Meet the Security Field Day Delegates: Paul Snyder

By Jamie Easley, Airheads Community Manager
Share Post

I’m amped up about Security Field Day next week. I had the opportunity to spend time with Paul Snyder, an IT risk consultant at a major insurance company and a Security Field Day delegate, and we had a great discussion on ways to secure your smart home secure and how to get more kids into cybersecurity. Follow Paul on Twitter at @PTSnyder.

Jamie Easley: When you’re not soaking up cybersecurity at events like Security Field Day, what do you do?
Paul Snyder: I work as a governance consultant for Pacific Life. A high level, I lead an annual security program roadmap initiative. I work with the team for risk, doing status reporting and creating initiatives for key risk indicators, or KRIs. I own our policies and align them with our privacy and compliance division. I review industry regulations and make sure that the documentation we have is aligned and mapped to them. I’m on the GRC side of the house.

I started here two months ago. Before that, I worked as a consultant at a boutique IT risk management firm for three years.

JE: How did you get into security?
PS: I got a degree in information security. I worked at IBM right out of college, and I was plugging away as a security analyst when a boutique firm in Detroit scooped me off LinkedIn. The next thing I know, the guy I worked for asked me if I was interested in doing an encryption assessment. Yes! I really enjoyed it.

JE: What motivates you to do what you do?
PS: As I do business with companies as a consumer, all too often it becomes apparent that they’re collecting my data. And maybe they’re not doing their due diligence or care about my data the way I do.

What motivates me is I can work for an organization that makes an impact, whether I’m consulting or in-house. I can use my skillset and work in an industry that I’m passionate about to protect data for people like myself.

JE: There aren’t enough cybersecurity experts to go around. What do we need to do to attract more young people to the profession?
PS: I found my passion as a kid in school because of a computer science teacher who took the extra time in her day to nurture an interest I had in IT. She could see that I had an interest, and spent that little extra time with me.

I’m in the Orange County area, and I’ve been involved with a handful of STEM events for kids, and that’s a great place to get them interested. It gets kids hands-on and learning, stimulates kids’ brains and keeps them out of trouble.

JE: What's the biggest security risk that you think people overlook or don’t know about?
PS: People overlook the value of strong passwords, whether accidentally or on purpose. There are a ton of password safes on the market that are free to consumers. Most people don’t use them. People want passwords they can remember. Then they use the same password for every system.

JE: Do you think people are becoming more aware of what they need to do to stay protected?
PS: The awareness is going up especially as breaches are made public through social media, but the “it’s not going to happen to me” mentality is an issue.

It’s up to an IT security team within an organization to promote security awareness, especially with more regulations coming to light around data privacy.

JE: What's your favorite technology gadget?
PS: Alexa. I really like smart home devices.

I understand a lot of the issues from a security standpoint. I went overboard protecting them. All of my smart devices are on a separate network, and I bridge Alexa so it will still work. My outlets, lightbulbs and thermostat are networked, but they don’t have an Internet connection.

I guess you could say that I use efficient and compensating controls to protect my AI devices.

JE: Do you think AI will used for good or evil in cybersecurity?
PS: AI will be used for the good, the bad and the ugly. The good guys will use it to automate work. Tools like user behavior analytics, or UBA, are starting to make determinations, which are beneficial.

The bad guys can use AI to understand key aspects of how people behave, too. The downside will outweigh the good. People are the biggest risk, and understanding their behavior is a huge advantage to crack a person.

The ugly part is organizations can use AI to collect data and they might not do the right thing because they don’t have to. That’s why the CCPA, or California Consumer Privacy Act, really interests me. We need to work at a government level to protect residents against organizations that might not have their best interests in mind.

JE: Who do you admire most in the security industry? Why?
PS: Wolfgang Goerlich. I worked for him for three years as a consultant and I learned a lot from him. Working with someone who is passionate about what they do is positive energy to feed off. It was an incredible opportunity. I was a leech and I learned everything I could.

JE: What is your current favorite (tech) meme/GIF?
PS: When people say, “We think we may have seen an event,” I like to respond with the Little Caesars Pizza “we’re going off the grid” meme.


For a chuckle, check out the whole ad. 

Paul is a delegate at the Security Field Day on Fri., Dec. 14 at 9am PST. Watch the live stream here. 

Meet the Other Delegates

Ethan Banks talks cybersecurity and winter peak bagging.