All Alarms, No Time: What My Training as a Black Hawk Pilot Taught Me About Privileged Access Management – Source: securityboulevard.com

August 31, 2023

In 2013, I began training in the Army to be a Black Hawk pilot. The requirements I had to meet were stringent and the training was rigorous. The 19-month program covered everything from the endurance necessary to withstand the physical and mental challenges of safely navigating an almost-seven-ton metal buzzsaw through the skies, to technical skills that would be vital to successfully completing a flight mission and bringing everyone home safely.

Throughout my training, I studied in the shadows of giants. Under these mentors’ guidance, I read, re-read, and memorized reams upon reams of technical documentation and flight procedures until I could recite them verbatim. I flew several hundred hours with experts who were incredibly skilled and adept at their jobs, and spent countless more hours studying under them, preparing aircraft for flight, and learning from their examples on the flight line. These were the kinds of people you could sit beside as they worked, in absolute awe of their knowledge and experience, mentally noting everything that they did and said so you could incorporate it into your own work later.

Looking back on my time training, it isn’t hard to see direct parallels between what I learned then and the work I do now as the director of Identity and Access Management (IAM) and  Privileged Access Management (PAM) at GuidePoint Security. Because of all the behavioral changes that it necessitates within the various environments we work in, PAM in particular can be a very contentious discipline. On top of that, when you’re working with PAM and the capabilities it touches, there is always the looming threat that everything could go horribly wrong at the drop of a hat. My background and experience–not just in aviation, but also in the other roles I held in the military–prepared me to handle not just the day-to-day work of helping our customers build robust PAM solutions and programs, but also enables me to keep everything in perspective when things go from status-quo to every alarm blaring.

Specifically, there are four skills that were drilled into my core that I believe carry over directly into my current role:

• how to stay calm amidst chaos, 
• how to communicate in a concise and purposeful way, 
• how to make clear and informed decisions
• how to lead confidently from the front.

So let’s explore what these skills meant in my training, and how I’ve been able to apply them to my career after the military.

Maintaining Calm in Chaos:

When I was training to fly, it was common for the instructors to intentionally cause alarms to go off. They had to be sure that when we saw a flashing light that should usually be dark, we knew exactly what to do to set things right and return to smooth flight. As training progressed, more and more alarms would be triggered at once, requiring us to triage the situation, process a plan, and put it into action, all while keeping a multi-million dollar flying machine and the lives on board it safe. In those situations, especially in the military where you can have multiple type-A personalities crammed into a small space, it’s not uncommon for people to lock horns over what the best course of action is.

At the end of the day, it isn’t that much different in PAM. At a moment’s notice, chaos can become the work of the day. Sure the stakes are different, but when someone inadvertently cycles a credential, the outcome can be the same. People get upset, people get angry, and people lock horns over who caused what and how to fix it.

In both aviation and cybersecurity, maintaining a composed demeanor amid chaos is essential. During moments of crisis, be it a technical glitch or a high-stakes situation in the field, my military training has taught me the importance of staying level-headed. There’s a lot of value in saying, “Hey, let’s all take a step back. Let’s take a moment to breathe. Now let’s jump into a meeting and solve this thing together. This approach fosters collaborative problem-solving, defuses tensions among team members, and paves the way for effective solutions. The ability to be a calming presence and encourage rational discussions is paramount, especially in PAM when our customers are so dependent on us to be that source of stability.

Effective Communication Amidst Complexity:

In the world of aviation, where safety, success, and mission accomplishment hinged on clear and timely communication, I learned the art of conveying critical information across diverse channels. When anything changed, whether it was a tweak to the mission plan or an all-hands emergency, it was my job to translate and communicate with every single person involved. As a member of the crew, I would be responsible for clearly disseminating new orders to the crew or taking in status reports and conveying them to leadership on the ground.

