Skip to content

Steve Waterhouse's cyber journey

How did you get into cybersecurity?

While serving in the Canadian Forces, in 1994, the fielding of office computer networks was in full force under the designation "Operation Steam Roller" in the Army, but did not have the trade to support this new mean of communication to replace the good old carbon copy memo.

So a call went out to any trades to get anyone with IT experience to be posted in supporting these computer networks as LAN administrators. The navy and AirForce were using Novell while the Army deployed Banyan Vines network operating systems. As an infantry instructor, yet had studied in this techno field and still had the passion to work with the technology, I stepped forward and went on to manage the administrative computer network of the army HQ in Montreal in 1995. Later in 1998, became the first MAN manager for the Montreal region and shortly after, became the first Information Systems Security Officer (ISSO) for that same area of responsibility. The MAN was composed of 5 HQs, more than 5k users to support in various contexts including international military operations. 

After surviving the Y2K operation, I was offered to refit the Royal Military College in Saint-Jean as its mission was revived after its shutdown in 1995. As first ISSO, I managed the IT operations once everything was setup after I fielded a network for the educational purpose and an administrative military network. for the first 3 years, all buildings were stripped down to the walls and everything was redone all over, especially the IT networks. By the end of the 3rd year, we were able to commit the 2nd wireless network in operation in the Canadian Forces for the educational mission of the college.

After these 9 years at the RMC, I went on to the private sector in IT Security and IT training across North America in technical fields like Networking, Wireless, Video-Conferencing and cybersecurity (Cisco, CompTIA, CWNP and CISSP). After sensing all was good and seeing the market evolution, I founded my company (INFOSECSW) and for the last 13 years, became a "go to", SME for Canadian medias (in French mostly) for cybersecurity and I pursue the need to invest time and efforts to educate and raise awareness of cybersecurity, whatever the topic may be, good or bad. And that desire to share knowledge and experience brought me to the public speaking arena as I made it my main source of work as well as teaching with the Université de Sherbrooke, teaching the first micro-program in information security for now 5 years.

Tell us about your journey, challenges, people, programs or companies who helped you?

My journey is one that I got to blaze the path for other to follow. Started in the working when the word "cyber" was not even in use. Had to muster much new insights on the matter, train many people to adopt the same mind set (was an ISSO instructor for 3 years at national level).

I have to acknowledge the constant support and encouragements of school and school board personal at an early age, staff that believe in me and allowed access to so much resources and and time that we exchanged so much knowledge over time. For me, it is a reason I give back so much and I believe in the mission the train, raise awareness to everyone so they enjoy technology instead of being a victim to it, hence giving so much time to the medias. and when schools approach me and ask for some time, I never say no so I can again, induce the next generation of cyber workers that will work with me in the future.

Another mission that stuck to me over the years, is to bring cybersecurity to the Francophone community since we know most of the pertinent information floes in English. Making all that knowledge here on social medias or in the classroom will motivate more people wanting to work with us all for a longer period.

What do you believe others need to do to succeed in cybersecurity?

Cybersecurity is not a 9-5 typical job. Those who believe so, are simple clerks aiming for the pay check. I consider myself an extremist in this field, but that way of thinking and working brought me to become the first ADM of cybersecurity for the province of Quebec in 2022 in order to bring this change of philosophy in the public service, one that enhances information protection since the Government has those vast amount of citizen's information under their responsibility.

Cybersecurity is a devotion to the basic triad of Confidentiality, Integrity and Availability of information. And from a very young age, you have to lead by example. Meaning you apply what you prescribe so you believe in that way of working and doing things, so the people you influence, tech to or talk to, will get the feeling you do what you mean and not simply filling empty time/space with shallow discussions and words.

Once you master the subject, your fellow citizen wants to know about what you think and help our elected representatives do better. I had the opportunity to present various perspectives of cybersecurity with MPs in House of Commons committees as well with the Quebec National Assembly.

Tell us something interesting about yourself and how that makes you who you are. 

This passion for technical stuff came at a very early age and I am still as curious as ever. Early in life, I was curious to understand how radios and TVs were working with those lamps, repaired them and later on studied the transition to the transistor and to the microchips later and learned how to program them wit zeros and ones.

The military mindset sharpened overtime, forged the necessary discipline and needed anticipations and critical thinking with IT in general but most certainly with IT Security. As the history of "cyber" was from the US military, it is still to this day most important and relevant to consider the current state of affairs as an on going battle, with now state actors applying military operations on weak technology and wants to take over our economy and way of life, that is more and more online. By applying a "combat" thinking to approach the current state of affairs, it simplifies to my sense how to do things, just the like minded cybersecurity industry in Israel and the US.

 I always say that "Security by obscurity is over in the 21st century". 

We as a security conscious community, we have to pull together our knowledge and resources, to be at par or a step ahead of bad actors. Otherwise, we are bound to keep addressing elementary notions of cybersecurity forever.