A headshot of a man smiling at the camera against a white background framed in a grey frame with a hexagonal pattern.
David Lenoe. Image: Nitro

‘If you’re working in security, there are going to be crises’

12 Apr 2022

Nitro’s David Lenoe talks about the personality trait that makes him well suited to an infosec career and why the industry literally has a lot of job security right now.

Click here to view the full Infosec Week series.

For David Lenoe, the topic of security was first brought to his attention when he was working on a product team at Macromedia that went through a third-party security review.

He enjoyed learning about security vulnerabilities and was soon asked to help out the company’s lone security specialist.

“I really liked the process of setting up a new security programme. We started hiring more people and things started to get more progressively more exciting, challenging and interesting in the security space,” he told SiliconRepublic.com. “At that point, I was committed!”

Lenoe now works as a vice-president in security and engineering foundations at software company Nitro.

‘Once you have “security” in your title, you’ll get a lot of interest from recruiters’
– DAVID LENOE

What brought you to your current job?

I spent a long time helping to build the security team and programme at Adobe after Macromedia was acquired by Adobe in 2005. During the early days of the pandemic, I started to think more about my time on the brand-new security team at Macromedia and how much fun it was working at a small company.

Some time later, Nitro reached out to me about a role on their security team. I loved the company culture and liked the idea of working on a nascent security programme at a growing company.

It was a little scary stepping away from a company and team I was very comfortable with, but the people at Nitro have made it a really easy transition!

What were the biggest surprises or challenges you encountered in cybersecurity?

In terms of surprises and challenges in my security career, it’s the usual story for me – zero-days, incidents, breaches. Good times! I dealt with these challenges poorly at first – in other words, getting really stressed – but over time I tried to focus more on the things that I could control and on letting go of the things I couldn’t.

I also tried to look at each of these challenges as learning experiences. If you’re working in security, it’s inevitable that there are going to be crises. It’s important to try to tackle them in a healthy way.

Was there any one person who was particularly influential as your career developed?

Brad Arkin, former CSO at Adobe and current CSO at Cisco, has been and continues to be a big influence for me in my security career. He’s a great leader, lots of security experience, and doesn’t take himself too seriously.

Prior to Brad, Karen Catlin, another former manager, was a big influence on me – she always put people first and I felt like she was looking out for me and for the team. That’s the kind of employee I aspire to be.

What do you enjoy most about your job?

Besides working together with smart people whose company I really enjoy, I like the idea that my job is, to paraphrase the TV show Silicon Valley, helping to make the world a better place.

What aspects of your personality do you feel make you suited to cybersecurity?

I have been told that I present as very calm even during stressful times. Although I may not feel calm inside, I gather that this trait helps to defuse tense situations.

What can people expect from career progression in the cybersecurity industry?

To make a terrible pun, there’s a lot of job security in our area of focus these days. Most organisations, big and small, have to contend with cybersecurity and privacy challenges right now – so there are a lot of opportunities.

Depending on whether you want to be a hands-on practitioner or pursue a leadership track (or both), you can find a position that will help you grow.

I like to focus first on finding people that I want to work with, and then go from there – Nitro was a great fit in this regard.

What advice would you give to those considering a career in cybersecurity?

If there’s a security team at your organisation, spend time with them, ask them how you can help, volunteer to be a security champion, etc. There’s almost always a lot of work to do and a lot to learn as well.

If there isn’t a security team, suggest that you might be able to start one! Or at least be a part-time specialist. See if you like it and bail out if you don’t. And once you have ‘security’ in your title, odds are that you’ll get a lot of interest from recruiters.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Loading now, one moment please! Loading