Based on the West Coast, Senior Analyst Josh Zelonis is the newest addition to the S&R team. When he’s not out cruising his Harley, Josh is working with clients to adapt their architecture, policies, and processes to evolving threats and to develop robust incident response programs. His research focuses on threat intelligence, endpoint detection and response (EDR), malware analysis, pen testing/red teaming, forensics and investigations, and of course, incident response.
Prior to joining Forrester, Josh accumulated over 13 years of experience as a security practitioner with demonstrated success in product architecture, engineering, and security assessment roles. As a product architect, Josh helped design and build innovative technologies in the breach detection space, architecting both endpoint and appliance products with a focus on data collection and analytics. His background also includes extensive experience in security assessment roles including red team, vulnerability research, and compliance.
Listen to Josh’s conversation with me to hear about his biggest surprises since starting as a Forrester analyst, his most frequent client inquiries, and the topics he's excited to research in the coming year:
To download the MP3 version of the podcast, click here.
What do you foresee as the biggest threat to security and privacy in the United States in the next ten years?
Social media platforms such as Facebook are pernicious in that they masquerade as these wonderful bastians of individuality where you can go and share your thoughts and feelings with friends, even having supposed privacy settings where you can limit who you share this data with. Meanwhile, everything you do is analyzed and sold to the highest bidder. As Facebook continues to integrate into our daily lives, under the auspice of convenience, I feel they are ‘boiling the frog’ when it comes to privacy.
What is your favorite personal security product or technology?
My ad blocker. Seriously, I think I was running Windows 98 when I installed my first pop-up blocker. I gotta give a shout out to AnalogX for that one. Thanks!
Name an app with which you could not live without.
Twitter. I originally signed up to get a developer key for some OSINT engagement I was on and then didn’t touch it again for a couple years until I was on a plane next to some guy who introduced me to TweetDeck. Honestly, it was a game changer. I find it to be an invaluable part of my day and while I mostly use it as a news feed, I’m finding I’m starting to post more and more. (Find Josh on Twitter here: @jz415).
What’s your best piece of advice for someone looking to break into the security and risk field?
The same advice I received. Start reading, read everything you can, and once you run out of things to read, find more sources. I don’t know of anyone who has made a career in security who isn’t passionate about it. Make friends and drink lots of coffee.
When you were a kid, what did you want to do when you grew up?
I wanted to design technical trading systems for the commodities markets. In fact, I designed a method of trading the S&P 500 as my seventh grade science fair project which traded well on paper. I think the most aggressive version of the system would have made about $14k, which isn’t great, but it was net positive. It wasn’t meant to be though; I interned at a brokerage in college and found I wasn’t cut out for cold calling.