Michael Howard never stops moving. As the Head of Security Practice at HP, he divides his time between leading a global team of print security professionals and traveling around the world to educate customers about the importance of securing printers.
I was lucky enough to catch Howard for a few minutes in his home office in Colorado. It was immediately clear that Howard is a total brainiac, but he’s warm and easy to talk to, with an easy laugh and a great sense of humor. During our time, he shed some light on his security roots, his work at HP, and why he considers people to be one of the most vital components of cybersecurity.
Go behind the scenes to see the making of a print security pro
When we first sat down, I couldn’t stop wondering about Howard’s background. What type of experiences built such a solid foundation in security? Determined to uncover his history, I asked him outright: What did it take to become a leader in cybersecurity?
Growing up in a military community, Howard aspired toward a classified career in technology—and that’s exactly where he landed. His career began with the US Navy as a cryptologist in 1981 and included a stint working directly with the Department of Defense. While technology frameworks have evolved significantly, Howard said, “The defense mindset absolutely prepared me to understand the hacker.”
However, many of the lessons Howard learned during his early career weren’t just defense-oriented or wholly technical. Howard credits his military background for teaching him how to become a strong mentor, too. “In the military, you have talent and you learn how to maximize your talent according to strengths,” said Howard. “It’s a valuable idea for industry . . . especially for the information security talent shortage.”
Learn a lesson in leadership—balancing strengths
Informed by his defense background, Howard offered an insight for both managers and aspiring information security leaders: Consider your employees’ strengths.
“I tell people to think about their strengths. Whether they’d like to work in a security operations center as an analyst or in a sales-oriented role that involves more trade shows and conferences, there’s a position for everyone within the spectrum of information security. The challenge is simply to figure out the best match between strengths and interests according to positions.”
Howard also spoke directly about the information security talent pipeline crisis. “I believe the enterprise needs to take additional steps to encourage students to pursue careers in the information security field,” he said. When coupled with his strengths-based approach to mentoring talent, it’s among the most hopeful perspectives on the talent shortage I’ve encountered.
Navigate the intersection of technology and people
After leaving the Department of Defense, Howard joined the team at HP. In his current role, he balances a great deal of mentoring, customer education, and strategy—all while traveling around the world nearly year-round. While many would find the lifestyle exhausting, Howard finds wearing many hats fulfilling.
“There’s been quite a bit of change during my time at HP, but there’s a true team mentality, which is definitely my favorite thing about working here,” he says. “We all work together to help each other.”
It’s clear Michael Howard isn’t just a security nerd. His friendliness and willingness to put on different hats show he’s a people person, too. “I pursued a career that involved both technology and people. Information security is just that—the intersection of technology and people.” Laughing, he continued, “And if you want to think about the most pervasive piece of malware on a network, it’s users.”
It just might be Howard’s people-centric perspective that makes him so well-suited to develop effective cybersecurity frameworks.
Set your sights on Black Hat 2018
Before wrapping up our conversation, I wanted to see if I could get any spoilers for Michael Howard’s upcoming presentation at Black Hat 2018. Held this year on August 4–9 at the Mandalay Bay Convention Center in Las Vegas, Nevada, Black Hat is the world’s largest hacker conference: Over 17,000 cybersecurity experts gather there every year to discuss the latest in cybercrime.
The topic of Howard’s discussion this year is “analytics-driven security.” I couldn’t pry much more out of him, though. With a laugh, he insisted, “We don’t want to give it all away.”
Here’s what we do know: 93 percent of cybersecurity incidents in 2017 could have been prevented with best practices, and print security is a glaring weakness for many organizations—91 percent of visual hacking attempts on printers are successful. Those numbers illustrate the widespread problem, but it could be solved with best practices, a strong security framework, and perhaps some analytics, as well.
If you’re fortunate enough to attend Black Hat 2018, you can join Michael Howard and the HP team for “Securing Endpoints Using Analytics and a Proven Framework” on August 8, 2018, at 11:30 a.m., and learn how consistently applied frameworks and analytics-driven print security tools can strengthen your security posture.
Curious to hear more about Howard’s security philosophy? Check out, “Black Hat 2017: Michael Howard talks sheep, hackers, and urgency” or “How vulnerable are you through print security?” And click subscribe at the top of the page to stay tuned for Tektonika’s coverage of the upcoming Black Hat conference.