By Matthew Stern – CompTIA
It was a few days after the go-live date for the much-discussed General Data Protection Regulation (GDPR), and things in Europe were getting back to business as usual. In the UK, Chris Hodson, chief information security officer (CISO) and data protection officer at Zscaler, hadn’t received too many GDPR-related inquiries from the clients he advises on matters of cybersecurity, policy and compliance. His schedule was, nevertheless, as full as ever – and he sees it as a bonus.
“I have the luxury that I get to go to all these market-leading organizations and listen to their challenges and give my view from the field,” Hodson said.
Hodson’s immersion in the world of IT compliance doesn’t start or end with the headlines. Every day involves thinking not just about regulatory compliance, but the countless other pieces of today’s complex cybersecurity puzzle.
That’s because cybersecurity is no longer just about deploying the right malware scanner or correctly configuring a firewall. Keeping any organization safe is about setting standards for how people use networks and applications, who can access them, how they’re architected and a long list of other controls.
It’s this complex matrix of relationships between people, process and technology that Hodson analyzes and communicates to make sure any enterprise he works with meets the world of cyber-threats with a comprehensive stance.
It’s high-level stuff. But Hodson’s combination of high-tech understanding, strategic acumen and futuristic foresight are all rooted in IT basics. At their foundation is the CompTIA A+ certification.
The Language of Computing
Sometime in the late 1980s, a young Hodson inserted a cassette tape into the uniquely designed tape-drive on the keyboard of his family’s Amstrad CPC 464. In those early days of home computing, if you wanted to play a game, you learned rudimentary troubleshooting skills pretty quickly. Working around all-too-common crash screens, Hodson booted, then rebooted.
Getting a game to load, he found, could be as exciting as the game itself. And there were other features of the technology that piqued his curiosity. How, he wondered, were the commands that he typed making graphics appear, move and change on the screen?
At school, he was exploring a love of language that, in the UK’s hierarchical educational system, would mean a career in academia. But for Hodson, an interest in how words function fit into a bigger picture.
“I think that’s intrinsically related to wanting to know how computers work,” Hodson said. “You’re not happy to just take something and use it. You’re looking at it and thinking, ‘Where did that come from?’”
Hodson took this fascination with what made systems tick and went down a then quite non-traditional path. Rather than continuing with school, he took his largely self-taught body of tech knowledge and landed in a jack-of-all-trades IT role at a small law firm in Peterborough.
Bounding Through the Ranks with Certification
Understanding a computer, understanding the constituent parts, understanding the software on a foundational level – having that breadth is important. I think CompTIA A+ is a good place to start.
As the new guy on a small, scrappy IT team, Hodson was filling a lot of roles and learning a lot. But as he moved onto a bigger company with more regimented IT demands, he wanted a more structured understanding of how things actually worked, not just what it took to manage them.
It was the early ’00s. And just around the time that Hodson realized he needed a regimented walkthrough of ground-level computing, CompTIA had begun to provide it – with the first iteration of CompTIA A+.
In a part-time course at the National IT Learning Center, Hodson earned the IT certification and, shortly thereafter, picked up CompTIA Network+as well.
“It [gave me] a confidence and a grounding,” Hodson said. “I began working on things like AS400 systems, looking at token ring networks people had at the time, understanding ethernet and [local area network (LAN)] constructions in more detail. I don’t think I’d have done that without the exposure of the A+ and Network+.”
From there, Hodson experienced more than a decade of career leaps, moving through the worlds of retail, gaming, finance and media, and into roles both more technologically sophisticated and more strategic.
Witnessing technology deployed across a diverse array of business environments, he developed a unique perspective on how people, environments and solutions all fit together to underpin business IT. Alongside that, he saw a critical change to the computing landscape; networks were once niche and now they were mainstream – so cybersecurity, once an afterthought, was now a non-negotiable part of any organization.
This, for Hodson, was undoubtedly the future.
The Ties Between Tech and People
Hodson finds gaps. Gaps that appear between company’s policies and how their networks operate. Gaps in encryption. Gaps in data protection moving back and forth from the cloud. And a host of other gaps that hackers are always on the lookout for as they seek a way into a network.
To find those gaps he has to understand and appreciate the psychological motivations of a malevolent actor.
“Maybe that’s some kind of subconscious anti-establishment attitude,” Hodson said.
But Hodson, firmly on the side of the good guys, isn’t just using his expertise and insight to the benefit of the businesses he advises. He’s also doing it for the good of the cybersecurity profession.
As a member of CompTIA’s Cybersecurity Advisory Committee (CAC), he helps revise and update intermediate and advanced cybersecurity certifications, including CompTIA Cybersecurity Analyst (CySA+) and CompTIA Advanced Security Practitioner (CASP), using his experience from the field to make sure CompTIA is benchmarking and testing on the things the most advanced cybersecurity professionals need to know.
And while making big decisions at this level may seem like a world away from the support-level IT role in which he began, for Hodson, the past isn’t so distant.
A Solid Foundation for Any Tech Career
Some things never change. Today Hodson has an Xbox One sitting next to him in his home office. It’s a more sophisticated machine than the CPC 464, but it fulfils the same need for the still-ardent gamer.
Likewise, while today’s networks and computers – never mind smartphones and tablets – might have been unfathomable a few decades ago, enterprise technology is built around the same basic architecture as its antecedents.
And so even as Hodson is always engaging, explaining and telling the story of the granular complexity of the new tech world (and even publishing a book on it; his forthcoming Cyber Risk Management) he still sees those CompTIA A+-level basics as the foundation of it all.
“If you haven’t had that grounding in how computers work, that’s really where you need to start. Understanding a computer, understanding the constituent parts, understanding the software on a foundational level – having that breadth is important,” Hodson said. “[Whether someone wants to pursue] cybersecurity, database engineering, forensics or application coding, I think CompTIA A+ is a good place to start.”