IDG Connect December 17, 2020 – Secret CSO: Steve Tcherchian, XYPRO Technology

What was your first job?

At 15 years old, I was a data entry intern. Repetitive tasks have never been appealing for me. I quickly figured out a way to automate my data entry work which allowed me to come in late, leave early and take 3-hour lunch breaks, all while getting my work done. Unfortunately, the company I was working for didn’t really see the benefit in my automation and decided to let me go. Oh well. At 17, I was in my senior year of high school and had a full-time job. I would often start my days very early and not finish until 2am — 6 days a week. I didn’t have a mentor at that age, so I had to decide for myself what was right and wrong.

How did you get involved in cybersecurity? 

I was always good with technology. I was always curious, and I always enjoyed taking risks. I still do.  At a very young age, I would break things just to see how they worked and tried to put them back together. I wasn’t always successful and would often get in trouble for it.

What advice would you give to aspiring security leaders? “My best advice for career trajectory is no amount of formal education can substitute for hands on hard work and real-life experience.”

This translated over to when I got my first computer at 9 years old – a Packard Bell 286. I would constantly take it apart and put it back together — again, not always successfully.

Once I got bored with that, I began writing programs. I spent a lot of time on iRC, AOL and Usenet groups sharing programs, or Warez and meeting other like-minded people.

I would run home from school, sign on using my dial up modem and continue writing programs, until my mother would yell at me because the phone didn’t work.

This allowed me to realise my capabilities — both good and bad. I started joining “groups”. As the internet started gaining more popularity, we would have fun online, we would be annoying, sometimes disruptive, but we didn’t see it as harming anyone. Social engineering wasn’t really a thing back then, but it existed and those who knew how to use it, used it to their advantage. We were kids in our early teens and didn’t really know any better.

As time went on, some of my friends delved deeper into this type of lifestyle and started getting attention. I saw some of my friends getting into trouble with the law. I had to decide: Is this a path I wanted to follow?

I have a lot of family and friends in law enforcement. I remember one conversation where a Sherriff’s Department friend of mine said “You know, the best criminals can make the best cops, because you already think like that.” The statement had a massive effect on me, and I consider it a turning point in inspiring my career. I knew most of the tactics, most of the strategies. After this conversation, I made a conscious decision to educate and help rather than damage and disrupt. I have had no regrets.

What was your education? Do you hold any certifications? What are they?

 I majored in Computer Science at California State University Northridge. I have a CISSP Certification, I am PCI-ISA and PCI-P certified. I have multiple Cisco and Microsoft Certifications and a couple of CompTIA certifications. When I was younger, I would often study and experiment on my own and challenge myself by taking certification exams.

 

To read the full interview, please visit IDG Connect.