From picking locks to leading information security

Jessica Hallman
January 03, 2020

UNIVERSITY PARK, Pa. – “A lock isn’t designed to keep people out; it’s designed to slow people down.”

That was the key point that Nick Leghorn, Penn State Class of 2010, took away from a hacking conference that he attended as a student.

“I learned a lot about lock picking,” said Leghorn. “It was a deeply engrained part of hacker culture, and is a good physical example of hacking. It gives an analogy of what we, as hackers, do.”

Leghorn brought the analogy back to Penn State, where he ultimately founded Penn State 2600 — a student organization for people who wanted to have fun with technology and enjoy being intellectually challenged. The art of lock picking was the focus of one of the club’s first meetings.

“Locks are just another security tool,” said Leghorn. “The purpose of the club was to get people to understand how security could break down, and how to improve it.”

Penn State 2600

The first meeting of Penn State 2600 -- which focused on the art of lock picking -- in the mid 2000s.

IMAGE: Provided

While Penn State 2600 no longer exists at the University, the concept of determining how to make objects and systems more secure translates in Leghorn’s role today at Indeed, a leading employment listing search engine, where he serves as manager of information security risk management.

According to Leghorn, who started at Indeed as manager of security engineering, there was a need for a governance risk and compliance function at the company that didn’t exist. So, he drew on the knowledge and experience he gained through the College of Information Sciences and Technology’s security and risk analysis program to help build that function within information technology security.

“Our information security risk management team will include four people at the end of the year,” said Leghorn, “which is pretty remarkable, as it didn’t exist a year ago.”

This new team will join a growing information security department at Indeed with more than 40 employees.

Leghorn didn’t just use his SRA background to pioneer a new position; he draws on the foundation that he built at the College of IST on a daily basis.

“The concept behind risk is pretty well established, but matching that and fitting it to a company is not always straightforward,” he said. “The College of IST taught me how systems work in theory, and the tools to be able to then build our own frameworks and best practices matched to a unique organization.”

He added, “Penn State gave me the understanding and knowledge to be able to freestyle and make something rigorous and effective.”

And while he graduated from the College of Information Sciences and Technology, he stressed that critical thinking and communications skills are just as important as technical knowledge to stand out.

“I still use the lessons I was taught [at IST] today,” he said. “At Indeed, a lot of things we look for when recruiting and hiring isn’t rote knowledge. In a security group, we look for people who can understand how an attacker might think or ways they can go about attacking a system.”

He added, “We can teach you the technical skills, but that mindset comes from within.”

Finding the perfect program

As a high school student, Leghorn was only interested in one college: Penn State and the College of IST. He loved the idea of doing risk analysis, and wanted to understand the risk and the security aspects that went with it.

“There were some programs (at other institutions) that were more technical, or more into application development or hard IT stuff,” said Leghorn. “What I was looking for and was interested in was the combination of how you bring IT and security knowledge to the business and make them understand it.”

He found what he was looking for through the SRA program. Entering the new program, he enrolled in the first iteration of a deception and counter-deception course, which was still in its developmental stages.

“What I loved about that course was the theory and the thought exercises to try to understand an attacker mindset,” said Leghorn. “I loved that hands-on learning experience. It is directly applicable to the real world.”

While he went on to further build foundational skills in the classroom, he also served as a learning assistant and a research assistant, allowing him to help other students with course material and giving him real-world, hands-on experience in the field. He also build lifelong friendships as the president of the IST Special Living Option, a space in the West Housing Area where IST students to live together and build community.

“Being immersed in a group of other like-minded people, and having neighbors who had the same course work that we could ask for help, gave us a common thread that we could all relate to,” said Leghorn. “I had a built-in group of friends immediately.”

What it’s all about

Outside of his professional life, Leghorn finds time to give back to the community. He went through the emergency management training program while a student at Penn State, and has served as an emergency medical technician after graduation. He also holds a pilot’s license, serving as a mission observer for civil air patrol, assisting with disaster and humanitarian relief; and as a pilot for Pilots N Paws, providing transportation for rescue animals across the country.

“Being a pilot is always something I’ve wanted to do,” he said. “When I first got my certification, I started flying rescue dogs from kill shelters to their forever homes.”

On his dedication to volunteerism, Leghorn added, “My mom always told me that if I have some free time then I’m doing something wrong. She’s been a proponent on volunteering. Helping out however we can and giving people things they don’t have is what our family is all about.”

Last Updated January 03, 2020