Leeann Nicolo is the Incident Response lead at The Coalition and specializes in digital forensics and cyber investigations. She has conducted investigations into ransomware, phishing, hacking, data breaches, trade secret theft, and employee malfeasance. Leeann has investigated thousands of digital devices and has extensive subject matter expertise in Windows enterprise forensics, mobile device forensics, business email compromise, cloud security, and ransomware.
Prior to joining Coalition, Leeann worked at Kivu Consulting in Denver and Kraft Kennedy in New York City overseeing complex cyber investigations and discovery matters for law firms and large multinational corporate clients. She conducted her undergraduate studies at the University of Albany in Information Systems, then achieved my Masters of Science in Cybersecurity at Pace University. She is also a SANS Lethal Forensicator Coin Holder and on the GIAC Advisory Board.
In this episode, we discuss her start in information technology, how she made the move to cybersecurity, the discrimination she has faced in the industry, becoming a manager, strong women role models, mentoring others, and so much more.
Where you can find Leeann:
[00:00:01] I'm Douglas Brush and you're listening to Cyber Security Interviews. Cyber Security Interviews is the weekly podcast dedicated to digging into the minds of the influencers, thought leaders and individuals who shape the cybersecurity industry. I discover what motivates them, explore their journey in cybersecurity and discuss where
[00:00:29] they think the industry is going. The show lets listeners learn from the expert stories and hear their opinions on what works and doesn't in cybersecurity. Hello and welcome to episode 122 of Cyber Security Interviews.
[00:00:52] In this episode we're speaking with Leeann Nicolo as we wrap out the Rising Star Series. Leeann Nicolo is an incident response lead at the Coalition and specializes in digital forensics and cyber investigations. She has conducted investigations into ransomware, phishing, hacking, data breaches, trade secret theft and employee malfeasance.
[00:01:13] Leeann has investigated thousands of digital devices and has been extensive subject matter experts in Windows Enterprise Forensics, Mobile Device Forensics, Business Email Compromise, Cloud Security and Ransomware. Prior to joining the Coalition, Leeann worked at Keele Consulting in Denver and Kraft
[00:01:29] Kennedy in New York City overseeing complex cyber investigations and discovery matters for law firms and large multinational corporate clients. She conducted her undergraduate studies at the University of Albany in Information Systems and then achieved the Masters of Science in Cyber Security at Pace University.
[00:01:46] She is also a SANS lethal forensicator coinholder and on the GAC advisory board. In this episode we discuss her start in information technology, how she made the mood of cybersecurity, the discrimination she has faced in the industry, becoming
[00:02:00] a manager, strong woman role models, mentoring others and so much more. I hope you enjoyed this episode as much as I did. Thanks for listening. Leeann, thank you for joining me on Cyber Security Interviews. How are you today? Out of time, Doug.
[00:02:13] I know it's only taken several years, but I had to get through, you know, all the chat before I got to the most important people. That's true. Work out the kings. Yeah, yeah, and make sure because this is nerve-racking for me.
[00:02:25] You're one of the most important incident response people on the planet. Obviously thanks to my mentorship, but tell us a little bit about... So this is always one of the things that I mean I've known you now for a
[00:02:36] long time and worked with you, but why did you out of all the things you could have done decide on IT and eventually cybersecurity? And I really think it goes back to our original team.
[00:02:48] And honestly, you know, I hate to start this off by giving you any credit, but the mentorship and the group that we had there I think was super, super important. So starting college, I had no idea, you know, what I wanted to do.
[00:03:02] I figured I'd go into pre-law because they made a lot of money and that was my driving factor as a 17 year old in New York. And I took a bunch of classes that had to do with IT and network security and I just didn't know anything about it.
[00:03:17] And I really enjoyed it. When I graduated, I got off of the job consulting out of school and I just thought it'd be a good gig. I was introduced to you at that time, 2013 or 2014. Yeah, and you were building the cyber practice.
[00:03:36] I knew that getting into the cyber security aspect of under the IT umbrella was the way to go just because of the times all, you know, every teacher I've had, every colleague I've had said, if you do anything in tech, do security. So I applied to transfer internally.
[00:03:53] You guys welcome me with open arms. And I think I became the group traveler the first year. I was the only one without kids, without a wife. And so I was the fly here on site and image this hard drive and I loved it. I loved it.
[00:04:10] I learned a ton. I think as things evolved and ransomware started, just got busier and busier. That was definitely the beginning. Yeah, and I know one of the things that was early on was, I mean, you're more on the IT side of it.
[00:04:28] And one of the things I thought actually, I mean, when I brought you over, actually learned a lot from me because it seemed that your IT foundational skills of knowing the enterprise environment, active directory, Citrix load balancers, higher end firewalls and the overall architecture
[00:04:44] became incredibly important for me as I was building a practice to have people like that. But I didn't have that skill because much of the training that I had was not focused on that with forensics and IR.
