An interview with Dan Overton, Deputy EMEA Information Security Officer at Lockheed Martin and Rela8 Group Advisory Board member
It’s no secret that the cybersecurity industry has exploded, not only in size, but in popularity as a career path. With 16 years of experience in the IT industry, Dan Overton has experienced this boom first-hand. Getting his start managing the network of a local college, Dan discovered an interest in IT infrastructure that developed into a passion for cybersecurity. Dan is now the Deputy EMEA Information Security Officer at Lockheed Martin and is looking to do his part in developing the industry.
We spoke to Dan about joining the Rela8 Group Advisory Board and about what can be done to give back.
Q. What has motivated you to want to join the Rela8 Group Advisory Board?
A. My main motivation for joining the Advisory Board really is to give back to the community. I’d like to share my knowledge and experience with other companies, with other colleagues and professionals, and also gain back from them as well, new ideas and experiences and culture. Just better collaboration really.
Q. Joining the Rela8 Group Board is a great opportunity to give back to the Technology Leaders Club community, why is this so important to you on both a personal and professional level?
A. We’re all in it together in cyber. We’ve got a lot of threats out in the world, and everyone is trying to fight the same bad guys. I think it’s really important that we do what we can to collaborate and work as a team as much as possible, despite the fact we are potentially competitors in industry. As security professionals and security teams, we’re on the same side and I think it’s important that we stick together as much as possible and share threat intelligence, share ideas, and just be the best community we can be.
Q. What's been the best piece of advice you were given from a mentor during your career?
A. There are a couple bits of advice I’ve been given that really hit home. The first one, it seems a bit counterintuitive, but never chase promotions. Don’t always look to move up the ladder and progress like that. Focus your time instead on doing the best job you can in each role and naturally your progression will follow behind that without you forcing it. Another one is to try new things. Cyber in particular is a very broad set of skills and teams. Expand your knowledge and try lots of different things! You only get one life and one career, don’t waste it doing the same thing, always try to grow as much as you can.
Q. If you were to give your 21 -year-old self a piece of career advice what would that be?
A. Surround yourself with people that you aspire to be like. You become what you immerse yourself in so surround yourself with successful people who have the right outlook in life and have the right attitude, that will do wonders for you and mean you’re absorbing those characteristics from them. Always push yourself to grow, keep learning and keep pushing yourself out of your comfort zone because that’s the best way to grow. Probably two other bits of advice that won’t come naturally to a lot of people, including myself, but learn to speak up in meetings and discussions. Find your voice. If you disagree with something, you’re paid to do a job and your opinion will be respected. That’s really important and doesn’t come to naturally, especially to introverts. Also on the same page, learn to say no. A lot of people will say yes to everything and get burned out and inundated with so much, so learn to say no but do it in a polite way - definitely a good skill to have.
Q. As someone who didn’t start in cybersecurity but instead pivoted to it while working in another IT position, how easy was it to transition and how has the industry changed today?
A. For me it was definitely a different time period. Cyber wasn’t a hot market anywhere like it is now. It wasn’t such a big industry, it was growing certainly, but it was nowhere near the scale it is now. It was actually surprisingly easy for me to move because of the way I studied and tried to learn as much as I could about it, I found it quite easy to secure a position. If that was today, it would certainly be a lot harder. I’d be competing against a lot of internal applicants with similar interests and aspirations, plus thousands of external candidates. It would definitely be harder which shouldn’t be the case, we should be making security an easy industry to get into but we’re setting the bar too high and not giving people a chance. Often some of the best people I’ve worked with, in cyber or not, it’s their personality and their willingness to learn that stands out. Technical skills can be taught but it’s these soft skills that are harder to improve upon.
Q. As an information security industry, how can we help applicants enter it and remove the perceived 'skills gap'?
A. This is quite close to my heart, trying to get entry level professionals into the industry. The skills gap seems to be there through HR departments. They’re asking too much for entry level positions. They’re asking for 5 years experience, they’re asking for all these certifications which obviously cost money and potentially these entrants aren’t even at the level where they could pass these certifications yet. I think it’s really important that we give people a chance. Attitude is a huge part of it. You can teach technical skills but having the right attitude and work ethic - someone that’s willing to learn and wants to get involved is really critical. At every company you’ve got people that want to move into cyber or information security but they’re not getting the chance because they’re outcast from the application systems because they haven’t got a certain certification. I think if we get security teams looking within the companies, you’ll find an awful lot of talent that would be a great asset once they’ve moved over and I think it’s really important that we try and make that a reality as much as we can.
Q. What's the one piece of career advice you would give to an entry level employee or graduate looking to progress their cyber career?
A. Again, I’d say immerse yourself with people who have the right attitude and crucially with information security, your network is everything as well. LinkedIn, connecting with like minded professionals, start conversations, comment on posts, really get your name out there. A lot of security opportunities are hard to access without those networks. Getting your name out there and getting recognised will go a long way.