From Wrenches to Risk Management: Edgar Vanterpool’s Blueprint for Becoming a BISO

When we talk about cybersecurity, especially from the GRC perspective, we often make the mistake of assuming that great practitioners come from linear, predictable paths. However, the most exceptional professionals in the field typically defy conventional expectations. This week, I had the chance to sit down with Edgar V., a Business Information Security Officer (BISO), on The Other Side of the Firewall's Ask a CISSP episode, where his story flips the traditional script.

FFrom working in the engine bay to reaching the executive boardroom, Edgar’s journey exemplifies discipline, reinvention, and resilience.

“I started off as an automotive technician. I went to school for Ford, worked at Toyota, but love Chevy,” he shared. “Outside of work, I go back to my original craft. I love fixing cars.”

Real-World Skills, Cybersecurity Impact

It might seem like a leap, but Edgar makes it clear: fixing vehicles taught him more about cybersecurity than you’d expect. His hands-on work built a foundation for his transition to tech by helping him understand systems engineering, interpret diagnostics, and master customer communication.

“If you could trust me with your car, I’m pretty sure you could trust me with a computer,” he joked—but there’s a serious point under that humor.

As a mechanic, he constantly diagnosed, repaired, and explained complex problems in simple language to customers, estimators, and insurance adjusters. Now, he applies the same skills when communicating with business leaders and IT stakeholders.

“It’s about making it ‘crash-worthy,’ not perfect. Just like with cybersecurity—sometimes, it’s not about perfection, but resilience.”

The BISO Role: Business First, Always

The role of a BISO isn’t just a technical one. It’s a hybrid—equal parts translator, advisor, strategist, and technician. Edgar broke it down:

“To be a BISO, you have to understand the business. That’s first. Then comes information, then security, and then officer. It’s about protecting the right assets, without slowing the company down.”

He uses offensive and defensive strategies when proposing solutions: “If we make this change, we can win more contracts. That’s offensive. But if we shore up these vulnerabilities, we’ll save on breach costs—that’s defensive. Either way, I speak in terms of ROI.”

Leaving a High Salary to Start Over

One of the most powerful moments of our conversation came when Edgar talked about why he switched careers. After the birth of his daughter, the long hours in a collision center weren’t sustainable. He met a Wells Fargo employee who noticed his natural understanding of firewalls.

“He said, ‘You’ve been configuring firewalls already—you just didn’t know it,’” Edgar explained. “He coached me while I worked on his car.”

Soon after, Edgar walked away from a lucrative role to take a $15/hour position at a help desk in an MSP. “I chased the dream,” he said.

At that help desk job, he met mentors who helped him apply his mechanical mindset to IT. Taking things apart. He was able to put things back together. Understanding the systems holistically.

Growth Through Practice and Perspective

When I asked how Edgar became a BISO, he didn’t talk about a title chase. He talked about practice.

“Doctors don’t call themselves professionals—they call it a practice. That’s how I see it,” he said. “Every system, every business, every team requires a different approach. You have to practice adapting.”

He also emphasized the importance of clear, strategic communication: “Always ask the 5 Ws—Who, What, When, Why, and How. That’s how you get clarity, and that’s how you guide the business.”

What Comes After BISO?

As BISOs rise in influence, the natural question becomes—what’s next? And of course, naturally, I asked him in terms of Pokemon. What can I say? I have a weird sense of humor.

“Right now, I’m Charmander,” Edgar laughed. “Eventually, I evolve into Charizard—managing not just one system or team, but an entire enterprise.”

He envisions a future where BISOs scale their skills to become senior advisors, CISOs, or even CTOs. But for now, he’s focused on mastering the day-to-day.

Work-Life Balance & Mental Reset

Outside of work, Edgar unwinds by rebuilding vehicles and gaming. Whether it’s his 1989 Chevy Silverado with a 383 stroker or grinding through “Black Myth: Wukong,” it’s about mental clarity and keeping his mind sharp.

“I use hard games as a reset. If I can beat Wukong, I can face anything the workday throws at me,” he said.

Final Takeaway: Fail Forward

If you’re thinking about transitioning into cybersecurity—or moving from a technical role to something more strategic—Edgar leaves you with this:

“Fail forward. Don’t fear setbacks. Use them. Ask questions. Challenge assumptions. That’s how you grow.”

Listen to the full conversation on theothersideofthefirewall.com or ram.cyber.io. 📚 And don’t forget—our book is available for now!

Thank you for reading, and stay tuned for more episodes of The Other Side of the Firewall podcast on Monday, Tuesday, Wednesday, and Friday, as well as the Ask A CISSP podcast every Thursday. Please like, share, and subscribe.

Stay safe, stay secure!

I’m excited to announce my new guide, The Other Side of the Firewall: The Real-Life Stories of Movers, Shakers, & Glass Ceiling Breakers in Cybersecurity, is available for preorder!

This guide took almost a year to write and is built on 4.5 years of research, thoughtful observations, and interviews with 27 incredible guests. Based on the podcast of the same name, it shares the powerful journeys of underrepresented professionals who broke into and reshaped the cybersecurity field.

If you're looking for real-world inspiration, practical insights, and proof that there's space for you in cyber—this book is for you.

📘 Order your copy now at a discounted price: theothersideofthefirewall.com or your preferred eBook and retail store: https://books2read.com/theothersideofthefirewall

Ryan is a retired Air Force veteran who brings over 20 years of experience in network infrastructure, project management, and cybersecurity consulting to his current role as CEO of RAM Cyber Consulting & Assessments, LLC. RAM Cyber is a premier governance, risk, and compliance (GRC) consultancy dedicated to supporting the Defense Industrial Base (DIB), federal agencies, and corporate entities. We specialize in delivering expert guidance to ensure compliance, mitigate risks, and enhance cybersecurity postures.

Shannon, also a retired Air Force veteran, has more than two decades of expertise in network security and vulnerability management. He now serves as an Information System Security Officer (ISSO), where he continues to enhance national security protocols.

Chris is a Navy veteran with over 13 years in IT, information assurance, and risk management. His current role as a Senior Security Consultant focuses on vCISO and Cyber Assessments services enhancing data security and privacy for various organizations.

**The Other Side of the Firewall podcast is a product of RAM Cyber Consulting & Assessments, LLC. RAM Cyber Consulting & Assessments, LLC is a premier governance, risk, and compliance (GRC) consultancy dedicated to supporting the Defense Industrial Base (DIB), federal agencies, and corporate entities. We specialize in delivering expert guidance to ensure compliance, mitigate risks, and enhance cybersecurity postures. RAM Cyber is pending SDVOSB, VOSB, and 8(a) certification by the SBA, underscoring our commitment to excellence and service.