My entire 10-year career at Stanford has been in the School of Engineering. I was hired as a systems administrator but quickly ended up volunteering myself for security-related tasks because of the clear demand for such work. Having a background in building and fixing technology solutions has been instrumental to my specialization in security, as it’s very difficult to understand the latter without the know-how afforded by the former. As a senior systems security engineer, I’m currently one of two security leads for the School of Engineering.
My journey has been a bit circuitous, as I leveraged my initial position of fairly limited scope into an expansive portfolio by taking on more responsibilities and projects over the years. I’ve learned that if you do good work at Stanford, you will be rewarded with opportunities to do more good work. My primary duties are full-stack management of systems and servers in a medium-sized data center for the School of Engineering, which entails expertise in networking, storage, virtualization, and security.
Another hat I wear is staff advisor and coach for Stanford Applied Cyber, a student group focused on all aspects of cybersecurity. I’ve served in this role since 2015, when I supported the club’s founding members. The club – which currently has around 70 active members – is open to all students. Perhaps predictably, a fair number are from the Computer Science department, but we also have students from Electrical Engineering, Symbolic Systems, Civil and Environmental Engineering, Aero/Astro, and beyond. Diversity in many forms is one of the club’s strengths and a mainstay of its success.
Recently, the prolific talent of Stanford Applied Cyber’s competition team was recognized with a victory in the National Collegiate Cyber Defense Competition (CCDC). Over the past eight years, the team has participated in over 70 cyber competitions, achieving top placements in more than 20 of them. Notably, we secured three consecutive National Championships in the Collegiate Penetration Testing Competition (2017, 2018, 2019), and attained third place in the National CCDC in 2020 and 2022 before taking the championship title in 2023. These team-based competitions involve authentic cyber tactics in which the students take on the role of either an offensive actor, like a red team or a penetration tester, or a defensive role. They’re intended to mimic almost exactly what you will find in a real-world scenario, like attackers trying to infiltrate a business and deploy ransomware.
Every season brings a new theme to the National CCDC. This year’s competition took place within a fictitious urgent care medical facility, simulating a very dynamic and intentionally stressful environment. During the competition, the team had to keep the health care facility’s technology services up while trying to thwart a professional red team from compromising the infrastructure and exfiltrating sensitive data, all while simultaneously completing injects, business continuity tasks that the team must respond to in a timely fashion. Our team has been competitive at the National CCDC level for years and we are thrilled that we finally broke through with the big win.
Coaching is an honor and privilege. Not only do my efforts foster the advancement of these incredibly talented students, but my own skills and capabilities have also rapidly accelerated. I’ve learned as much as I’ve taught, a dynamic worthy of lifelong pursuit. Of course the students eventually graduate, and while bittersweet, I stay in touch with many club alumni who go on to exceptional careers in the cybersecurity industry and public service, and many who come back to help guide and coach the next generation.