A 2017 report by the Center for Cybersecurity and Education predicted that there will be 1.8 million unfilled cybersecurity positions globally by 2022, which is a 20% increase from the same prediction in 2015. Marc van Zadelhoff, General Manager of Cybersecurity at IBM, wrote for the Harvard Business Review that a dominating reason for this significant talent dearth is that security organizations “tend to look for people with traditional technology credentials—college degrees in tech fields, for example. But security is truly everyone’s problem; virtually every aspect of personal and professional data is at risk. So why are we limiting security positions…when we desperately need varied skills across so many different industries?”
Deja vu Security takes that advice to heart and is pursuing talent from outside traditional cybersecurity spaces. Enter Ryan Harasimowicz, a new Security Consultant at Deja.
Before getting into cybersecurity, Harasimowicz was an architect for fifteen years. Architecture was appealing, he said, because “I like to know the way things work and how they’re organized—the way things have symbiotic relationships to work together.” But his love for technology stretches as far back as his time in architecture graduate school, where he taught himself scripting languages for fun, and researched identity and how people represent themselves in the virtual world. Fifteen years later, after a successful architecture career designing projects ranging from technologically advanced laboratories to custom residential spaces, Harasimowicz did some introspection and asked himself, “What did I always find interesting?” One answer to that was technology. He took some programming classes on the side and said that programming “was actually cooler than I’d remembered.” So, he went back to school, first earning a graduate certificate in software development and design, and then a master’s in cybersecurity from UW Bothell. After that, Harasimowicz packed up his life as an architect and came to Deja vu Security.
But even if he was interested in technology for decades, why cybersecurity and not another discipline? Architecture seems to be about construction, whereas cybersecurity is often about deconstruction. At first-glance, they appear to be diametrically opposite worlds. Harasimowicz says that’s not necessarily the case: “There’s so much unintended functionality [in tech] that can be used to do cool things. It’s a game, there are these rules—how can I subvert the rules and do something different? It actually parallels a lot of what goes on in my mind in executing good architectural design: With buildings, you set up a logic and a set of rules, and then look for opportunities to break them for maximum effect. Setting up rules is only interesting for so long—there’s a point at which some rules can and maybe ought to be broken.” He recalls one of his first experiences as a hacker, though he didn’t think of it that way at the time: He was in grad school for architecture, and he and his fellow students were using cutting-edge 3D modeling programs for design. In order to better run the tools, they began constructing their own machines, tinkering with the computer hardware, unbuilding and rebuilding them until they could handle the sophisticated software.
Now Harasimowicz is a Security Consultant at Deja, currently in his fourth month. He likens himself to a “big sponge” thrown into the deep end, learning from his colleagues at a breakneck pace. “They’re an exceptionally intelligent and creative group. It’s amazing to watch the stuff they’re able to find and do on daily basis. It’s a little humbling.” But Harasimowicz’s expertise has already greatly benefited Deja: “I work together with other security consultants to analyze clients’ products and systems for security vulnerabilities. I’m particularly interested in virtualization, blockchain, and cryptography. Those are a few areas of cybersecurity I think have a lot of promise—blockchain in particular.” As a consultant, Harasimowicz switches engagements, or projects, once every few weeks to every few months. He says he likes that the work “isn’t just one singular vertical silo…I get to touch a broad spectrum of different technologies.” And his work as an architect—learning rules in order to break them—is proving useful. He says, like architecture, “one of the coolest parts of [work at Deja] is figuring out ways to take seemingly unrelated things and tweak them a little and reapply them in places that are unexpected, or in ways that aren’t immediately obvious, to see what happens.”
Harasimowicz already has some prescient words of advice for both individuals and organizations dealing with sensitive data. For individuals, he stresses a “fundamental awareness of what we’re doing online. It’s like a lawyer never asking a question they don’t know the answer to. If you have a question of what will happen when you do something online, maybe you shouldn’t do it.” (He jokingly adds, “…Or at least do it on a friend’s computer.”) Organizations, he says, need to understand that “customers are your most valuable asset, and protecting your customers and their data ought to be paramount in your thoughts. A lot of [Deja vu Security’s] clients do understand that and as a result, they’re hiring us to help look after and safeguard their customers’ data.”
After over a decade in architecture, Harasimowicz has already proven to be a great asset to Deja, bringing a unique perspective on and passion for tactical construction and deconstruction—first for buildings, and now for technology systems for some of the world’s biggest companies. But Harasimowicz knows he will always be learning, and greatly admires his colleagues, who he says “inspire” him: “They say you should make yourself a little uncomfortable every day in order to grow, and I’ve definitely been achieving that in the best way possible.”
Deja vu Security also continues to grow and is always looking for cybersecurity professionals at all levels—from associates to principals—and from a variety of backgrounds. Check out our careers page for more info or get in touch by emailing us at firstname.lastname@example.org