Diego Mendoza: Completing the SANS Operational Cybersecurity Executive Triad

Diego Mendoza completed the operational cybersecurity triad last year, and is sharing his story to inspire others looking to excel as a cybersecurity leader.

To earn the SANS Operational Cybersecurity Triad, one has to complete a trio of particular training and certifications:

Did you achieve the aligned GIAC certifications? How do you view the significance of certifications with your cybersecurity training?

I not only completed the three triad trainings, but also achieved the triad SANS certifications to ensure mastery in critical and specialized operational triad infosec domains. The GIAC Security Operations Manager (GSOM) certification has given me the tools and resources to achieve mastery in building and managing Security Operations Centers (SOCs). The aligned LDR551 training is management oriented, and it also improved my skills on how to prioritize security operations tasks to stop today’s advanced cyber threats. 

During this training, the SEC450: Blue Team Fundamentals: Security Operations and Analysis training was mentioned. This is technical oriented and has a certification called the GIAC Security Operations Certified (GSOC) certification. I decided to pursue that certification as well to further enhance my technical mastery to better defend an enterprise using blue team incident response tools and techniques. I also earned the GIAC Critical Controls Certification (GCCC) – which is the only certification based on the Center for Internet Security (CIS) Critical Security Controls. 

This certification offers vital techniques towards a prioritized and risk-based approach to cyber security. This is an essential certification for security operations as it helps the participant improve their skills and mastery in assessing and implementing Critical Security Controls. This includes a set of actions published by the Council of Cyber Security, as well as performing security controls monitoring and an audit based on the standard, which relates to other information assurance standards, such as ISO 27000 and NIST 800-53. 

The LDR516: Building and Leading Vulnerability Management Programs training does not have a GIAC certification yet. However, it is an essential training for the Operational Cybersecurity Executive Triad, as it shows the participant the most effective ways to mature vulnerability management programs and move from identifying vulnerabilities to successfully treating them. 

Did having this defined career path triad help you in shaping your career? How?

Initially, when I saw SEC566: Implementing and Auditing CIS Controls, it immediately caught my attention due the wealth of knowledge this training offered. Therefore, I decided to get certified, as it shows how an organization can defend its information by using vetted cybersecurity frameworks and standards. Years later, I noticed the GSOM certification was released and that, along with the Operational Cybersecurity Executive Triad, were my motivation to become certified in all the certifications aligned with the triad.

For the last seven years of my career, I have been working in 24/7 SOCs, in a lead and management capacity. The Operational Cybersecurity Executive Triad not only helped further strengthen my knowledge, skillsets, and abilities, but confirmed that my true passion is in the Security Operations field. As a result of this rigorous training and certification, I have become a stronger and more well-rounded cybersecurity leader, which is a vital need in today’s dynamic online world. 

Can you share a bit about your background with respect to this conversation? How did you decide which triad to pursue for your training and certification roadmap?

I have over 15 years of work experience working in the private sector and state government, primarily focused on security operations, cyber security, information technology, and project management fields. For over the last two years, I have been working for State of California as a supervisor for a Statewide Security Operations Center (SOC), which provides services to over 100 State departments.

Prior to this, I also worked for one of the largest State of California agencies that implemented the first 24/7 SOC in the State. I was there for about four years working in a Lead Cyber Security Specialist role. Moreover, I’m GIAC Certified Forensic Examiner (GCFE) and CompTIA Security+ certified. In addition to my work experience and cybersecurity-related certifications, I also have a Bachelor of Science (B.S.) in Computer Engineering and a minor in Computer Science from the California State University Sacramento (CSUS). 

The combination of work experience, education, and extensive cybersecurity executive triad SANS training has allowed me to acquire strong skills in building and managing SOCs. As a result of this, and since I already was GIAC Security Operations Manager certified, it was clear that the triad that aligned best with my career was the Operational Cybersecurity Executive triad. Security Operations has always been my passion, and for this reason, I pursued the GIAC Critical Controls (GCCC) certification, the GIAC Security Operations Manager (GSOM) cert, and lastly the GIAC Security Operations (SOC) Certification (GSOC) to master not only the technical and management sides, but all aspects of SOCs. 

Did you come into the training program with a clear idea of your end goal and where you wanted to go? If so, can you share what your vision was for yourself and your career?

When I became became certified with the GIAC Critical Controls Certification (GCCC), the end goal was not very clear, as the Operational Cybersecurity Executive triad did not exist, and the other Security Operations trainings and certifications (GSOM, GSOC) were not yet available. However, when the other courses in the Operational Cybersecurity Executive triad became available and were released, it gave a clearer idea of what my end goal was, and it helped me confirm that my passion and career goals were more aligned with the Operational Cybersecurity Executive triad. 

Would you recommend other security leaders or leaders-in-training pursue completing a SANS Cybersecurity Leadership triad?

Both SANS Cybersecurity Leadership triads are excellent, but my recommendation for other security leaders or leaders-in-training is to take some time to analyze both triads to determine which one is more aligned with their career goals. Reading the syllabus for each training course helps the participant get more clarity about which triad to pursue.

Is achieving the Triad something you have put on your resume?

Absolutely, especially given that it takes a lot of discipline and dedication to study and pass the Operational Cybersecurity Executive triad certifications.

What do you think drew you toward a security leadership career path?

My work experience and education background are what drew me towards pursuing a security leadership career path. As mentioned previously I have a B.S. in Computer Engineering and a minor in Computer Science from CSUS. I have always strived for excellence; therefore, I graduated with honors and as a member and former officer of the Tau Beta Pi tbp.org, the National Engineering Honor Society in the country that represents the entire engineering profession. When I started to see cyber-attacks becoming more common, sophisticated, and expensive, it was clear that there is a need to make a foundational shift to view operations from the point of view of an adversary to effectively protect an organization’s assets and information.

Also, after seeing so many challenges within organizations related to Security Operations, I decided to get certified in Security Operations related GIAC certifications to provide significant contributions, and a proactive leadership approach within SOCs to convert challenges into process improvement opportunities by using the knowledge and skills acquired from the Operational Cybersecurity Executive triad and key strategies for World-Class Cybersecurity Operations Centers to improve the maturity level of Security Operations and decrease an organization’s risk profile.

What advice might you give to others in a similar position as yourself with regard to training and/or career progression?

Taking the triad training is an excellent way to learn very valuable knowledge and skills from experts in the field. However, getting the triad certifications and putting that extra effort and dedication will be even more beneficial from a career progression perspective.

Did you learn any lessons along the way when completing your triad that would be helpful to pass along to future cyber security leaders?

I would recommend taking some of the trainings twice (if possible) in case you feel overwhelmed by the end of the training.* The amount of information could be overwhelming, especially if you have not worked in more than one Security Operations Center. However, after taking the training twice, it allows the information to sync in further and topics start making more sense.

Learn more about the Operational Cybersecurity Executive triad and view the list of those who have earned it.

*Alumni may take the same course at any time, even years later, for 50% off. For more information, please email customersuccess@sans.org.