On this episode of The New CISO, Steve is joined by David Lingenfelter, the Vice President of Information Security at Penn National Gaming, to discuss the requirement to constantly learn and evolve in the IT security field.

After falling into his passion for IT, David quickly realized just how far his knowledge could take him if he constantly built upon it. Now after a nearly 30-year-long career in IT, with a focus on computer security, he shares his experiences growing and advancing through his work in the industry. Listen to the episode to hear more about David’s journey, his advice for beginners in the field, and his thoughts on IT management.

Listen to Steve and David discuss knowledge and advancement in security:

Meet David (1:20)

Host Steve Moore introduces our guest today, David Lingenfelter, who shares a bit about his past and how he got his start in cyber security. 

The Wild West of IT (4:11)

When David began his career in IT in the early 90s, modern technology like remote access was not standard in work computers. Reflecting on his past, David discusses how he learned to market these new products to average users who didn't understand IT.

Constantly Learning (7:46)

Before beginning his career, David was told, "if you never want to be bored, if you want to constantly be learning, go into Security." As a beginner in the field, he constantly played with new technology and learned defense methods against the ever-evolving security attacks on IT systems.

Make It or Break It (11:44)

The IT security field is demanding new strategies and technologies to combat threats. David stays sharp by constantly theorizing with colleagues, "how can we make this work? And better yet, how can we break it?" He found that by working together to build something or tear it apart, you can learn how different technologies would typically work in the security space.

Go Play - Go Learn (15:12)

Steve asks David for his advice to those who wish to start or evolve in the IT security field. Additionally, they share their thoughts on creating educational lab environments and needing to have the genuine desire to learn and grow in computer security.

Business Management & Security Leadership (19:25)

David is now a VP of a company, which is a significant transition from where he started in IT. He describes the differences that he noticed between being a technical leader and being a business leader. Additionally, he and Steve discuss the new responsibilities that come with the business side of computer security, like product investments, protecting intellectual property, and more.

Mark Your Celebrations (28:50)

How do you celebrate when you receive funding to create technological advancements in computer security? David shares the ways that he demonstrates the value of his product creations to funders.

Operational Mantras (31:36)

David holds monthly meetings with his company's IT team to show them different things that they're doing from a security sprint, different threats coming up, etc. He values communication with his team as one of the ways to connect all operations of his business.

End User Maturity (34:12)

Implementing new security protocols for end users can often be met with resistance. David shares his thoughts on the topic and how to balance focus on implementing security and doing so in a way that has the least impact on end users.

Building Confidence & Asking Questions (38:04)

It is essential for leaders in the workplace to feel confident in their team. Steve asks David to share the one thing a security leader can do to increase their confidence in their team that represents the analytic capability of their organization. David cites the importance of communicating with team members, asking questions, and finding answers.