Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, strengthening defenses, and responding to incidents are all important separately, but they are far more effective when combined. To that effect, we learn from Christopher Gerg, our Chief Information Security Officer and Vice President of Cyber Risk Management, as he describes how he compiles his vast experience with us at Tetra.
“If you are open to always learning, collaborating with a team, and keeping an ‘I don’t know, but want to learn ’ attitude, you’ll be successful in the technical world.”
What first piqued your interest in cybersecurity?
I went to college to be a programmer — that was the bulk of the curriculum at the time. They didn’t teach you system architecture, they didn’t teach network engineering; if you were going to get a computer science degree, you were going to learn programming. I was good at it and I did fine in my classes, but I didn’t love it. I remember writing a huge program once that was accidentally deleted with no backups, but only a paper copy of it. There were thousands of lines of programming and I had to type it all over again in a short amount of time to complete the project. I remember standing in line when the computer lab opened, and I was kicked out that evening when it closed. I completed the project, the program worked, and then I quickly changed my major to physics. When I graduated, I was open to any and all possibilities within the realm of computers.
How did your career begin?
While I was a recent graduate, I explored many different avenues. I looked into being a high school teacher, I was a private investigator, and I held many different titles that helped me earn what I needed to support myself at the time. A defining moment in my career was when I began a tech support job for Microsoft, specializing in their launch of Windows ’95. My very first phone call was a memorable one as the client told me, “I need you to get this crap off of my computer.” It wasn’t the warmest welcome to the world of tech support, but my former colleagues from that role are still like siblings to me now.
Since that trial-by-fire, I’ve been a system administrator, consultant, I pursued network engineering, and was eventually led to security tactics and penetration testing. I enjoyed this work a lot; I spent three and a half years breaking into people’s computers and networks (using my powers for good, not evil). When my employer at the time began housing the websites of several big-name brands, they expanded their security measures, and I was invited to the other side of the table. Instead of attacking, I was defending. My experience from both sides of security led me to eventually write a book, “Managing Network Security with Snort & IDS Tools.” This was a true learning experience — I think you learn a lot more when you teach others, and I was able to learn a lot in creating this book.
Since then, I’ve worked in the payment card industry, the healthcare industry, and I’ve been an independent contractor. All of that has led me to the position I’m in now, where I help companies build an information security programs either from scratch or build the maturity of a program that already exists.
What makes Tetra unique?
With Tetra, we’ve got this amazing incident response team that works with us as teammates. They are an amazing resource for us and our continued education, and they make it so I have the answers before I take the test. They see how threat actors gain access and what they do once they have it. If I’m going into an organization and I’m offering recommendations or guidance, I know the true impact of these recommendations because one of our teammates is seeing first-hand what can happen when it fails.
Any advice for aspiring cybersecurity professionals?
I remember a former colleague, an associate, actually ask me a similar question. I was a network security manager at the time, and he phrased it, “What book do I have to read in order to do your job?” I knew what he was getting at; he wanted advice on what resources can offer a diverse knowledgebase of cybersecurity. One thing I’ve come to accept is this: If there was a faster way to do what I’m doing now, I would’ve done it. If I hadn’t helped that client from Microsoft get that “crap” off of his computer, if I hadn’t built a bunch of networks, if I figured out how to troubleshoot complicated architectures and configurations as a network engineer, I would’ve missed very important lessons.
Experience is the ultimate teacher, and this is demonstrated in my career as well as those of my former and current colleagues. Some of my best, most experienced IT teammates came from college majors of Russian Literature, high-level theoretical math, and various other disciplines. What truly serves you well in the world of cybersecurity is how well you can draw upon your own skills, how well you can figure out solutions to new problems, and if you can do it all while the alarms are blaring. I encourage students to pursue a broad background and broad range of experiences that they can then share with their teammates to continue their learning.
A non-work related question: How do you like to spend your free time?
I’m an avid gamer in my free time — mostly with friends and former colleagues. As far as hobbies go, I try to put my physics degree to use through my interest in astronomy. I have a telescope, I have photography equipment, and I even had a website to showcase my landscape photography. Aside from the “nerdy” toys I’ve accumulated over the years, I’m getting my pilot’s license and hope to earn it within the year. The first thing I hope to do with it is to rent a plane and take my family on our own short trips here in the Midwest.