Richard Dann: From finance technology to cybersecurity mastery
About Richard Dann
Certificate in Stanford Advanced Computer Security, Stanford University
Systems Analyst / Developer
"Stanford education is world-class, and being able to learn from some of the brightest minds there was really enjoyable."
With years of experience in the financial technology sector, Richard Dann is no stranger to the threat of data breaches, cybercrime, regulatory concerns and other cybersecurity issues. Although his expertise with financial systems has always been a major asset for him, gaining an Advanced Computer Security certification would really take his career to the next level.
Why did you decide to pursue professional education?
I was working in financial technology and, at the time, our company was being acquired. Once we merged with the new parent company, we learned that their IT staff had been experiencing some serious cybersecurity issues. Having been exposed to some of the problems they were facing, it really made me reflect on my own knowledge of security practices and the infrastructure we had set up. I realized that a lot of work would be required to improve our systems - and we had to learn quickly. Dealing with breaches can be a nightmare and I wanted to make sure I was prepared.
What led you to choose the Stanford Advanced Computer Security certificate?
Like many people, I searched online and looked for cybersecurity education that would fit my need. Of the many schools I came across, Stanford's program seemed to hit on exactly what I was looking for: I wanted more than a course or two, but not a full masters program. I decided to just start with one course and after that first class with Neil Daswani and Dan Boneh (XACS101 – Software Security Foundations), I was really hooked. It was clear, concise and fit the bill for what I was looking for.
How has the course work helped you in your current role?
It's really made me think about the websites we've created and caused me to review our security protocols. Not too long after taking some of the courses, I actually began making changes to our systems and processes. Thankfully, there haven't been any breaches under my watch!
I'm in a new role in a larger organization now and I'm really focused on performance tuning our code. When I'm writing code, or perhaps reviewing someone else's, I'm constantly thinking about security. I'm not just looking for the short or easy way to accomplish the goal, but also the most thorough and safest way. Thinking about the entire lifecycle of that code and making sure I'm not leaving another door open down the road.
What did you enjoy most about your experience?
I really enjoyed learning from the professors. Stanford education is world-class, and being able to learn from some of the brightest minds there was really enjoyable. Also, I like the fact that I got information on issues I was actually experiencing in my day-to-day work. One of the biggest challenges we faced in the past was dealing with SQL injections. At least two of the courses I took covered this topic and I was able to review our protocols and follow the advice given by the professors.
Do you have a favorite course? If so, which one?
XACS133 Using Cryptography Correctly – Ironically this was the course I was most intimidated by. I came into it with very little knowledge and I thought it was going to be very dry and revolve around hardcore math and algorithms. But Dan Boneh was actually really good at walking people through these complex concepts and explaining the how and the why of every subject we tackled.
I thought the level of depth in that course was just right – not too dense or hard to follow. Enough to get through and understand the principles. Dan Boneh gave great advice along the lines of "don't make things harder on yourself by trying to come up with your own model, use the cryptography methods out there that are already available and proven" - and he was right.
How has completing the certificate impacted your career?
Firstly, I feel a tremendous sense of accomplishment. Although parts of the program may have seemed intimidating or difficult, I managed to get through it and am better for it. Secondly, I feel much more confident in my role and am able to apply what I've learned on an almost daily basis. The certification's listed on my resume and I use that qualification to leverage myself in my professional career and prove my abilities at work.
What advice would you give someone who is interested in the program?
If you're in IT, you don't want to overlook security - even if you're strapped for time while on the clock and busy with your life outside of work. I was fortunate that I didn't have any serious problems under my watch before enrolling, but that really came down to luck. So I would say, just try it! The instructors are great, the courses are challenging (as they should be) and overall it's very fulfilling. It's very well done and well put together. Everything just fell into place for me. It's absolutely relevant to everyone/everything in IT. Everyone should have this knowledge.