[00:04:56] And in fact, some of the IT skills have been looked down on upon by folks in incident response. How have you found that early training and that mentorship that you had with folks outside of our group and name names, Rob Cohen,
[00:05:11] who was just an amazing person to really give you those foundational technology skills before you even got into security? Yes, I think it's priceless. I think it kind of just fell in to the path that I had in front of me,
[00:05:24] whether I had no idea at that point. I do agree with you that it is frowned upon and I hate that. You know, when people say like help desk or IT help, like, you know, it's looked as like one of the lower level entry level career jobs
[00:05:39] in the field. And I think it's ridiculous. I think without that foundation, it's super hard to really understand what's happening during an attack and to prevent against those things. And even to this day, when I tell people I've dealt with
[00:05:53] and know how to handle SQL servers and virtualization, formal training doesn't teach you any of that because that's a whole different beast, you know, technical support and troubleshooting and rebuilding group policy and active directory. You know, you hear those things in the cybersecurity world
[00:06:13] and kind of the incident response side. But the fact that I was actually hands in hands on building group policies and troubleshooting virtualization and all the stuff that I never would thought I would be doing long term.
[00:06:27] I think it was a really good foundation for our group, for sure. And how much I mean, you know, now that you're, you know, looking at things within the cloud, how much of those early skills we're looking back almost 10 years have translated over to things like Microsoft Azure?
[00:06:44] Yeah, I mean, I think a lot of it, I think there is still a big learning curve, right? A lot of it is so new. But I think if I didn't start there, I'd have a lot more difficulty getting up to speed with a lot of those technologies.
[00:06:58] Like I'm still learning so much about the cloud infrastructure and cloud forensics and incident response. But I think having kind of the basis of just how systems are connected, how networks speak, permissions, user accounts, just all of the basic stuff, I think it's very important.
[00:07:17] Yeah. And you know, some of the things that I know is, I was able to even, you know, going back in and thinking, when we've done email investigations, your ability to understand how things were set up in exchange that were exchange admin skills.
[00:07:30] That became incredibly important just for litigation or later than an IR that a lot of folks in incident response had no real understanding of how exchange messaging worked. And I think it really hurt people compared to how so I saw some of the skills that you had adopted.
[00:07:46] Yeah, I honestly didn't even think about email, but that's a big one. Like we started out in kind of that MSP support role that I had at my our first company in troubleshooting, just like you said, messaging issues between exchange servers.
[00:08:04] Never in a million years would I think that that would come over to litigation and kind of understanding how email work and explaining it to a lawyer and to a court of law. And there's forensic expert reports that I've had to kind of review.
[00:08:16] And it's very clear when somebody knows the forensic aspect and how to find kind of the vector and all of the details around that. But that back end email just architecture is not something you really learn unless you're ever supporting it.
[00:08:33] Like those are some of the things too, you know, when we look at some of the training, I mean, you had years of schooling. Did you feel that it adequately prepared you or did you feel that
[00:08:44] it could have been maybe not cut short but condensed in a form where you could have removed some things and gotten into work for us sooner? Yeah, for sure. I mean, I think school was a wonderful experience for me.
[00:08:57] Shout out to Pace University and really all of the universities that have forensics and it's in response and just cyber programs. I think that they really do leave a good, you know, put a good foundation in a lot of young people.
[00:09:11] But I also and I say this pretty direct. I think I learned 90 percent of what I know today in the field, you know, from working with with your team, you and just kind of getting out there or hands on. And I think there's a lot of programs now
[00:09:31] that do that kind of condensed training. And I'm not sure that the formal training, although it is important and it's important for a lot of other reasons, right? It helps people grow and mature. I think there's a million ways to kind of self taught.
[00:09:45] I think a bunch of the people that we've worked with in our careers, right, had English backgrounds, art backgrounds and the smartest people I know never came from a cyber world. They just have that kind of mind and self starting and teaching themselves as they go, you included.
[00:10:03] But for real, I think being motivated and having that personality and even now, the way that I hire on my team, it's all just the type of person you are, how you communicate, how you react to things, how you handle stress, how you manage your time.
[00:10:18] I think a background has very little to do with it in terms of technical ability, because I think that could be taught. But the personality stuff is probably what I've struggled with the most in terms of like new hires, just not willing or not wanting it enough. Right.
[00:10:33] Well, that's the concern too is that I've seen, you know, again, that the cost aspect, it becomes an inhibitor to get into the industry. And I can imagine that you probably, you know, you were, I've gotten to know your parents and family over the years too,
[00:10:49] but you had a good enough background to afford that. Do you feel that if you didn't have the, you know, the wherewithal, the financial supporter, the upbringing that it would have been an inhibitor, you know, you wouldn't be able to find that path. Absolutely.
