Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, strengthening defenses, and responding to incidents are all important separately, but they are far more effective when combined. To that effect, we learn from Larry Boettger, Vice President of Cyber Risk Services,, as he describes his path from sales and multimedia to cybersecurity.
“Once you learn something, the next logical step is to teach it.”
How did your career begin?
Going way back, I was always a big fan of David Letterman. I grew up watching him on Johnny Carson, his morning show, and then his late shows. He inspired me to get into Radio TV and Journalism at first — that was my major in college. The plan I had for my career at the time was to simply follow in David Letterman’s footsteps. I got the degree, I became a Radio and a Live Music DJ on the weekends, all while being a fitness instructor full-time. My career was like that for a while, but when I met my wife, I was inspired to find something more stable — that’s when I started selling computers.
What first piqued your interest in cyber security?
I definitely stumbled upon cybersecurity. I started selling some of the first commercially available computers for the masses, but after a few weeks, the customers would bring their devices back to me for troubleshooting and other questions. As I started servicing these computers, a whole new division was created for me in that organization. I led a team that was dedicated to computer set-ups, creating networks for small businesses, and even helping individuals use their own computers. Eventually, I got my MSCE (Microsoft Certified Solutions Expert) and starting consulting for larger companies, which included building networks, writing policy, and working for the Wisconsin Department of Corrections on Y2K and Novell to NT conversions.
Since 1999, I’ve pursued the consulting route full-time more or less. I appreciate being able to solve a variety of problems within cybersecurity that go beyond just the vulnerability testing or just the network infrastructure. I’ve been able to work with organizations of different domains within HIPAA guidelines, NIST, PCI, GRC, and almost all of the other acronyms regarding security. What’s always interested me about cybersecurity is that no two days are the same. It’s a lot of variety, it’s always like a puzzle, and I’ve been fortunate enough to work alongside all of the cutting-edge changes we see in the field.
What brought you to Tetra Defense?
Through most of my career, I’ve usually opted to be an independent consultant. This route allowed me to work with a variety of projects, but I would usually spend most of my time traveling from one site to another. With Tetra, I find I can still enjoy multiple projects, and now I have a great team to collaborate with. Since starting in January, I’ve been able to contribute in building our own tools, penetration testing, risk assessments, policy writing, architecture implementations, all while being able to choose which projects speak to me first.
How does your team interact in relation to others?
I find Tetra as a whole is a team of entrepreneurial individuals who work well together. We all strike a good balance between the strategic and tactical projects that we can all pitch in on depending on our strengths. We have structure, but our dynamic isn’t one of hierarchy where we just tell each other “what” to do. We can always collaborate and guide each other on “how” to solve problems whether it comes from my team in Cyber Risk Management or Incident Response. In fact, one of the reasons I came onboard was the fact that we had a Digital Forensics team in-house. We have both the proactive and reactive sides to cybersecurity under one roof, and that’s been extremely helpful since our Risk Assessments can be informed by cases that are currently happening, giving us more insight. Thanks to how our teams give input, and how we bring colleagues onto projects that interest them no matter their “team,” we can learn from each other and strengthen every side to our house. We are a two-sided coin and that gives Tetra a unique identity.
Any advice for aspiring cybersecurity professionals?
Right off the bat, I would suggest not trying to do too many things at once. Cybersecurity is a huge field with tons of avenues, and figuring out one or two passions to begin with is the best way to structure a more focused path going forward. Coming into the field with an identity is the best guide to growth — ask yourself, “Do I like networking? Do I like development? Do I like writing policies/procedures? Infrastructure? Digital Forensics?” Pick something you like, make that foundation strong, and build security practices on top of that. Be patient; there’s a lot to learn and try to surround yourself with a team that keeps you motivated to learn what’s coming next. Working with people is essential because it’s just too big of a world and you’re not going to know everything. So, my advice is basically to find a foundation, build upon it, work with a team if you can, and keep building your network to stay sharp as the field changes almost daily.
A non-work related question: How do you like to spend your free time?
I’m a huge believer in sharing what you know, so I spend a lot of time on LinkedIn and Twitter to share resources, “teach” what I’m constantly learning, and also learn from others. I actually find my journalism degree has paid off in this aspect when I write reports or present on new topics we see. Even my days as a DJ have helped me with webinars and public speaking events, which I find especially helpful in my role now. Being able to communicate is really important, and it’s often a challenge in our industry since most of what we work with can be quite technical. When I’m not in front of a screen or a group of people, I harken back to my fitness instructor days with running, biking, lifting, boxing and pretty much anything related to physical fitness.