How I Got Here: How AJ Nash Brought Military Intelligence to Private Cyber

0

It takes everything to build a technology company. Not everyone needs to know Python or C# to make an impact and have a career in technology. An expert in one industry may be an expert in another — it’s just a matter of finding the right way to apply the expertise.

“I’m not a computer scientist or a software engineer or a network engineer or anything like that”, AJ Nashvice president of intelligence at a Baltimore-based cybersecurity firm ZeroFoxTold Technically. “I’m a traditional intelligence guy who works in cyber.”

Nash made his debut in the United States Air Force and worked in intelligence for nine years. He was stationed at National Security Agency for most of his military career. He then spent another nine years using the skills learned in the private sector as a defense contractor.

Finding his relevant skills in the tech world was a happy accident.

defense contractor SAIC recruited Nash in 2007. During the interview, there was a lot of talk about IT and operations research that he knew nothing about. He thought he got the interview wrong, but the company had the people they needed for the technical aspects of the job. What she needed was someone with experience as an intelligence analyst to validate the effectiveness of a cybersecurity product being developed.

Nash’s early days in tech show that you don’t have to be a computer wizard or have an affinity for tech to find a career in the field. It is possible to have desirable expertise and benefit from the technological career application of it.

“It became my niche in the private sector: trying to translate government knowledge and standards on how to create intelligence programs and conduct intelligence activities,” Nash said.

Nash applies the same intelligence standards, skills and concepts he learned in the military to cybercriminals. He said his current job, aside from the virtual cyber-intelligence environment, is similar to that of the military because people are people. His job is to understand the motivations behind the threats and that motivation remains the same: money.

The goal of a cyber intelligence analyst is to understand threats before they hit a company’s cyber environment and provide people with the elements they need to make informed decisions at the right time. In an ideal world, knowing the risk is just preventative and the attack doesn’t happen. When the ransomware attack hits, the intelligence analyst is the one who informs a company whether paying for the ransom attack will recover a company’s data – or if it has already been sold on the dark web.

A business flight

Nash has since gone to ZeroFox, which recently went public and is trying to turn its $1 billion valuation into $10 billion. It is far from where he thought he would grow up. He intended to be a police officer, then a lawyer, until he joined the Air Force. From there, he continued to choose jobs that he found interesting, challenging and valuable.

At the executive level, Nash’s job is as much about getting other executives to understand the value proposition of good intelligence as it is about building a strong intelligence program. This is one of the biggest differences between government and the private sector: the government printed money and it didn’t have to discuss a return on investment.

He must now constantly solve the riddle of how, when a job is done well, it feels like you haven’t done anything at all.

“We know how to be proactive, but how do we do it in a financially justifiable way?” Nash said. “So that organizations can spend the right amount of money to get the right level of security, and own the right amount of risk and understand what that risk is. [That’s] a challenge right now.

He takes on this challenge every day because he believes there is real value in strengthening private sector cyber defenses. In 2021, IBM reported that data breaches cost businesses an average of $4.24 million. It is often said, at least in local governments, that the public sector is technologically behind the private sector. However, it is more sensitive to security needs than the private economy.

“No matter what we plan in life, sometimes life has its own plan,” Nash said of the roads he took to get where he is today. “I’m a big proponent of going with it to a point, as long as you’re doing the right things. The overall plan is just trying to be useful and successful.

Here are some of the tips and tricks Nash has learned on his tech journey:

  • For anyone moving from three-letter agencies to the tech industry, you need to be able to talk to everyone from the non-technical executive to the highly technical analyst in the security operations center.
  • You don’t need technical expertise, but you do need practical knowledge: “Intelligence teams are typically matrix teams made up of many different skill sets. You don’t have to be a unicorn that can do it all.
  • “You have to be someone who is willing to keep learning. Technology is constantly evolving.
  • “You have to be very flexible. Cybersecurity is a 24/7 job. Opponents do not take vacations. If you’re looking for a 9 to 5 lifestyle, this won’t be a great career for many people.
  • “Intelligence is words. It’s really important to be able to communicate at the level of the audience you’re working with. You can’t have a very technical conversation with a senior executive who just wants to figure out what they should be doing over the next six months in terms of their hiring strategy.

Donte Kirby is a 2020-2022 corps member of Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation. -30-
Share.

Comments are closed.