[00:11:04] I mean, I applied for a master's degree. I think it was six times the amount per credit from my undergrad to my grad degree. And I worked full time for the university to try to get some money off it. I still graduated with a ton of debt.
[00:11:18] So absolutely. I mean, if you don't have the support in place or you don't know where to ask for help and support to get into the programs and to be able to get through the programs, whether it's one, two, three years.
[00:11:31] Yeah, I could imagine that would deter a lot of people. How did you know as you kind of got into it? One of the things I noticed was your ability to do project management also people management.
[00:11:42] Did you sense early on that you were going to go to a more of a management type track within the industry? Yes, I think a lot of that just has to do right with personality being born and raised in New York City.
[00:12:00] I can't shake this type A part of me, no matter what I do. And so I think that I deal with people in a way. You know, I try to be kind. I try to be patient, but I also enjoy working through some difficulties
[00:12:20] and kind of managing a team. And so I think you kind of have to have the personality and want to do that. There's a bunch of people that I work with even to this day that made it very clear they want to stay on the technical track,
[00:12:31] don't ever want to manage people. So I think that's a personal preference and something kind of as the years go on. You'll decide quite clear. I would say probably early on. I mean, on our team, we kind of like we had a clear hierarchy,
[00:12:46] but at the lower level, we managed ourselves quite well. And I think it was pretty clear who, you know, like to give direction, who like to take direction, who like to be inclined calls, who didn't. I think that all kind of naturally settles within a group.
[00:13:01] Definitely with some of the other things that that we've seen too, certainly as young female coming in the street, were there challenges for you, you know, being accepted as you grew into a kind of leadership management, project manager role?
[00:13:19] You know, I certainly have my stories of where people surprised like I just the lack of filter people with the customers or clients would say sometimes things to you. But or some of the, you know, quite frankly, for a lot like a better word,
[00:13:33] horror stories that you had that had made it challenging. Yeah. Well, and I think a lot of this, which is a shame, goes back to personality and kind of how you react to things and your sensitivity.
[00:13:44] And like if you have doubts in the beginning, having some of these interactions with people would be enough to deter somebody from that career track. I remember a few times early on just going to conferences, you know, and people assuming that I was somebody's wife or somebody's girlfriend
[00:14:01] or assuming I was on the marketing team or the HR team, you know, never really thinking I was on the technical side or at a Sam's course to take a Sam's course. And so the assumptions hurt just because it's like, you know, my first question is why?
[00:14:17] You know, because I'm a female. Of course, I think that's, you know, that a lot of the male counterparts in the industry, I don't think we're getting the same feedback. So the assumptions hurt for sure. But I think just, you know, the type of person I am,
[00:14:31] I think it's made me and I hate to be like, I'm so much stronger. But I really think that like it's a challenge for me now. Like when someone assumes that, like I love it because it couldn't be any more different. But it's definitely hard.
[00:14:45] I mean, in the beginning, I think if I didn't have the support of the team that we had, I mean, who knows? I'm not sure that I would have stuck there. It's definitely disheartening. I think part of it too is that I know this when we've moved
[00:14:59] some of the practices you know, with the new, you know, name names, Keevu and Lizzie Cookson, who I've had on the show. I mean, she was and still is an incredibly strong personality. Somebody I follow, you know, I think how do you look at that experience?
[00:15:12] You know, when we need again for folks that are out there, it's a Keevu's and Incident Response firm co-founded by a female and had pretty much all of management were female. And it was it was a very diverse and very strong group
[00:15:28] that I attribute the strength to the diversity. How did that influence your ability to grow both technically, managerial and professionally? So that was a completely different experience, obviously, than anything I've had before. I'm definitely a male dominated industry, just tech overall and then cybersecurity even worse.
[00:15:47] So so moving to Keevu, it was it's weird because like, I don't really think I thought about it too much until it became the norm. Like, I don't think I thought about everybody on my first, second team were men until I moved to Keevu
[00:16:04] and, you know, all of my peers and colleagues in the same positions as me were girls because I think that was the first time that I was like, whoa, our CEO is a female, the head of every office is female.
[00:16:17] Like, you know, which I feel like I shouldn't react like that. If that should be how it is, if they're capable and they're smart enough, it doesn't matter, you know, what they are or where they come from. But I think it definitely strengthened me.
[00:16:28] It didn't it didn't have I didn't feel like I had to prove myself as much when we would have meetings, you know, the leads of all of the offices we get together. I'd be in a room with six females never in my career as that happened so far.
[00:16:44] So I think it definitely allowed me to kind of let my guard down a little bit and really focus on the technical career. That's really where I got into kind of the specifics of dealing with ransomware and all the negotiations. And they taught me so much.
