Breaking into Cybersecurity - Ben Wilcox

Описание: Breaking Into Cybersecurity with Ben Wilcox (ProArch CTO & CSO): Career Pivots, Consulting, and Securing AI Agents

In this episode of Breaking Into Cybersecurity, host Chris interviews Ben Wilcox, CTO and CSO of ProArch, about his career journey and advice for newcomers. Ben shares that he has been in IT security for roughly 30 years, became more focused on cybersecurity around 2007 through network security and critical infrastructure work (including network segmentation), and gained an early cloud security perspective after completing a pioneering 2008 Lotus Notes to Exchange Online migration. He explains how a mentor helped him bridge technical and business perspectives and describes his nontraditional start in tech in the early 1990s: building a popular link-list site, monetizing it with banner ads, getting kicked off an ISP for bandwidth use, and then launching a small web hosting business with friends using Red Hat Linux and Apache. After the 2001 dot-com bubble burst, he moved into system integration and consulting, including remediating a campus-wide worm outbreak ("Red Alert") that highlighted poor segmentation, then later pivoted into software and program development despite lacking PHP experience, learning quickly with support and by asking for help. Ben discusses early-era application security practices (front-end hardening, field validation, mitigating XSS, and keeping platforms patched, including challenges with Adobe Flash and ColdFusion) and how he stays current through continuous learning, taking on uncomfortable challenges, conferences (including regional events like the Rochester Security Summit and larger ones like RSA), podcasts, and reading. For people entering cybersecurity amid automation and generative AI, he emphasizes foundational knowledge, strong soft skills, certifications, and recommends starting at consultancies or technical service providers for high-volume exposure across domains (GRC, SOC, engineering, architecture) and structured mentorship. He also describes what currently concerns him: identity-driven attacks (phishing and MFA fatigue), which his organization mitigated by adopting passkeys, and the growing risk of data and visibility challenges from agentic AI services and shadow AI procurement. He argues that agent identities will create identity problems at scale and that zero trust, greater visibility, governance, and security tooling will be needed to manage the expanding AI attack surfaces across prompts, front ends, internet egress/ingress, model variability, and inter-AI interactions. The episode closes with Ben encouraging listeners to say yes to opportunities, build people skills to differentiate from AI, and connect with him on LinkedIn   / ben-wilcox   or at [email protected]

00:00 Welcome to Breaking Into Cybersecurity + Meet Ben Wilcox
00:49 Ben's 30-Year IT Journey: From Network Security to Cloud (2007–2008)
02:49 Early Internet Hustle: Dial-Up Days, Link Lists, and First Web Hosting Business
04:19 Dot-Com Bust & First Security Firefights: Worm Outbreaks and Network Segmentation Lessons
05:44 Big Pivot into Software Development: Learning PHP, SharePoint, and Joining ProArch
08:44 How Cybersecurity Showed Up in Early Web Dev: Patch Pain, Flash, and Basic App Security
10:21 Staying Current: Continuous Learning, Incident Response Mindset, and Conferences
13:00 Breaking In Today: AI, Foundational Skills, and Why Consulting Accelerates Growth
17:49 What Keeps a CSO Up at Night: Identity, Passkeys, and Agentic AI Risk
22:41 Securing Enterprise AI: Zero Trust, Expanding Attack Surface, and Visibility Gaps
26:14 Final Advice & Where to Connect: Say Yes, Build People Skills, and LinkedIn