Sean Thomas has worked in higher education for 25 years, evolving from desktop support and systems administration to IT security, with a focus on cyber defense and security awareness. He was a part of the team that created Embry-Riddle Aeronautical University’s cybersecurity program. Sean teaches SEC301: Introduction to Cyber Security.
What made you choose to work in security?
I’ve worked in IT in higher education for over 25 years, with my roles changing over time. I started as a student assistant in computer labs, then worked at the helpdesk answering phones and performing field support. I managed computer labs and academic systems and eventually moved into networking and then server administration. During my time as a server administrator, I dealt with security because the university didn’t have a formal security team. When the university decided to establish a dedicated information security team, I was asked to be a founding member and helped shape it into the amazing team it is today.
I feel that my experience working in all those areas of IT, along with the relationships I built supporting the organization, especially the various academic areas, has helped me become a better security practitioner. While I didn’t initially choose the field of security, my career path naturally led me to it, and it’s where I belong.
What was your first SANS course and GIAC certification?
I took SEC501 with Bryce Galbraith at SANS 2013 in Orlando, Florida. I passed the GCED four months later.
What course do you teach?
I teach SEC301: Introduction to Cyber Security. This is such an incredible course. One which could be the first computing or security class our students have ever taken. It is truly a foundational course that can be the only security class you ever take or the first of many courses taken to develop a diverse cybersecurity skill set and kick off a career in the field.
Why do you teach, research, and practice information security?
Our world is completely reliant upon technology. Every aspect of our lives is in some way connected – be it our food supply; transportation; power, water, and other utilities; communications; entertainment; finances; and more – all of it has a technology component that ends up online. While this is helpful to those managing the infrastructure that makes those things work, it is also a massive target for those wishing to do harm. Additionally, so much of our personal and professional lives exist in a digital form – from our most sensitive personal data to the things we choose to post on social media – all of this is a target for those attackers.
I practice and teach information security because protecting those systems and data is absolutely critical to ensure our survival as a society. Humanity today needs these information systems, and we need them to be configured correctly and defended against all attacks, even accidental ones. I work to protect the systems at my university, and I teach so more people can be prepared to do so in their organizations. Training the next generation of security practitioners is essential to ensuring we can maintain our current systems and grow their defense against accidental or intentional disruption - to protect our data, privacy, and core infrastructure we rely on to survive.
What tips can you provide to cybersecurity and defense newcomers?
Start with the basics. Make sure you establish a strong foundation of essential knowledge and skills. There is a LOT of information out there and a LOT of different paths you can take. After you have built your foundation, explore the different aspects of cybersecurity and defense and find the ones that interest you most. You may find you like some fields and that you would prefer to stay away from others. Pick a direction that interests you and pursue as much knowledge as you can in that area. Seek out those who are strong in that area and ask to learn from them. If you have the option to shadow people in the field, do it! Build relationships. Find a mentor. And most importantly, never be afraid to ask for help, opinions, or options.
Who has influenced your information security career?
John Strand was one of my first instructors at SANS and guided me during my initial forays into teaching with SANS. He served as my mentor for many years and provided invaluable advice which helped to shape the way I approach both information security and teaching.
A colleague at the university, who prefers to remain unnamed, has worked with me in many capacities for nearly 20 years. He has been a teammate, supervisor, mentor, and most importantly, a friend. He recognized my potential and helped shape my career path, guiding me both directly and indirectly into who I am today.
My wife has stood by me and subtly (and not so subtly) pushed me in the directions that she recognized were best for me, even when I was reluctant to see that path.
What do you want people to know about you?
Having worked in higher education my entire career, the concept of “student first, always” is a significant philosophy of mine. I strive to ensure that whatever I’m doing while working on the security team at the university or teaching for SANS, it is done with the intent to ensure the best experience and outcomes for the student.
Favorite quotes, songs, or books?
I can often be found listening to Mozart’s Requiem, Beethoven’s 9 Symphonies, or Dvorak’s New World Symphony.
What are a few things you enjoy that people may not expect?
From my last answer, you may be able to guess that I am an avid classical music fan. In fact, when I started college, I studied music education and vocal performance. I changed direction midway but have always had a love of classical and choral music.
I am a woodworker. I love going into my workshop and designing and crafting things out of wood. It is a great escape from the highly technological world I work in most of the time.
I also enjoy going on cruise vacations with my family.
Check out Sean’s SANS profile to see when he’s teaching near you and sign up for a free demo of SEC301.
