things. With it a great team of security professionals with a team that I built. It was a small team of 5 of us in security by the end of it. The time was rewarding and the stuff we were able to accomplish and the changes we were able to make in that time and the road maps we were able to put together.
Recently returned back to Coalfire, and I’m now the Vice President of Professional Services here so I get to do a lot of the business management, as well as advising customers on some of the trends and challenges in information security and compliance these days.
Jay : As a consultant, I know one of the struggles that I personally have with a family, I know you have a family as well, is travel. You want to talk a little bit about how travel plays into your work life balance?
Adam : It’s a great question. Travel is definitely a part of every consultants life or almost every consultant’s life. The interesting part of my career is, one of the reasons Jefferson Wells at the time was very compelling was that there was going to be limited travel and at the time I had a 1 1⁄2 year old. Just a little tike. I wanted to spend more time with her, and I like to think she wanted to spend some more time with me. For the next 5 years, about 3 1⁄2 to 4 years of that, my travel was limited to maybe 4 or 5 trips a year.
As they got older though, and luckily I have a supportive wife that came out of the consulting industry as well and also the security industry, so she understood some of the trails and tribulations and expectations in order to grow my career. Whether it was in consulting or really any company and any roll, as you grow your career, travel’s going to be a part of that. We’re no longer a world of companies that are in one location. Usually it’s all over at least the country, if not the world. Travel is going to be a part of any individuals career that is looking to grow and expand their experience and also identify and be part of larger opportunities to lead and run and manage larger, and larger responsibility areas.
Jay : Yeah, well said. I know a lot of questions I get from interviewees is about travel, so I like how you put that. One of the questions that I ask everybody is: think back in your career journey to something that you were really challenged with making a decision and it really went well for you. Can you bring us back to that point in time and talk about how hard it was to make that decision but it really worked out for you?
Adam : I think a lot of the decisions I made in my career were for the positive and I’ll explain that. Not every one was a perfect decision. I would say that making the decision to move from Deloitte to KPMG offered me some opportunities that Deloitte was not offering me at the time.
Then also when I came to Coalfire, there were some opportunities here in the small company as well as some challenges that I faced as being part of that smaller organization that, at the time, didn’t have the process. Didn’t have the maturity that the Deloitte, KPMG, and even Jefferson Wells as they, as a larger organization, had with the backing of their parent company.
I think that one of the most rewarding and nerve-wracking times was my decision to come to Coalfire because I had always been in such large organizations and was use to comfort of knowing that I was with an organization that was already established, already grown, and already had gone through a lot of the growing. Coming to Coalfire was one of the best decisions that I did agonize over just because I have never worked for, what was essentially, a start up.
The way I looked at it, and as I learned throughout my career and the advice that I’ve given to a lot of the people that have come to Coalfire that have worked for me is: sometimes you have to take that risk even if it’s a mistake, it’s a good decision because we learn from those mistakes. If we don’t take the risk to move into something and try something that we haven’t before that could help our career, or could be something fun, or something more exciting, or even to expand our horizon. It’s hard to propel your career if you are doing the same thing every day. The more people that take the risk and dive into security, the better chance we have of supporting each other, and supporting organizations, and protecting their intellectual property, and their customers personal information.
Jay : If you read about, not that you and I are anything like the millionaires and billionaires of the world, but they say that the biggest difference the Elon Musks and Bill Gates is that they take risks. I like how you kind of put that but with risks, they don’t always turn out in your favor, and I know that you said that you’re always kind of a positive person, but can you talk about a risk that maybe you took that, in hindsight, you’d want a do over?
Adam : Yeah, I don’t know that I’d call it a, “Do over.” As I mentioned, I spent a short time at Riverbed recently. I had a great experience there. It was a great company. I don’t know that I would look back at my career and wish I could do anything over or redo anything. I think every step of the way I learned something, and that’s the value I got out of it.
I definitely, I wonder if things hadn’t changed the way they had, and some of the going private and the other things that came with that had transpired and decided to come back to Coalfire, what I could have accomplished as a CISO of a [inaudible 00 = 09 = 41] company for a longer period of time.
I don’t regret going there. I had a great time there. I met great people there. Did some great work there. The timing was just off with me, really. The time that I wanted to have the opportunity to really build the security program that I really wanted to complete.
Jay : If you’re talking a little bit about the time you spent as a CISO, I think a lot of young security professionals look at that as something that they want to attain. Can you talk a little about thinking through, or the advice that you give somebody early on in their career today who wants to be a CISO as to what they need to do to get there?
Adam : Everybody’s path is a little bit different. I would say that earlier career, find yourself a mentor. Somebody whether it’s your manager, whether it’s another person in your organization that has similar interests to you that way you can talk to and bounce ideas off of. I’m a big believer in finding people that you can work with that you can bounce ideas off of.
I think that the second thing is: always look to take on more when it comes to your ability to learn. I know when I started out in my career I was very excited about the opportunity at Deloitte, but also after about 6 months I got nervous that I was going to be pigeonholing application security. Probably what made me more successful was taking that time and really knowing everything that I could learn about a single application and how it functioned inside and out.
Careers aren’t built by going to work every day and punching a clock. You have to spend that time to learn and grow and look to get different experience or else you will get stuck in one spot.
Jay : That answer, in and of itself, is a class in growing your security career. One last question. Is there a difference, do you think, when you moved? I think a lot of people kind of face the question or the risk of moving from one city to another. Did it make a difference from your day to day job living Chicago or living in Seattle?
Adam : I was lucky enough to move with the company that I was with. I got to leverage a little bit of the political capital and reputation that I had built in Chicago with KPMG when I moved to Seattle. There were senior managers that had spoken, and the reason I got the opportunity to move was because of the relationships and reputation that I had built in Chicago. I don’t know that it totally changed my day to day job, but it definitely was almost like a restart to my community and network perspective.
Jay : I remember the first trip that I made out there to see you in Seattle. You said, “Jay, we don’t cross the street like you do in Chicago. You can’t just cross in the middle of the street.”
Thank you for doing this today. Appreciate the time. If people liked what they heard today and want to connect with you, how can they reach out and find you?
Adam : They can find me on LinkedIn, just look me up on there, A. Shnider. They can also reach me at firstname.lastname@example.org. Shnider spelled S-H-N-I-D-E-R. If you just type it, I won’t get it if it’s spelled a different way then the Shnider.
Jay : All right, thanks. Thanks to Adam for joining us today. I thought Adam really nailed the advice on how to grow into a CISO role. I highly recommend listening to that again if you’re interested in becoming a CISO. If you reach out to Adam, make sure he knows that you heard him here on the podcast. If you have any comments or questions about today’s podcast or want to join me to talk about your career journey, shoot me an email at email@example.com. If you found this podcast valuable, let me know by leaving a comment in iTunes.
Thanks for listening to this episode of Building A Life and Career In Security podcast. Please subscribe to this podcast on iTunes or at jayschulman.com/podcast.
Announcer : Thank you for listening to the Building A Life and Career In Security podcast with Jay Schulman. For more information and to subscribe, go to jayschulman.com.