Michael Howard never stops moving. As the Head of Security Practice at HP, he divides his time between leading a global team of print security professionals and travelling around the world to educate customers about the importance of securing printers.
I was lucky enough to catch Howard for a few minutes in his home office in Colorado. It was immediately clear that Howard is a total boffin, but he’s warm and easy to talk to, with an easy laugh and a great sense of humour. During our time, he shed some light on his security roots, his work at HP, and why he considers people to be one of the most vital components of cybersecurity.
Go behind the scenes to see the making of a print security pro
When we first sat down, I couldn’t stop wondering about Howard’s background. What type of experiences built such a solid foundation in security? Determined to uncover his history, I asked him outright: what did it take to become a leader in cybersecurity?
Growing up in a military community, Howard aspired toward a classified career in technology – and that’s exactly where he landed. His career began with the US Navy as a cryptologist in 1981 and included a stint working directly with the Department of Defense. While technology frameworks have evolved significantly, Howard said, “The defence mindset absolutely prepared me to understand the hacker.”
However, many of the lessons Howard learned during his early career weren’t just defence-oriented or wholly technical. Howard credits his military background for teaching him how to become a strong mentor, too. “In the military, you have talent and you learn how to maximise your talent according to strengths,” said Howard. “It’s a valuable idea for industry… especially for the information security talent shortage.”
Learn a lesson in leadership – balancing strengths
Informed by his defence background, Howard offered an insight for both managers and aspiring information security leaders: consider your employees’ strengths.
“I tell people to think about their strengths. Whether they’d like to work in a security operations centre as an analyst or in a sales-oriented role that involves more trade shows and conferences, there’s a position for everyone within the spectrum of information security. The challenge is simply to figure out the best match between strengths and interests according to positions.”
Howard also spoke directly about the information security talent pipeline crisis. “I believe the enterprise needs to take additional steps to encourage students to pursue careers in the information security field,” he said. When coupled with his strengths-based approach to mentoring talent, it’s among the most hopeful perspectives on the talent shortage I’ve encountered.
Navigate the intersection of technology and people
After leaving the Department of Defense, Howard joined the team at HP. In his current role, he balances a great deal of mentoring, customer education and strategy – all while travelling around the world nearly all year round. While many would find the lifestyle exhausting, Howard finds wearing many hats fulfilling.
“There’s been quite a bit of change during my time at HP, but there’s a true team mentality, which is definitely my favourite thing about working here,” he says. “We all work together to help each other.”
It’s clear Howard isn’t just a security nerd. His friendliness and willingness to put on different hats show he’s a people person, too. “I pursued a career that involved both technology and people. Information security is just that – the intersection of technology and people.” Laughing, he continued, “And if you want to think about the most pervasive piece of malware on a network, it’s users.”
It just might be Howard’s people-centric perspective that makes him so well-suited to developing effective cybersecurity frameworks.
Set your sights on Black Hat 2018
Before wrapping up our conversation, I wanted to see if I could get any spoilers for Howard’s upcoming presentation at Black Hat 2018. Held this year on 4-9 August at the Mandalay Bay Convention Centre in Las Vegas, Nevada, Black Hat is the world’s largest hacker conference: over 17,000 cybersecurity experts gather there every year to discuss the latest in cybercrime.
The topic of Howard’s discussion this year is “analytics-driven security”. I couldn’t pry much more out of him, though. With a laugh, he insisted, “We don’t want to give it all away.”
Here’s what we do know: 93 per cent of cybersecurity incidents in 2017 could have been prevented with best practices, and print security is a glaring weakness for many organisations – 91 per cent of visual hacking attempts on printers are successful. Those numbers illustrate the widespread problem, but it could be solved with best practices, a strong security framework and perhaps some analytics as well.
Curious to hear more about Howard’s security philosophy? Check out, “Black Hat 2017: Michael Howard talks sheep, hackers, and urgency” or “How vulnerable are you through print security?“