Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, strengthening defenses, and responding to incidents are all important separately, but they are far more effective when combined. To that effect, we learn from Trentin Thomas, Software Engineer, as he describes his experiences in programming with a security focus.
“In software development, there are always new frameworks and coding standards to learn, especially in front-end development. It’s always evolving, and I’m learning something new daily.”
How did your career begin?
My whole software development career began under the Gillware Data Recovery umbrella, Tetra’s sister company. I started there doing hard drive check-ins of the shipments, then I wrote some software for them to expedite that process. I also created a few programs for Wesley Gill, now our Vice President of Product here at Tetra. He took an interest in my abilities there at Gillware, took me under his wing, and I transitioned to his department shortly after. We’ve been teammates ever since. Especially since coming to the Tetra team, I cannot thank our leadership enough for giving me the chance to do what I do today.
What first piqued your interest in programming?
In high school I took a class about basic programming. It started off with paper assignments: “Here’s a bunch of code, type it out, and if you find any bugs, try to fix them.” It wasn’t super involved in the beginning, but it was enough to pique my interest in the subject. At the time, we were programming small games like Pac-Man and Brick Breaker — which even further piqued my interest. I had always been interested in games, so that’s what I pursued when I first went to college. I started out learning about game development in general, but quickly discovered that programming would be a better fit and could provide more options for me. Rather than focusing immediately on game development, I earned my Computer Science degree and kept my options open to other organizations that would need these skills. It wasn’t until Tetra Defense that I realized the importance, and the overlap between programming and cybersecurity.
What is an average day like for you?
The best words I have are, “It’s something else.” When I look back even six months ago, it’s amazing how much our team has grown and how my role has changed. As opposed to strictly creating software for our teams, I can now work within one myself and help guide, lead, and especially, collaborate when questions come up for anyone. Most of my time these days is spent in Project Management mode making sure everything is well lined-up for my team and things flow as smoothly as possible.
How does your team interact in relation to others?
For the longest time, we were in our own world, simply creating tools for other teams at Tetra here to use. Now, as our team grows, we see the value in opening the conversations with Nathan Little, Vice President of DFIR, and Scott Holewinski, our CEO to bring not only new features to what we’ve already created, but also looking ahead to what we can make next. With their input and our collaboration, we can introduce new features to our internal tools that manage our Incident Response cases. We also jump into the Risk Management side of the house to make sure portals are running as smoothly and safely as possible. Just recently, I was able to contribute to an active case by reverse-engineering some malicious Java script. Being able to see these cases firsthand and apply my skills is something that’s been very eye-opening — I’m thankful to keep cybersecurity at the fore-front of anything I program going forward. I hope that we can get to the point that we can help even more with IR engagements to help them resolve cases even more efficiently.
Any advice for aspiring software engineers?
As far as development goes, I would say to try to focus on the security of whatever you’re building going forward. I’ve seen a lot of junior developers with no notion of security in their mind, which is understandable since I did the same thing when I started out. Security is just as important for developers — if it’s ignored or there’s too much oversight, it can lead to a lot of exposure. Like I said, when I started, I didn’t even have a concept of securing API endpoints, nor making sure users are authenticated, nor did I make sure that correct users had correct permissions. So, my advice to any up-and-coming developers is to keep an eye out for the best ways to secure what you’re programming since it will definitely come into play at some point in your career — whether or not you work within the field of cybersecurity. A good place to start, especially for securing endpoints, is Security with Spring if you are working in the Java with Spring environment. The key to being successful in this field in general is to stay adaptable; this industry changes daily and learning new things is inevitable in whatever position you may end up in.
A non-work related question: What do you do in your spare time?
I spend as much time with my family as I can, including my sons and stepdaughter. When I’m not doing that, I am probably gaming on my computer. Honestly speaking, I still really enjoy gaming and I don’t mind spending even more time on a screen to do so.