In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.
David Lingenfelter is Vice President of Information Security for Penn Entertainment. His role includes overseeing IT security for the company, as well as overseeing IT compliance around SOX, PCI, and gaming regulations. He also works closely with the legal team on privacy matters and oversees IT operations at half of the company's casinos. He loves learning and teaching and tries to learn something new every day while trying to help others learn something new, as well.
Get to know David Lingenfelter
Q: Why did you decide to pursue cybersecurity as a career path?
A: I stumbled into the IT field after graduating with a bachelor's in electrical engineering and quickly found that I had a knack for computers and loved working with them. Very early in my career, someone said if I never want to get bored I should look at the security side of IT. At the time, IT Security was in its infancy as momentum of the dot-com era was just starting to build. Email was just starting to be more widely adopted, and very few companies had a strong online presence. Simply getting computers or applications to work was oftentimes challenging but eventually very rewarding. But getting them to do something they are not supposed to do took it to a whole different level.
Q: How would you describe your feelings about cybersecurity in one word?
A: Exhilarating. OK, I'm a bit of a masochist, but go back to my earlier response about never being bored. There's something new to learn in the cybersecurity space every day, and each day brings a new challenge.
Q: When you tell people what you do for a living, what do you say?
A: I will typically start with something along the line of "I work in computers." I let the conversation find its path from there.
Q: What has been your most memorable moment thus far working in cybersecurity?
A: It's been a long journey. I can't say I have just one "most memorable" moment. There are so many points along the journey that are memorable in so many different ways.
Q: If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?
A: For individuals and their personal cybersecurity, use MFA. Even with its flaws, it's so much better than a simple username and password.
Q: What is an industry-wide change you would like to see happen in the future?
A: More transparency after a company has suffered a breach. Legislation is growing around disclosure of what personal data was impacted, but disclosing information about the kill chain would be helpful for other companies to understand where they may need to tighten their defenses. How did the attack take place, what were the persistent states, what was the point of ingress, how did they move laterally, did they throw red herrings into the attack? Basically, what were the lessons learned.
Q: If you could pass or change one regulation/law in cybersecurity and data protection, what would it be and why?
A: I would like to see the American Cybersecurity Literacy Act come to fruition. It would be a game changer to see every individual in America trained in basic cybersecurity risk reduction methods.
Q: What encouraged you to join your current organization (employer)?
A: I look for opportunities to learn something new. I had never worked in the gaming industry before, and thought it would be interesting to learn more about it. At the same time, the industry was starting to go through a transformation with the changes in the laws around online gambling and sports betting, which I thought would give me an opportunity to help transform the company and the industry.
Q: What are you most looking forward to at SecureWorld this year?
A: All the networking.
Q: In honor of our conference theme, CyberSonic: Security & Sound Remix, what is your all-time favorite song?
A: "Nothing Else Matters" by Metallica
To connect with David and other cybersecurity leaders from the greater Philadelphia area, attend the 20th annual SecureWorld Philadelphia conference on April 19-20, 2023. David will present a session on "Understaffed and Under Pressure." See the conference agenda and register here.
Continue to follow our Spotlight Series for more highlights from industry experts.