Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, strengthening defenses, and responding to incidents are all important separately, but they are far more effective when combined. To that effect, we learn from Ben Hartwick, Associate Director of Digital Forensics & Incident Response, as he brings his in-the-field experience to Tetra Defense.
“I’ve worked in places that really only cared about the bare minimum operations, and here, the focus is just different. We never have to remind anyone to do what’s right. It’s just something we’ve always done, and I just love that.”
How did your career begin?
I came at cybersecurity from a pretty unexpected direction: I went to the University of North Texas to study jazz, thinking I was going to be a jazz musician. Saxophone was how I supported myself all through high school alongside my four-piece jazz band. After a while of inconsistent hours and looking ahead to a more stable career, I started exploring more business opportunities. I even started my own business working with the construction and waste management industry, which after an injury, eventually led me to a role at an Internet Service Provider. This role was mostly doing tech support for users of dial-up internet (it was the 90’s), and it really got my foot in door — both in tech and customer service. It taught me a lot of patience, how to troubleshoot over the phone, and how to adapt to new technologies that allowed my career to adapt as well.
What first piqued your interest in cybersecurity?
I had held several roles within that first company, but after a while, my position was being relocated. Hoping to stay in my neck of the woods, a buddy of mine brought up an opportunity to shift gears towards cybersecurity. All he needed to say to pique my interest in the security aspect was “We need a guy to get stuff done, and you know more than you think you know,” considering my background was more technically focused. With those words, I dove straight into monitoring alerts for clients, helping install and program vulnerability management systems, and I continued to immerse myself in security. I remember learning new things 24/7, eventually working in healthcare, to now, Tetra.
What brought you to Tetra Defense?
In my previous roles, I felt there was something missing when it came to the sense of comradery and teamwork. At Tetra, not only can I work from wherever I am, I can still stay connected to my teammates sharing a common goal. This is something I’ve always admired about the Midwest work ethic — I find there’s always a shared expectation to do the right thing without being told, and people here genuinely care about each client, case, investigation, teammate, and outcome. I’ve worked in places that really only cared about the bare minimum operations, and here, the focus is just different. We never have to remind anyone to do what’s right. It’s just something we’ve always done, and I just love that.
What is a typical day like for you?
My typical day is usually pretty hands-on: I work with my Incident Response teammates to answer any questions and offer any guidance I can to keep cases and investigations moving forward. This involves anything from new case scoping calls, to forensics, to restoration & remediation. I tell all of my teammates that I don’t hold the keys to anything — I love communicating, and my role now is all about learning and teaching the best ways to get our cases solved. After years of really working within the tools, the implementations, even writing scripts, I’m really pleased with how my role is now people-focused.
How does your team interact in relation to others?
My coworkers and I can end up doing very different tasks, even though we all work in the same place. People often have this conception of cyber that’s really one-dimensional. As its most basic, I see at least three dimensions: you can be the red-team hacker that finds access to all of the things, you can be on the defense side looking to be right 100% of the time (because a hacker only needs to be right once), or you can be on the forensics side scouring through puzzles of how attacks played out. Here at Tetra, we have people from each of these dimensions and I see that as a huge benefit, especially for Managed Detection and Response. We have a Cyber Risk team that’s informed by our Incident Response team, and we have a Cyber Defense team that can see the latest vulnerabilities and mitigate them in real time. By communicating what we’re seeing in the field every day, we can make sure that no one can walk through the front door of a network with whatever new tool they’ve used to break it.
Any advice for aspiring cybersecurity professionals?
I recommend going to conferences, even if they’re just virtual for the time being. The reason I recommend conferences are because they provide ways for people to explore each side of the industry in as little or as much detail as they want. This can give any aspiring cyber person a more realistic idea of how the day-to-day work may end up shaking out. Once you know what you’re trying to pursue, take the time to fully immerse yourself in the YouTube videos, the readings, the blogs, and if you stick to it, there will always be great people to work with and learn from going forward.
A non-work related question: How do you like to spend your free time?
In this job that I love, I’m really tied to a computer, phone, screen, etc. The way I stay sane is to totally unplug — and I do so by going away. I head north, I go to one of the Great Lakes, I go to the forest, I hunt, I fish, and I have no signal. I’m lucky enough to bring my family that enjoys the same, and we like communicating just as much without the use of technology.