F5 Labs - Helpers Behind the Scenes
We know that cybersecurity is more than products and tools, it's about the people behind the scenes helping to keep applications safe. To that end, DevCentral is excited to highlight people who work in security for Cybersecurity Awareness Month.
Meet Malcolm Heath from the F5 Labs team. He shares his work with threat research, how he got started in security, and more thoughts in this interview.
DevCentral: To start, tell us a little a little about yourself, what you do at F5 and why it is important.
I’m Malcolm Heath, and I’ve been doing IT and security work since the 1990s. I started off at F5 as an Enterprise Network Engineer, then helped create the F5 SIRT as a Senior Security Engineer, and joined F5 Labs as a researcher about 3 years ago. This may just be my bias, but I see security as a topic that touches nearly everyone, from end users, to tech support, network and systems engineering, specific security roles, all the way to people like me who look at broad trends and big data to try to figure out what the newest and most important threats are.
DevCentral: How did you get started working in cybersecurity? What’s one piece of advice you’d give someone who wants to do what you do?
I started with curiosity. My degree isn’t in computer science, or cybersecurity. Back then, cybersecurity wasn’t something in which you could get a degree! Playing around with computers was something I did in my spare time, and for fun. I feel very lucky that my hobby ended up becoming my career. As far as what I would give as advice, I think “stay curious, stay passionate”. The security field is huge, and there’s always something new to learn, and things change quickly. So if you can bring curiosity, excitement, and a deep desire to always be learning and improving, it’s a very rewarding field.
DevCentral: Tell us a story about the most weirdest, scariest or funniest thing that’s happened while you’ve worked in security.
I was attending a security conference and was approached by someone who claimed to be an agent from a foreign government, and who told me that they had a van full of recording equipment and were spying on all the attendees, and started asking a lot of strange questions about what I did and who I worked for. It was a very strange conversation. I ended up mentioning it to someone else I knew at the conference, who worked in counter-intelligence, who got very serious and left to go "talk to some people". I heard later that the fellow really did have a van full of survelliance equipment. I still don't know if he was actually a spy.
DevCentral: What’s your take on security certifications? If you have any, which ones have been most helpful in your field? If not, why not?
I’ve held several security certifications and a bunch more for different products I’ve used over the years. Certifications won’t make you an expert, or even get you hired, but they are useful for two reasons, in my opinion. The first is that sometimes, having a certification will make it easier to get an interview for a role, or fulfil a requirement for the company. The main reason I pursue them is to a) get a sense of what practitioners in a given sub-field of security consider baseline knowledge, and b) to test myself to see if I meet that baseline. That's useful, and studying for certifications can be a great way to introduce yourself to a new area of knowledge.
DevCentral: What does Cybersecurity Awareness Month mean to you? How do you help protect your loved ones from threats online?
A lot of the risks that people outside the industry face are out of their control, and we all rely on companies to do the right things to protect our data. Some basic awareness of safe practices, like using a password manager, and enabling MFA, and being on the lookout for scams and phishing attempts can help defend individuals from common problems, and keep us all a little bit safer. I try very hard not to scare my friends and family, but rather encourage them to integrate good practices and habits.