Shaun Bertrand, Senior VP of Security Programs at CBI
Shaun Bertrand’s enthusiasm for cybersecurity is contagious. A 25-year veteran of the field, he is passionate not only about his day-to-day work leading the Red Team at cybersecurity solutions firm CBI, but also about helping others excel in the field. Shaun’s core area of expertise is penetration testing and vulnerability assessment services for enterprise organizations. He is a frequent speaker, advisor, and instructor and a member of the Hacker Hall of Fame for Constant Contact, Evernote, and Symantec.
Shaun is also one of the coordinators and instructors of tccyber, a cybersecurity learning and professional development community hosted by 20Fathoms in Traverse City, Mich.
What is your professional background?
I started my career as a security consultant at CBI in Detroit and I am still with that company, although I now live in Traverse City. I have always been passionate about penetration testing and ethical hacking, so I invested in that area and built the Red Team at CBI. We now have around 15 consultants on the Red Team and we’ve done about 1800 engagements.
What is the Red Team?
The Red Team is the offensive side of cybersecurity. We’re ethical hackers who break into an organization’s system so that they know where the holes are and can fix them before damage is done. There is also a Blue Team which is the defensive team.
What are your responsibilities in your current role?
I oversee a team that facilitates security service for a wide range of customers. We do everything from risk advisory to penetration testing to application security to incident response.
What do you most enjoy about your work?
I’m really passionate about cybersecurity. Even though I’ve been working in the field for 25 years, it still excites me. It’s a challenging industry because you’re always learning and it requires tender loving care to keep your skills up to date.
Also, I’m surrounded by a team of rock stars and it feels good working with smart people like these Jedi Knights.
What do you see as the greatest challenge in you field?
There’s no silver bullet to improving security. A lot of attacks we deal with are aimed at the end user – the recent Twitter attack is a great example of this. Over the last 10 years, there’s been a lot of investment in cybersecurity, but we’re also dealing with much more advanced attacks now and there’s no silver bullet to deal with the impact of these threats.
What opportunities do you see in your field?
Artificial intelligence and machine learning: in the next 5-10 years, we’re going to see them playing a very impactful role in security. Further in the future, we’ll see algorithms fighting algorithms.
What interested you in working with 20Fathoms on the tccyber program?
When I moved to Traverse City a few years ago, I set out to give people here an opportunity to embed themselves in the cybersecurity industry. I started the ISSA [Information Systems Security Association] chapter in Traverse City and we brought speakers in and granted our first scholarship last year.
tccyber is the next step and Keith [Kelly] has been a catalyst for disseminating more opportunities for cybersecurity in our community. We want to help empower the local community and accelerate careers in cybersecurity.
What advice would you give someone who is considering a career in cybersecurity?
Ask yourself why you’re interested in cybersecurity. If it’s something that truly excites you and you’re passionate about it, then go for it. It’s critical to have both the interest and a willingness to learn the fundamentals.
What do you like to do for fun?
I have a wife and 5-year-old twin boys and I like to disconnect and spend time with them. We like to go camping at the tip of the Keweenaw Peninsula in the UP – there’s no cell service!