Imagine that you’re sitting in a room full of strangers. “Hello, everyone. Let’s begin with a little exercise,” an announcer says. “Take a deep breath, and scan from side to side.” Most of you would probably comply, defaulting to your sense of sight.
If you are a security practitioner like me, in just a few seconds, you could visually analyze your surroundings and pinpoint if something—or someone—is out of place.
During my career, I’ve explored many facets of the security profession. One of my areas of passion has and always will be Security Operations. SecOps, as we endearingly call it, has the distinction of being a fast-paced, dynamic and “live on the edge of your seat” quality that those pre-dispositioned to be a firefighter or military special operations agent would truly enjoy.
I was lucky enough to spend some time recently with a cybersecurity professional named Pranav Lal, who embodies all of the above and so much more. Pranav manages a Security Operations Center (SOC) and is a technologist, gadget-geek, writer and photographer who has truly mastered his craft. He also happens to be blind.
A photo of Pranav Lal wearing his wireless eye. (Source: techestoterica.com)
For Pranav, innovation is not a choice, but a must. Especially in a SOC, you need to rely on graphs, alerts, and deep-dive data combing to get a full understanding of the security landscape. It’s a requirement to adeptly switch from screen to screen, all displaying lights, scrolling data, and other instruments. Your eyes need intense discipline, and you could easily miss something with a split-second blink.
Initially, I had trouble imagining how someone without the benefit of sight could work in an environment like a SOC. But Pranav has figured it out, being perhaps the only one like him in the world. He has defined his role to work for him and his strengths. He interprets information by tapping a part of his brain that most of us never have.
“I crafted my role by being the one who presented the SOC, rather than sitting and analyzing the constantly changing, real-time data,” he said. “But that doesn’t mean I don’t analyze events. Take a graph, for example. I read this through the use of audiographing technologies that convert shapes to audio tones. Since the sounds pan from left to right, I know the horizontal axis. The height of the object is represented by pitch, so the higher the pitch, the higher the height. The brightness of an object is represented by volume, so the louder the sound the brighter the object.”
Despite the advancements in technology, Pranav still faces a number of challenges. He identifies these as his top three:
1. Focusing on one area at work
“I want to do everything. Information security can be as broad as you like it to be. Right now, I do what I need to for my job, learn management that way, and save the hands-on portion for my home machines. I have a bunch of virtual machines and single board computers.”
2. Available tools
“In terms of tools, many tools with graphical user interfaces do not work well with screen readers. This renders them unusable. I focus on alternative tools and do as much from the command line as possible. This takes more time, which is why I keep the technical bits at home where I can take as much time as I need.”
3. Access to graphical documentation
“I need to see architecture diagrams. I am very good at teasing out descriptions from people and building the image in my head. There are no easy solutions to this problem, but I continue to explore using image sonification approaches.”
Despite these challenges, Pranav has figured out how to work in cybersecurity with a disability. By sheer will and passion, he has taken sight out of the equation, leveraging his other senses as advantages to redefine what makes a SOC professional successful.
That will and passion can be attributed to his upbringing. As a child, Pranav’s parents encouraged him to explore. “My parents decided very early on not to lie to me. They were truthful about the world, my eye condition, and never gave me false hope. My dad, a civil engineer, encouraged exploration. He let me do what I what I wanted to do. Change the gears in the car, open up the hydraulic jack? He would say, ‘No problem if you drain the hydraulic fluid – you’ll learn your lesson!’ I was able to open and close things. I built a lab at home. I experimented. Because I’ve always enjoyed technology, I just went further and further into it.”
Pranav’s hobbies don’t start and stop with technology. A world traveler and photographer, he showcases his work on his blog, techesoterica.com. He also loves to read and is even working on his own novel—and has already self-published six novellas and a comic book. He defies traditional conceptions of “visual” interests and is constantly experimenting with new technologies that allow him to explore the world around him.
A sense of exploration and curiosity is something ingrained in great cybersecurity professionals, and Pranav is no exception. Because of his eye condition, Pranav has had to find creative solutions his entire life, and as a result, brings that creativity to his profession.
As someone who knows the cybersecurity skill gap well, I am inspired by his story. There is a perception that only certain people are cut out for cybersecurity, but Pranav reinforced for me the importance of thought diversity when hiring cybersecurity professionals. Thought diversity is the idea that those with different backgrounds, upbringing, cultures, orientations or environments have all learned to navigate this world in such unique and complex ways, and while our ends are all the same, our means have varied greatly. In learning from Pranav, how he approaches and solves problems, he presented means that were completely outside of the scope of how I would approach and solve challenges. It’s when we bring diverse minds together that we can become enlightened with new ways to approach the toughest challenges that we’ve yet to solve.
“I thrive in areas where I can explore, and explore independently,” Pranav explained as we finished our call. “And that is the thing about cybersecurity—there is so much to explore. And if you want to explore, you can do it with any kind of setup.”