In celebration of this year’s Cybersecurity Awareness Month theme – See Yourself in Cyber – we are spotlighting five VMware security pros to ask them five questions about their career path.
Stefano Ortolani is a staff engineer 2 and threat research lead at VMware. In his current role, Stefano focuses on finding novel approaches to investigate, classify, and detect unknown cyber tradecraft.
Stefano was formerly director of threat research at Lastline, where he joined in 2015 as a security researcher. Prior to Lastline, he was part of the Global Research and Analysis Team at Kaspersky Lab, in charge of fostering operations with CERTs, governments, universities, and law enforcement agencies, as well as conducting research of the global threat landscape. He received his Ph.D. in Computer Science from VU University Amsterdam.
Stefano is a regular speaker at technical conferences and authored / co-authored numerous research papers presented at venues such as Virus Bulletin, Security Analyst Summit, Underground Economy, and Black Hat. He lives in London, England.
1. How did you get involved in cybersecurity?
I guess my adventure started in 2005/2006 when working on my BSc final project. The research topic I chose was a security analysis of a then-popular peer-to-peer protocol. Discovering how the protocol could be attacked to compromise both integrity and communication availability was love at first sight, and it managed to set me on the cybersecurity path (with a network security flavor) for good.
2. Explain your career path. Did you take any detours?
Not really, but I have indeed pursued different interests over the course of my career: from product development to threat research, but also to something much more operational like managing a threat research and response team. If it was about tackling an aspect of what is cybersecurity, I was always interested in testing my knowledge, and learning something new.
3. Was there anyone who has inspired you in your career to help you see yourself in cyber?
That is a tough question. I guess seeing the sheer number of different professionals working in cybersecurity, each of them contributing to the field in a different way, made me understand that there was no real pre-determined path ahead, and that I could just buckle up and carve my own.
4. What’s the best career advice you ever received?
Make sure to find your niche eventually but do take time to explore.
5. What advice would you give to aspiring security leaders?
It doesn’t matter if you start as an incident responder, developer, or threat hunter. Just make sure you also build strong fundamentals, and you will be able to explore the field as you see fit.