[00:16:57] I mean, one's on my team now. Yeah. Well, talk to us about your team now. I mean, again, the founders of your current company. You know, there's very there's a strong diversity within inside the coalition. But tell us a little bit about the company
[00:17:14] and the role that you have now. Yeah, for sure. So definitely moved out of the consulting world. I work for ultimately an insurance company, but we are for ourselves as insure tech. Very, very technical group of folks here. So we offer insurance, cyber insurance,
[00:17:31] and we provide kind of proactive scans to alert our customers of anything we're seeing from the outside. Coalition started a coalition incident response team. So as most insurance vendors outsource their forensics and IR investigations, we started that in-house
[00:17:49] to be able to offer those on behalf of our insurance. So I was employee number one two years ago now, two years ago last week, started that group. And it's just been a whirlwind because although it's not consulting, I am still dealing with insured under the insurance umbrella.
[00:18:09] So it's similar to a lot of ransomware, a lot of BECs. There are seven of us now on the team. So we have four males and three females, but actively growing. I think we have two job racks out there. And then the broader coalition is extremely diverse.
[00:18:27] So we have a full engineering team, a handful of girls on that team, which is always great to see. That's another part of the technical sub-industry that is usually male dominated, but we're super, we're really big into diversity here at Coalition for sure.
[00:18:41] So I think with every move I've made, it's gotten better and better in terms of the type of people that I'm surrounded with in the diversity space for sure. Have you felt that? What are some of the benefits you've seen business wise to diversity?
[00:18:59] Because one of the challenges I've seen is people say, well, why would you do it? It's almost like there's a resistance as if somebody would, has to give up something in business. But one of the stories I've told is even when I was early engaged
[00:19:13] in bringing you into customer meetings, they thanked me and said, you're showing a better representation of who we are as a customer and allowed us to close bigger deals. Have you seen that diversity help the business that you do grow
[00:19:27] or at least be more better in certain aspects? Yeah, I mean, absolutely. I think that that's silly to say that it would hurt in any way. There has to be and right if you're seeking out somebody for a role just because they add to your diversity count
[00:19:43] that that's not the right way to do it. But it can't be that every position is filled by this specific type of person, whether that's a white male or what have you. So I think that people have wives, have children, have different backgrounds, have different religions,
[00:20:03] have all of these differences between each other and in order to oftentimes you relate to people depending on your interests regardless of what that is. And so the more diversity you have on a team, the more likely it is that you're going to find somebody
[00:20:20] that whether you're selling something to them or you're doing business with them or you're hiring them to be on your team, that can relate to you in some way. You know better than anybody else that this job is not a typical nine to five.
[00:20:33] So we are spending more hours with the people we work with than pretty much anybody else in your life. And so having people you can relate to whether that is by sex, religion, color of your skin whatever that is, I think it's important.
[00:20:51] I think people feel more comfortable and the conversations change and it only helps your business. I can't imagine any negative effect to that. So as you're getting much, much older now now that you're getting older, how do you look at it when you're seeing
[00:21:15] and I know you mentor people and help people have seen you do it. What are some of the advice you would give to maybe a young female that's looking, maybe in her late teens looking to get into college and looking at cybersecurity?
[00:21:28] What some advice you would give to a young woman or really anybody that might be in an underrepresented group in cybersecurity about getting into what we do? Yeah, I mean if you're passionate for it, you like it. Whatever your reason is, go for it.
[00:21:46] You have nothing to lose. You may feel like it's a little bit harder. I did feel that way in the beginning but I think it gave me so much more satisfaction getting to this spot rather than just having things,
[00:22:00] kind of, I don't wanna say hand it to me because I've definitely been dealt a pretty good deck of cards here but I didn't let the comments and kind of assumptions ever deter me. I just worked harder and kept my head down
[00:22:16] and stayed focused and I love what I do. I would never urge somebody to, not follow their passion because of that. I could imagine it's difficult. It was difficult for me too as a young person coming into the industry but go for it.
[00:22:33] You reach out, there's a lot of people here to talk. Well, if as we wrap up, if there was a way to reach out to you, where can people find you online? LinkedIn is probably best. So that is just my full name, Leanne Nicolo.
[00:22:51] I, you could definitely reach out to coalition if you need any, have an insurance or cyber questions but I would say most people, well, hard to say who your audience is nowadays. It's probably all over the board. LinkedIn is probably best. Get me direct. Well, awesome Leanne.
[00:23:08] Thank you so much for being on the show today. This has been a long time coming and I'm gonna try to get this posted as quickly as possible because tomorrow starts the Diana initiative and I want this to get some attention. Awesome, thank you so much Doug.
[00:23:24] Love everything you're doing. Thank you so much for joining us today on Cyber Security Interviews. I hope that you enjoyed this interview as much as I did. Please go to cybersacurityinterviews.com where you can find every episode including show notes and links for each guest.
[00:23:41] There you can also find social media links and just sign up for new episode notifications. Thanks, we'll talk soon.