Diego Mendoza completed the operational cybersecurity triad last year, and is sharing his story to inspire others looking to excel as a cybersecurity leader.
To earn the SANS Operational Cybersecurity Triad, one has to complete a trio of particular training and certifications, although earning the certifications is not a requirement:
- LDR516: Building and Leading Vulnerability Management Programs
- LDR551: Building and Leading Security Operations Centers | GIAC Security Operations Manager (GSOM) Certification
- SEC566: Implementing and Auditing CIS Controls | GIAC Critical Controls Certification (GCCC)
Did you achieve the aligned GIAC certifications? How do you view the significance of certifications with your cybersecurity training?
Yes, I achieved all the triad GIAC certifications to ensure mastery in critical and specialized operational triad infosec domains. The GIAC Security Operations Manager (GSOM) certification has given me the tools and resources to master building and managing Security Operations Centers (SOCs). The GSOM aligned LDR551 training is management oriented and improved my skills in prioritizing security operations tasks to stop today’s advanced cyber threats.
During this training, the instructor mentioned the SEC450: Blue Team Fundamentals: Security Operations and Analysis training, which is technically oriented and has a GIAC Security Operations Certified (GSOC) certification. I also decided to pursue that certification to enhance my technical mastery further to defend an enterprise better using blue team incident response tools and techniques. I also became GIAC Critical Controls Certification (GCCC) certified, which is the only certification based on the Center for Internet Security (CIS) Critical Security Controls.
This certification offers vital techniques towards a prioritized and risk-based approach to cyber security. It is an essential certification for security operations, as it helps the participant improve their skills and mastery in assessing and implementing Critical Security Controls. It includes a set of actions published by the Council of Cyber Security, as well as performing security controls monitoring and an audit based on the standard related to other information assurance standards, such as ISO 27000 and NIST 800-53.
The LDR516: Building and Leading Vulnerability Management Programs training does not have a GIAC certification yet. However, it is essential training for the Operational Cybersecurity Executive Triad, as it shows the participant the most effective ways to mature vulnerability management programs and move from identifying vulnerabilities to successfully treating them.
Did having this defined career path triad help you in shaping your career? How?
Initially, when I saw SEC566: Implementing and Auditing CIS Controls training, it immediately caught my attention due the wealth of knowledge this training offered. Therefore, I decided to get certified, as it shows how an organization can defend its information using vetted cybersecurity frameworks and standards. Years later, I noticed the GSOM certification was released and that, along with the Operational Cybersecurity Executive Triad, was my motivation to become certified in all the certifications aligned with the triad.
For over eight years, I have been working in 24/7 SOCs in a lead and management capacity. The Operational Cybersecurity Executive Triad helped further strengthen my knowledge, skillsets, and abilities, and confirmed that my true passion for the Security Operations field. As a result of this rigorous training and certifications, I have become a stronger and more well-rounded cybersecurity leader, which is a vital need in today’s dynamic online world.
Can you share a bit about your background? How did you decide which triad to pursue for your training and certification roadmap?
I have over 16 years of work experience working in the private sector and state government, primarily focused on security operations, cyber security, information technology, and project management fields. For over four years, I have been working for State of California as a supervisor for a Statewide Security Operations Center (SOC), which provides services to over 100 State departments.
Before this, I also worked for one of the largest State of California agencies that implemented the first 24/7 SOC in the State. I worked there for about four years as a lead cybersecurity specialist. Moreover, I’m GIAC Certified Forensic Examiner (GCFE) and CompTIA Security+ certified. In addition to my work experience and cybersecurity-related certifications, I also have a Bachelor of Science (B.S.) in Computer Engineering and a minor in Computer Science from the California State University Sacramento (CSUS).
The combination of work experience, education, and extensive cybersecurity executive triad SANS training has allowed me to acquire strong experience in building and managing SOCs. As a result of this, and since I already was GCCC and GSOM certified, it was clear that the triad that aligned best with my career was the Operational Cybersecurity Executive Triad. Security Operations has always been my passion, and for this reason, I pursued the GIAC Critical Controls (GCCC) certification, the GIAC Security Operations Manager (GSOM), and lastly, the GIAC Security Operations Certification (GSOC) to master not only the technical and management sides, but all aspects of SOCs.
Did you come into the training program with a clear idea of your end goal and where you wanted to go? Can you share what your vision was for yourself and your career?
When I became GIAC Critical Controls Certification (GCCC) certified, the end goal needed to be clarified, as the Operational Cybersecurity Executive Triad did not exist, and the other Security Operations trainings and certifications (GSOM, GSOC) were not available. However, when the other courses in the Operational Cybersecurity Executive triad became available and were released, it gave me a clearer idea of my end goal. It helped me confirm that my passion and career goals aligned more with the Operational Cybersecurity Executive triad.
Would you recommend other security leaders or leaders-in-training pursue completing a SANS Cybersecurity Leadership triad?
Both SANS Cybersecurity Leadership triads are excellent, but my recommendation for other security leaders or leaders-in-training is to take some time to analyze both triads, to determine which one is more aligned with their career goals. Reading the training syllabus for each triad training course helps the participant get more clarity about which triad to pursue.
Is achieving the Triad something you have put on your resume?
Absolutely, especially given that it takes a lot of discipline and dedication to study and pass the Operational Cybersecurity Executive triad certifications.
What do you think drew you toward a security leadership career path?
My work experience and educational background are what drew me towards pursuing a security leadership career path. As mentioned previously, I have a B.S. in Computer Engineering and a minor in Computer Science from CSUS. I have always strived for excellence; therefore, I graduated with honors and as a member and former officer of Tau Beta Pi (tbp.org), the National Engineering Honor Society in the country that represents the entire engineering profession. When I started to see cyber-attacks became more common, sophisticated, and more expensive, it was clear that there is a need to make a foundational shift in viewing operations from the point of view of an adversary to protect an organization’s assets and information effectively.
Also, after seeing so many challenges within organizations related to Security Operations, I decided to get certified in Security Operations related GIAC certifications to provide significant contributions and a proactive leadership approach within SOCs to convert challenges into process improvement opportunities by using the knowledge and skills acquired from the Operational Cybersecurity Executive triad and key strategies for World-Class Cybersecurity Operations Centers to improve the maturity level of Security Operations and decrease an organization’s risk profile.
What advice might you give to others in a similar position as yourself with regard to training and/or career progression?
Taking the triad training is an excellent way to learn very valuable knowledge and skills from experts in the field. However, getting the triad certifications and putting in extra effort and dedication will be even more beneficial from a career progression perspective.
Did you learn any lessons along the way when completing your triad that would be helpful to pass along to future cyber security leaders?
I would recommend taking some of the training twice (if possible) in case you feel overwhelmed by the end of the training.* The amount of information could be overwhelming, especially if you have not worked in more than one Security Operations Center. However, after taking the training twice, it allows the information to sync further, and topics start making more sense.
Learn more about the Operational Cybersecurity Executive triad and view the list of those who have earned it.
*Alumni may take the same course at any time, even years later, for 50% off. For more information, please email customersuccess@sans.org.
