For this month’s employee spotlight, we spoke with Curtis Brazzell who shares his love of hacking and how he built his own cybersecurity path from college through his professional experience.
What led you to your career choice in cybersecurity?
I knew since around 1998 when I was 13 that this is what I wanted to do when I grew older. Since it wasn’t an official field at the time, I decided I would do something in information technology instead. When I went to college, they didn’t have cybersecurity programs so I took networking/information technology courses that I combined with management information system (MIS) and criminology courses to make my own program. I strongly believe in having a good understanding of all areas of technology before learning how to secure them, so I started my career in various IT administration roles before finally joining the cybersecurity space.
What is a typical day like for you?
Night, you mean? Ha! Most of our clients prefer us to work in the evenings when the networks will be least impacted by our testing. I spend most of my time in various Red Team engagements and writing deliverables.
What is your proudest accomplishment in your career to date?
That’s difficult to say, but I’d have to say I’m most proud of having a wide area of experience in the field. I’ve gotten to do everything from IT operations, SQL DBA, administering systems, leading SOC teams, DFIR lead analyzing APT malware, leading incident response efforts, and managing as well as participating on a Red Team. I’m passionate about giving back to the community and developing useful tools that I can open source and give away. I often research and blog about new security findings in my free time, which is something I absolutely love.
What advice have you been given that stuck with you?
“Do what makes you happy.” Turns out that’s hacking for me!
What advice would you give to others looking to enter the technology field?
Don’t be discouraged by the entry-level requirements. Being able to demonstrate your passion and willingness to learn should be more valuable to an employer than existing knowledge. Set up a home lab, blog, do Capture the Flag challenges, or participate in bug bounties to gain experience. Avoid dev nulls (a black hole in Linux), move around in the field, and keep learning. Don’t be content in one area!
What led you to create the “Cybersecurity ABC’s” Book Series?
I always put my family before my work, but sometimes the two commingle. I’m a father of three young children and am always reading them books at bedtime. I wanted to create an ABC book about the one thing I know: cybersecurity! I thought other parents in this field would get a kick out of it and was hopeful they would teach their children about the importance of staying safe and having privacy online. If interested, check it out at CybersecurityABCs.com!
Anything else you would like to add?
You are welcome to follow me on Twitter, check out my blog, and view my GitHub projects.
Interested in joining the Pondurance team? View our current openings!
Curtis Brazzell
Principal Security Consultant | Pondurance
Curtis is a Principal Security Consultant at Pondurance. With a lifelong passion for anything IT-related, he brings a well-rounded skill set to the team and loves to stay technical. His IT career started with years of professional experience as a Database Administrator, Systems Administrator, Senior Security Analyst in a global SOC, and a Lead Digital Forensics Investigator/Malware Analyst before coming to Pondurance to pursue his passion for information security.
Curtis holds a Bachelor of Science in Information Technology and is publicly acknowledged with CVEs for critical vulnerabilities in both FireEye and Adobe products. He has created his own Intrusion Detection and Response platform in his free time and loves to tinker with new innovative ideas. He recently finished the annual SANS Holiday Hack Challenge with a Super Honorable Mention designation for the third year in a row and created the board book series “Cybersecurity ABC’s.”
