In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.
Ryan Mostiller is Sr. Manager of IT Security at BorgWarner, an automotive and e-mobility supplier headquartered in Auburn Hills, Michigan, and serves on the SecureWorld Detroit Advisory Council.
"I'm a passionate security leader who loves waking up and working on my next challenge," Ryan said. "I'm motivated and inspired by the amazing people from my team, my organization, and my community. When I'm not thinking about security (if that's possible!), I love unplugged family time with my wife and kids—walks through town, golfing, or playing outside. I'm proud to be a Michigander and I love the seasons and beautiful sites of our state. I'm a double alum at Oakland University, and in addition to my current role at BorgWarner, I have a part-time role as a Lecturer and Curriculum Developer at OU. I love to share stories about security, especially about the moments that shaped my career and how I learned from them, but I also am happy to listen and learn from my peers. After more than a decade in security, I am still learning every day. I've presented at SecureWorld now six times, in addition to other regional and national events."
Get to know Ryan Mostiller
Q: Why or how did you decide to pursue cybersecurity as a career path?
A: I've always been an "IT person" even way before I had a formal job, as computers have been a passion for as long as I can remember. I sort of lucked into security by configuring and maintaining the tools no one else spent the time on, mostly some of our primitive security tools. This is before there were "security" jobs at my org, but once it was formalized, it kind of worked out since I was using so many of our security tools that I could join the team.
Q: When and why did you join your current organization (employer)?
A: I joined my current org about two years ago in September 2022. I was fortunate enough to have connected with the previous CISO at the org, and he recruited me into the role. See, the power of networking is real! I was really excited to work for BorgWarner because I've seen how the company has generations of success and it's full of extremely smart, mature, and challenging leaders who inspire me. Plus, I have a love for auto racing, and BorgWarner has its name on the Indy 500 trophy!
Q: What has been your most memorable moment thus far working in cybersecurity?
A: Well, everyone has moments they will never forget for a variety of reasons, but some of my more proud moments are the opportunities I have to show our board and leadership team the great things our security team is doing and to present real evidence of how we are keeping the company safe. While not perfect, but the fact that we can demonstrate a continued improvement to our security posture is something I get a huge joy and sense of pride out of.
Q: How would you describe your feelings about working in the field of cybersecurity?
A: You never get bored with the ever-changing risks, problems, or new technology to learn about!
Q: If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact on their organization?
A: This might be different than the usual answer of something like cybersecurity education, but for me I will say communicating why this all matters and why it's important to care about it. If we can't explain why a risk is something to take seriously, we will never advance the security mindset in the company.
Q: What are the biggest challenges facing the cybersecurity profession?
A: I believe we have a growing gap between the people trying to get into this industry and those who have been here for a while now. We have more demand than ever for the job, but it's difficult for people to find their first role in Security, and when they do, they may or may not have the skills and experience to be as effective as hoped. I am hoping we can continue to safely utilize tooling and AI to help bring people up to speed quickly, but at the same time, we need people to keep learning the foundations of how IT, networking, and development work, so they can use that knowledge to make confident and correct decisions. That, and threat actors are continually evolving and finding new ways to attack us.
Q: What are the biggest opportunities facing the profession?
A: With new policy and compliance brings a new opportunity for security to demonstrate our value to the business. We are no longer an insurance policy; we are now needed for our business to expand, enter new markets, acquire new customers, and establish new lines of business. We are getting called into M&A and sales meetings now to help demonstrate how we will secure the business so it can continue to grow.
Q: What advice do you have for someone considering cybersecurity as a career and/or someone new to the field who is looking to move up the career ladder?
A: This is an incredibly challenging and rewarding field to be in, but it's a specialization, so it's going to be a lot of hard work to continue to succeed. If you are looking at cybersecurity because of the career prospects, think to yourself if this is something you are truly passionate about. I can help a person learn about any of the paths of security, but I can't teach someone to be passionate about the field and the job itself. If you are not truly loving cybersecurity, that's ok, but understand that you will need to find the role that's right for you, so you can spend the time and energy to continue to grow and learn in our quickly changing industry.
Q: In honor of our 2024 conference theme, Legacies Untold: Revealing Cybersecurity's Hidden Figures, who is someone that you consider to be a Cyber Hero?
A: Maybe obvious, but the first "hackers" I ever saw was Kevin Mitnick (RIP). I really respect Dave Kennedy, who is an extremely successful member of the security community having started two security companies after being a CSO himself. I got to meet him at Black Hat this year, and his presentation with Jake Williams was so spot on and insightful.
Q: Lastly, what are you most looking forward to at your regional SecureWorld conference this year?
A: I love simply talking to peers in my field and industry. I go back to SecureWorld every year because I see familiar faces and a great group of inviting people who are willing to listen and share stories of their own experiences. A huge 10,000-person conference might be all about the content, but SecureWorld is about the community and the people who dedicate their time and energy to growing it.
To connect with Ryan Mostiller and cybersecurity leaders in the Greater Detroit region, attend the 22nd annual SecureWorld Detroit conference on September 18, 2024. Ryan will be moderating the Advisory Council Roundtable Lunch on the topic of The Surprising List of CISO Top Concerns.
Continue to follow our Spotlight Series for more interviews of industry experts.