Similar principles apply in the realm of PAM. Achieving our common goal matters more than individual recognition, and much like coordinating with crew members in-flight, cybersecurity professionals must ensure seamless communication to address complex challenges. This means evaluating multiple factors, such as user impact, engineering consequences, and communication strategies, all while maintaining situational awareness and making informed decisions.

Strategic Decision-Making:

Speaking of decision-making; in the Black Hawks we flew, there were highly sensitive controls that manipulated critical parts of the flight experience. From day one, you live, sleep, and breathe the rule that you do not touch these controls unless you are 200% certain that it’s your only option. We’re taught that even when we come to that conclusion, we need to take a deep breath and count to three before we commit. No matter how many lights are flashing or buzzers are blaring, you do everything you can to avoid changing those controls’ positions. Because once you touch them, you’re locking yourself into an extremely narrow set of outcomes for the next 5 to 10 seconds.

Just like in aviation, as a PAM professional, I have to approach my work with a deliberate, objective mindset. In this line of work, there are so many things we can do as consultants that are analogous to what would be a critical control manipulation event. It’s only by evaluating the potential impact and considering a range of options that we can navigate intricate situations effectively. Just as manipulating sensitive flight controls requires careful consideration in aviation, making non-emotional, objective choices in PAM is essential for successful implementation and the peace of mind of our clients.

Leadership that Inspires Confidence:

When all three of those skills are incorporated into my work, they build the foundation for implementing one of the most important aspects of my training: being what we called a servant-leader. From the earliest stages of military training, the principles of servant leadership–putting your team first, creating a collaborative and nurturing atmosphere, supporting your team, and empowering them to excel–are engrained in every rank from a day one Private all the way up to the Joint Chiefs of Staff. But without a cool head, seamless communication, and decisive decision-making, you’ll never inspire confidence in your team.

This approach has been instrumental in my cybersecurity endeavors. I’ve discovered that every team member, regardless of their role, is a leader in their own right when interacting with customers. Just as junior engineers are expected to provide steady guidance, my fellow consultants and I are responsible for offering expert advice and professional assistance. This leadership dynamic not only instills confidence and trust but also helps to forge lasting partnerships with the customers we’re serving.

Staying on Mission:

My journey is marked by the profound impact of mentors and colleagues who have left an indelible mark on my career. Unfortunately, my future as an aviator was cut short by a medical diagnosis that impacted my ability to fly. Although my service as an aviator was curtailed due to health reasons, the rigorous training and experiences I underwent have guided my path in cybersecurity.

My transition from a Black Hawk pilot to a cybersecurity consultant is guided by the principles of calm analysis, effective communication, composed leadership, and strategic decision-making that were instilled during my military service. Using those same skills has enabled me–and by extension, my team–to provide clients with the same calm, professional, and knowledgeable approach that I honed in the skies. In a world where digital threats are ever-present, my mission remains steadfast: to ensure the safety and success of my team and those we support.

Honoring a Legacy:

Here, at the end of this blog, I hope you’ll indulge me on a more personal note.

The people I flew with were and are phenomenal human beings that I will consider mentors my whole life. Whenever my history in the military comes up, especially my time training as an aviator, I always clarify that my deployment to Iraq was as an enlisted soldier. I refuse to even passively take credit for something I wasn’t part of, even though it wasn’t my decision to leave the flight program.

When I returned to my unit from flight school as a Chief Warrant Officer, I flew many training missions, facilitating the development of both myself and other crew members.  I mentioned earlier that I have hundreds of flight hours. To put that into perspective, one of the individuals that was an instructor pilot for me after flight school at the unit had over 5000 hours. I didn’t get the privilege of flying in combat the way I had intended.I’m not trying to diminish what I accomplished. It’s tough to get selected for flight school, and tougher to make it through the program. But I was in a group of giants, and they’re all phenomenal human beings who, in many cases, have sacrificed so much more than me. Even in my time in the military, being compared to them is a privilege. Sitting in the same aircraft with them was an honor, let alone flying with them.

I will forever hold them in the highest regard and be in their debt for what they taught me.