I first met Nicole Hoffman, who is a Security Investigator for Cisco Talos and part of our Strategic Analysis, Threat Intelligence and Interdiction team, during the recording of the Talos IR On Air… Read more on Cisco Blogs
I first met Nicole Hoffman, who is a Security Investigator for Cisco Talos and part of our Strategic Analysis, Threat Intelligence and Interdiction team, during the recording of the Talos IR On Air Q1 2023 episode. This was a live broadcast in which we discussed the trends observed by the Talos IR team in the past quarter. Nicole’s team, among many other things, put together these quarterly threats overview. During the On Air recording, I noticed that Nicole had great camera presence and was able to articulate, what most people would consider, complex topics in a language that really anyone would understand. A techie with the gift of gab! I was immediately interested in Nicole’s path into cybersecurity and in general, as a professional.
What inspired you to pursue a career in cybersecurity?
I graduated high school and initially started a career in the medical field. I went to school to be a medical assistant, and then I started nursing school. I worked for a short time as a phlebotomist, which is a medical professional who is trained to perform blood draws on children and adults, but it was really hard for me to find a job, because my husband was in the military. This meant that we moved often, and this was not expected to change any time soon. At some point I decided to make a career change so that I could have multiple skills that would allow me to find work regardless of where we moved to. My husband, who was a network engineer in the military, already had a lot of Cisco books on CCNA and CCNP preparation. I started studying remotely, making use of all these textbooks and aiming for a career as a cybersecurity engineer. While studying for my CCNA, however, I found it quite boring. It wasn’t until I attended my first cybersecurity conference virtually that I got excited about the topic. The conference was called ATT&CKcon, and the talk that I watched showed how the MITRE ATT&CK framework helped a threat intelligence team track targeted intrusions. To be honest, I didn’t understand all of it, but I found it totally fascinating. I have never looked back.
How did your friends and family react when you first started your career change?
Originally, they assumed it would be something that wouldn’t stick. I don’t think they assumed I would get as passionate about it as I am now. But my husband was very supportive, maybe partly because he knew he would save money as we already had a lot of textbooks on the topic. Besides, he had a degree in the field and has been in the industry for 20 years now. We continue to support each other. He is such a good person to have around not only as a mentor, but also if I have a question while investigating something or in an area which is outside my technical knowledge. Also, it’s nice to be able to just chat about cyber stuff at home. So yes, I think originally everyone thought it would just be a phase, and I would probably go back into medicine and continue nursing school once my husband got out of the military, but that hasn’t been the case.
What were the things that you would say has formed your career as a threat intelligence professional?
I would say that after that first conference, I really enjoyed not only attending conferences in person, but also virtually. I find the research fascinating. A lot of the first jobs I had in cybersecurity were at startups with very little resources and dedicated cybersecurity staff. This meant that I rarely had a group of other threat intelligence professionals in the company that could teach me the way things are done. A lot of times it was a group of interns who were all equally lost trying to find their way through a problem. This is why I came to value people who share their research, do open-source projects, or present their knowledge at conferences. This was a chance for me to learn. I relied on open-source tooling for the bigger part of my work, and it wasn’t until I gave my first conference talk that I realized I could be one of those people who gives back to the community. It was a very heartfelt realization.
The first conference that I spoke at was GRIMMcon in 2020, which is one of my favorite conferences. I later talked at the SANS Threat hunting & Incident Response Summit, and the SANS CTI Summit in 2021 and 2023. I still find it very emotional each time I present. It is something that I look forward to, as a way to pay back and connect with the people that I look up to in our field. But the most exciting thing is that this year, I actually got to speak at ATT&CKcon in October 2023, which is the reason why I’m in threat intelligence. Together with a Talos colleague, we presented a talk about the benefits of creating your own knowledge base using ATT&CK as a taxonomy specifically for tracking adversaries over time. It is very special for me and my family to hold this presentation, closing the circle.
What’s your single most important piece of advice to people considering a career in cybersecurity?
Don’t spend your time, money, and effort getting a bunch of certificates before you know what you really want to do. I see a lot of people come in and they immediately start getting focused on certificates. Some of those certifications cost thousands of dollars and are a big investment of your time and money. I did one of the entry-level more affordable certifications, Sec+, and it has been very useful for getting a foot in the door, but I would say, don’t spend a bunch of time and money and effort, especially if you’re going to school already. There’s only so much you can absorb, and your brain is probably already fried. Before you sign up for anything, first do your research, look at the type of things you would be doing in the job, and only search for certificates that would potentially benefit that specific role.
Maybe you can talk a bit about social presence and brand because you’re one of the professionals that has a clear brand.
I would say there are two parts to it. First, if you enjoy having your own research or having your own blog. or anything that you want to share with the community (without having to necessarily ask permission or have someone edit it and change your vision), then having your own blog is super useful. Even if it has nothing to do with cyber, you could still share it with people and you could still build up a social presence.
Having this social presence, especially in the remote workforce, is a way for you to not only promote yourself, but also network with other professionals. I’ve met so many people just by writing a blog, and then someone says, ‘oh my gosh, I love this blog. It really resonated with me.’ One of my best friends in the field, John Doyle, wrote a blog about burnout, which really connected with me. When I read it, I was deep in the pit of burnout, but I was in denial. After reading that blog, I reached out to John to thank him.
The other part of keeping an active social presence has to do with skills marketability. It’s important to promote yourself, promote your own brand, especially when things do not go as planned and maybe you get laid off or the company hits hard waters. You can then always reach out to some of the people that you’ve met through networking and see if there’s anything that they can do to potentially get you a new job.
What is the one thing you wish you had known at the start of your cybersecurity career?
The importance of soft skills and just talking to people. When you’re first starting out in a career field, it can be very intimidating. Luckily, I had a mentor early on who would tell me ’If you really want to learn about the field, you want to learn about the different types of jobs out there or if you want to go work somewhere, talk to the people that work there. Say hey, can we go get a coffee? Can I just ask you a few questions?’
This was actually how I got my first job in cyber. I asked the CEO of a small local company if he wanted to have coffee, and he ended up hiring me while we were at the cafe. It’s really important to not forget that people are just people, even if they’re in a position of power and soft skills are really important.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Meet Nicole Hoffman, a Security Investigator for Cisco Talos, who shares about her career journey in cybersecurity in this blog. Read More Cisco Blogs