SIA RISE Profile: Joel Hosino of Microsoft

Read our interview with Joel Hosino, Security Project Manager, Microsoft, as the Security Industry Association (SIA) spotlights a young professional on the RISE!

Are you a young security professional under 40? We want your story! Contact Bryan Miller at bmiller@securityindustry.org to be featured in a monthly profile!

What first got you interested in security and safety as a career choice?

I was attending school with the full intent of becoming a systems administrator at some data center somewhere. In order to self-fund my education, I took a graveyard shift as a security officer. After completing my patrols and homework assignments, I started to analyze the local physical protection systems. I noticed that many of the IT best practices that I was learning had not been implemented. This was my first rudimentary attempt at penetration testing. Admittedly, I knew only enough to be dangerous but I was curious and that was enough. My findings were as follows: a public VLAN, a total lack of ACLs or firewall rules, default usernames and passwords, Windows clients/antivirus that hadn’t been updated in years, runaway alarms, and misconfigured cameras and Video recorders.

I reported all of this to my management team. They looked at each other nodded and then looked at me and said, ” You seem to know about this. How would you like to manage these systems for us?” And just like that, I started my career as a security systems administrator.

What has your career path been?

For my next job, I was hired to be a security operations center (SOC) operator/systems tech. There, I seem to have done more operations work than I did as a systems tech. Looking back, this was actually really good for my career. I had the opportunity to learn how a good SOC operated. It instilled in me the need for processes and documentation and has given me great insight into the true needs of an operations team.

My next role was as a security technologist at the world’s largest startup. I tested new hardware for desired functionality, programmed and commissioned, and supported the operations team and all of their technology. Most importantly, I learned how important strategic vision and critical thinking actually are to long-term success! I progressed through the ranks going to systems lead and then operations manager.

I now found myself managing a team of engineers that I helped build. This is arguably the most rewarding part of my career to date. I had the extreme pleasure to lead the most talented group of engineers that I have ever meet. As a side note, anyone who dislikes leading your friends at work is arguably surrounded by the wrong friends. Anyone who has supported systems for any amount of time probably has a million and one ways they would change it, providing more scalability or the ease of support. That’s exactly what I did, but at a larger scale than I ever expected.

I started building data centers. I managed multiple concurrent DC builds scattered across the globe all at different build stages. I did that until I realized that I missed the challenge of solving technical problems. I went to my second startup and took the title of senior security operations engineer. In this role, I worked on technical problems and office builds. I migrated the access system from an out-of-date unsupported platform to virtualization and to a fault-tolerant platform. I deployed global visitor management systems and rebuilt the radio infrastructure.

At this point, I only saw office builds on the horizon. I was presented with an opportunity to build out a regionalized C-CURE into a fault-tolerant environment with disaster recovery. I couldn’t help myself! It seemed like an interesting challenge that I hadn’t attempted…until now! After architecting this fault-tolerant/disaster-recovery environment and watching it move into fruition, I left to become a security program manager in the data center space… again!

Who has influenced you or mentored you—either within the security field or outside?

Like any good techie, I was influenced early on by MacGyver. Joking aside, there have been a lot of influences in my life—some good and others not so good. In either case, there is opportunity to learn—either what to do or what not to do. Ultimately as humans, we grow through social interaction, and it is those interactions that help us to develop our own ideas and experiences. Keeping this in mind, every person that I have interacted with has influenced me either directly or indirectly. To call out one person, in the early days I worked with Tony Cassell. He helped to mentor me; he challenged me to think in ways that have directly influenced me to this day.

What do you think you need to enhance your career?

Over the last 10 years, we have seen the convergence of IT and security technology. Over the next five years, information security will play a bigger and bigger part of what we do. Simple things like OS and edge device hardening will become more important. Higher levels of network security like 802.1x and encryption will all become the new norm. The next steps for my career will be to focus on learning and building new information security skills and updating the ones that I already have. I have my eyes on becoming a Certified Ethical Hacker and ultimately becoming a Certified Information Systems Security Professional.

Any advice to young professionals just starting out in the industry?

1. Stay hungry! It’s easy to get comfortable in a role or at a company; try and remember that this comfort is the breeding ground for complacency.
2. Listen more than you speak, but don’t be afraid to ask questions.
3. Think critically and always look for ways to improve the process.
4. Technology changes daily and so should your experience and perspective. In the technology world, if you’re not going forward, you’re getting left behind!
5. My final and best piece of advice is: Always start by defining success. Remember that “Hindsight is 20/20.” It’s easy to see the mistakes after the work has been completed. Turn that in your favor, by starting at the finish line—“Success”. Look back at what needs to align for your projects to be successful. It’s amazing what gaps you can find and how much smoother your projects will run. Good luck!

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association (SIA).