On the road to CISO: Why FireEye’s James Coyle earned his CISSP with Infosec
James Coyle, Senior US Public Sector Channel Sales Engineer at FireEye, Inc., accepted his first cybersecurity position in the early 2000s at just 18 years old. From subcontracting for Electronic Data Systems to working with resellers at Planned Systems International, James has spent the past two decades building and refining his cybersecurity skillset and bank of industry certifications.
With help from Infosec’s CISSP boot camp, James earned his CISSP certification in his first attempt last September, and has since set his sights on securing a CISO-, CTO- or CIO-level position at FireEye. In the following Q&A, James shares helpful cybersecurity professional development tips and what other students can expect to gain through the Infosec boot camp experience.
When did you decide to pursue a career in cybersecurity?
James: I knew I wanted to go into security after watching Hackers and Sneakers in the 90s. Growing up, I also spent a lot of time teaching myself how to run cable lines and configuring network connections. There was no Google at that time, so you had to manually figure this stuff out.
You had to really know operating systems in order to even get games running back then. Learning those skills has really come full circle and helped me in the long run. It’s easier to understand how things break if you understand how they are supposed to work in the first place.
What led you to FireEye?
James: I applied at FireEye following the Anthem Blue Cross and Blue Shield breach in 2015. I received a letter that said my personal information was exposed to threat actors and quickly became the “angry victim.” I didn’t know the circumstances of the breach, but what I did know was that my information got released and now I had no recourse. I saw Mandiant was covering the breach, so I went online and applied for an open position there. That was when I learned FireEye purchased Mandiant just months before.
I got the job at FireEye three weeks later. Today, I help resellers and system integrators understand how to install, configure and sell FireEye products, services and intelligence. I also help out with reverse engineering and malware analysis for intelligence report writing.
Why did you decide to earn your CISSP certification?
James: I pursued the CISSP certification to help advance my career, but also to brush up on some areas that I have limited experience with such as physical security. Infosec was recommended to me by multiple folks who used to work at U.S. Cyber Command, so I headed over to the Infosec website and decided to enroll.
In addition to the CISSP, I’ve earned a few different Cisco certifications like the CCNA and CCNP. I’ve also held a few other vendor-specific certs for various roles, but so far the CCNA has been most helpful in opening doors for me.
How did the Infosec boot camp compare to other boot camps you’ve attended?
James: Comparing Infosec to other vendors is like comparing apples to oranges. A lot of the other boot camps that I’ve gone through focus on basic material that might not be covered by the exam. It’s great for your general knowledge, but it’s not going to help you pass the exam.
What Infosec does really, really well is keeping things focused on the exam. If others in the class asked really specific questions about their own environment, the instructor was great at refocusing the discussion. He’d often say things like, “Hey, shoot me an email, happy to point you in the right direction or talk offline, but while you’re in class, let’s focus on the material.”
That was really, really helpful. In terms of getting us the right material and helping us understand the domains, my instructor was hands-down the best I’ve had.
Beyond certification prep, did you learn anything unexpected from the course?
James: The majority of the boot camp was focused on certification preparation, but I came away with some really good advice for our partner community. One of my key focus areas at FireEye is to teach partners about our products and how to sell them. Often, we find that partners who are new to the security space are not comfortable having a security conversation with their clients. There is a lot of material from the boot camp courseware I’m using to help teach the basics of security to our partners.
Eventually, we’d like our partners to dive deeper into security subjects, but right now, scraping a little bit off the top of each topic is where we need to start.
As a hiring manager, how has the cybersecurity skills shortage affected your work?
James: I think security is probably the most complex issue of the century. And there’s a lot of different intricacies that folks have to be ready to handle. Our Mandiant services team is often the team called after a breach — they’re like the SEAL Team Six of incident response.
We try to get the best of the best out there, but it is difficult. I read a report saying the skills shortage will increase to 3.5 million by 2021 — that’s just around the corner. We definitely see the skills gap as a compounding issue.
What do you do to keep your own cyberskills fresh?
James: I’ve always leveraged certifications as a way to stay up-to-date on standards and advance my career. At-home labs are also really helpful. You can set up real-world scenarios and practice skills at home.
Beyond security skills, what do you look for in candidates?
James: Self-starters — people who know how to find answers if they don’t already have them while also being open about what they do not know. Not wanting other people to know where your weaknesses are is a weakness itself. These days, Google provides a lot of answers for a lot of people. If you don’t know the answer to a question or challenge, I’d actually take Google for an answer in an interview.
I also look for people who are passionate about what they do. The passion has to be there. It’s the first thing I look for in a candidate. I’ve got it, so I would like to see the next person have it. If you have passion in a particular field, you’ll never work a day in your life. I can tell you I have not worked a single day over the last four years.
What is your biggest career accomplishment?
James: Saving the world. In my role, I’m actually able to limit (and in some cases prevent) threat actors from getting into our customers’ environments. Seeing how fast we can get our customers to respond to those types of threats versus what they used to be able to do is hugely impactful.
I first joined FireEye as a cybercrime victim. I was angry. I wanted to put a stop to it. I’m actually doing that now on a large scale. That is, I would say, the biggest accomplishment in my career.
Any parting advice for other security pros?
James: Always have a mentor. Always. It doesn’t matter if they’re within your company or not. And don’t use them as a whining block. Always approach it as a learning scenario. Give them an unbiased look into your career, ask them for advice and remember to not debate or argue over the advice they give you. If you give your mentor an unbiased look at your career, you’ll get some great guidance throughout your entire life and career.
Infosec Named a Leader in 2019 Gartner Magic Quadrant
Recognized for ability to execute and completeness of vision in Security Awareness Computer-Based Training, learn the latest market trends and what we believe sets Infosec apart.