When Joshua Belk graduated Columbine High School, Littleton, Colo. in 1996, he went straight into the U.S. Air Force. It wasn’t because he needed the money for college or felt that he had no other career options. Instead, he figured his aptitude for problem solving and investigative thinking would be valuable tools for working in the security industry. And what better place to get trained in global security issues than the U.S. military?
As it turned out, Belk’s instincts were correct, but his early Air Force assignments were not the future he had envisioned.
“I was part of the Air Force Security Police, later renamed the Security Forces,” he said. “Our work focused on military law enforcement, an area I didn’t find particularly challenging or intellectually stimulating.”
Fortunately, the Air Force setting allowed him to move quickly into more engaging aspects of security, including physical security (protecting building and installations) and ultimately information security.
Protecting Critical Infrastructure
Today, as the executive director of the Los Angeles Cyber Lab, Belk helps companies, school districts, and city governments throughout Los Angeles learn the best ways to protect their critical infrastructure against cyber criminals.
Launched in August, 2017, the LA Cyber Lab is an Internet security, information-sharing and analysis organization that provides intelligence threat information to the greater LA business and government community. Its members range from large organizations with well-developed cyber security staffs to regional organizations such as school districts and municipal governments with smaller, less experienced cyber security staffs.
“We partner with large organizations such as the City of Los Angeles, Southern California Edison, and Citi National Bank to provide smaller and medium-sized organizations with cyber threat intelligence data they can use to protect their networks,” explains Belk.
According to Check Point Software Technologies, a cyber attack is an attempt by outsiders to “maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.” Cyber-attacks can be launched using a variety of techniques including malware, phishing, ransomware and denial of service.
Staying on Course
Soon after Belk entered the Air Force, he began working on his undergraduate degree in social science at the University of Maryland Global Campus. The demands of active duty, however — he served under eight different Air Force units, some of them stationed overseas — prevented him from finishing his degree coursework in a traditional amount of time.
But he was not to be denied. Soon after leaving the service in 2008, Belk completed his bachelor’s degree, 10 years to the month after he had started college. He still calls it “the best thing I’ve ever done.”
Belk’s next career stop was the FBI, where he would spend the next seven years as the chief security officer for the Bureau’s Sacramento and San Francisco offices, a job that allowed him to further hone his investigative and problem-solving skills. Soon after joining the law enforcement agency, he also began a master’s degree program in national security at American Military University, a degree he completed in 2011.
Shifting to Cyber
It was during this period that Belk began turning away from physical and personnel security to focus more on cyber security.
“At some point, I got really tired of people telling me that things were hacked and not explaining why or how,” said Belk. “So (in 2012) I went and got certified as an Ethical Hacker. I felt like it was something that could be explained and understood.”
By October 2013, however, with the 16-day shutdown of the federal government as a backdrop, Belk began thinking it might be time to trade his government job for a more stable one in the private sector. In early 2015, he joined Pacific Gas and Electric Company as the senior manager for information security, managing their physical and information technology security operations centers.
But what Belk really wanted to do was run his own company. So, in August 2016, he formed OPSEC360, a cyber security consulting firm, in the living room of his home (at the time) in Tucson, Ariz. The cyber skills and technologies he’s perfected running the company help inform and guide his work with LA Cyber Lab.
Building the Foundation
Today, with ransomware becoming a more disruptive and costly headache for U.S. cities, Belk focuses his time and energy on helping smaller, less cyber-savvy members of the LA Cyber Lab network take full advantage of private sector help.
“The critical infrastructure we’re helping them protect is the basic fabric of society,” he said. “It’s the services that cities provide to their people.” That infrastructure can range from water distribution systems and power grids for the City of Los Angeles, for example, to bill processing systems for other cities.
Building up a city’s cyber capabilities, Belk admits, is a “one-step-at-a-time” process, one driven both by funding availability and the organization’s willingness to adopt new technologies.
“As cities start to look at the importance of protecting their infrastructure, I think we’re going to see larger investments in information security, both in terms of technology and human capital,” he said. That process will be aided, he added, by the evolution of the workforce from older, less tech-savvy managers to younger professionals who are comfortable integrating and exploiting new technologies in more dynamic and cost-effective ways.
Protecting What Matters
When asked to list a few things organizations can do to protect themselves against cyber attacks, Belk is quick to smile.
“I love getting this question (from new LA Cyber Lab members) because it shows that they’ve started thinking about the information that’s critical to running their business,” he said. “If they know what that information is, and they can protect it, they’ve done about 75% of the work they need to do.”
In the end, Belk added, “cyber security isn’t about protecting everything. It’s about mitigating risk and protecting the things that do matter.”
He is quick to point out, however, that there’s no such thing as 100 percent protection against cyber threats, even for the most sophisticated cyber organizations.
“The goal is to put measures in place that can mitigate the threat when it happens,” he said. “By being proactive, you’re in a position to react quickly to the threat. I don’t think you can ever proactively eliminate all threats.”
Like everything else in his career, Belk’s work routine is deliberate and logical, though somewhat unusual. He actually lives in Phoenix, Ariz., but commutes to Los Angeles nearly every week. Most workday mornings find him riding LA’s Metro Rail from his relatives’ home in Norwalk, southeast of Los Angeles, to his office in City Hall in downtown Los Angeles.
Belk devotes those early hours not to eating breakfast (“too stressful”), but to scouting emerging technologies around the world.
“I love watching little videos about new tools that people have built and different ways they’re doing the same things that we do,” he said. The videos “are the way of the future because at some point those ideas will make it to America and when they do, they’ll need to be secured.”
As an example, Belk points to recent online videos about de-icing technology that Sweden has developed to heat its roads and make them safer. He watches the videos, he admits, “not just because they’re interesting, but also because I am always thinking about how those things could be exploited. It’s just part of how I think about everything.”
Inspiring a New Approach
At the end of the day, Belk reflects, his goal is to get the people of Los Angeles to think about information sharing in a new, more disciplined way. He recognizes that most consumers recognize, at least intellectually, the risks of oversharing their personal information, even as they click unconsciously through most online consent agreements.
Through his work with LA Cyber Lab, he adds, he’s “helping society come to terms with a collective cyber defense in a positive, professional way. It’s something we all can do to protect our infrastructure, our economy and our way of life.”
The good news, he emphasizes, is that “information security isn’t just 1’s and 0’s. It’s really a human thing, something we can achieve. It’s really not that far out of reach.”
# # #
What questions do you have about infrastructure? I’d love to address those questions in a future profile on this site. Please send your questions and ideas to me at firstname.lastname@example.org. Thank you.