Engineering Defense: Chris Tomei on Preparation, Systems Thinking, and Cybersecurity’s Role in Society 

In line with Echelon’s value of People with Personality, we are excited to continue our Cybersecurity Champion series, where we spotlight the incredible individuals who make up our team. Each month, we share the stories of professionals whose talent, dedication, and unique perspectives help keep organizations secure. 

Meet Chris Tomei, Senior Security Engineer at Echelon Cyber + Risk. Chris’s journey into cybersecurity was built over decades of hands-on experience, breaking systems, rebuilding them, and learning how they behave in the real world. With a background spanning IT, engineering, academic research, and security operations, Chris brings a defense-first mindset rooted in preparation, discipline, and long-term thinking. 

1. What initially drew you to cybersecurity, and how did that lead you to Echelon? 

   Chris Tomei: I started in IT a long time ago. We always had computers around when I was growing up, and I was lucky enough to be breaking them from the beginning, Macs, PC clones, upgrading CPUs just so I could play certain games. In the summer, I was rebuilding dirt bikes and engines. In the winter, I was rebuilding computers. That pattern stuck. 

   My degrees are in information science, which is broader than computer science, and that gave me exposure to networks and security early on. Around 2014 or 2015, I realized system administration was changing. Servers weren’t pets anymore, you build them, tear them down, and recreate them. At the same time, cybersecurity was becoming more important both technologically and geopolitically. 

   I worked on a security-focused research project at the University of Pittsburgh involving honeypots and experimental networks, studying attacker behavior in realistic environments. That experience made it clear that security was where I wanted to focus. Eventually, I made a deliberate move fully into cybersecurity, even if it meant stepping back temporarily, because I wanted hands-on exposure. That path ultimately led me to Echelon, where strong security foundations are taken seriously. 
    

2. Are there any cybersecurity trends or emerging technologies that you’re particularly excited or concerned about?

   Chris Tomei: Machine learning has interested me for a long time. I made sure it was represented in my education because the potential was obvious. Seeing what neural networks could do was eye-opening. At the same time, the risks are significant. These systems rely on data, and data can be poisoned, manipulated, or leaked.  

   There are also environmental and infrastructure concerns that don’t get enough attention. The energy consumption required to power large-scale AI systems is enormous, and that has real-world consequences: power grids, water usage, and resource allocation. Technology decisions don’t exist in isolation. From a security perspective, we need to think about how these systems affect society as a whole, not just whether they work. 
    

3. What’s one piece of advice you’d give to someone aspiring to get into cybersecurity today?

   Chris Tomei: There’s no single path into cybersecurity. IT backgrounds help on the technical side, but law, math, physics, and other disciplines all contribute. 
   
   What matters most is hands-on experience. Build labs. Try things. Break things responsibly. Learn how systems actually behave. When I didn’t have access to enterprise systems early in my career, I built my own lab at home so I could learn. 
   
   SOC roles, MSPs, and high-pressure environments can be stressful, but they accelerate learning. Just be careful, because today’s legal landscape is very different from when I started. Learn, experiment, but do it ethically. 
    

4. Are there any resources, communities, or organizations that have been particularly helpful in your journey?

   Chris Tomei: In-person communities made a big difference for me. Local security groups, professional chapters, and conferences helped me learn from people with decades of experience. 

   Organizations like ISC² and ISSA were especially valuable, not just for certifications, but for the conversations. You learn a lot by talking with people who’ve seen multiple technology cycles come and go. 
    

5. What’s something you’ve really come to appreciate about being part of Echelon?

   Chris Tomei: Echelon emphasizes preparation. There’s a strong focus on foundational security (inventory, hygiene, governance) before jumping into advanced testing. 

    You can’t protect what you don’t understand. If you don’t build defenses first, testing doesn’t tell you much. That mindset aligns closely with how I think about security. 
    

6. Outside of work, how do you like spending your time?

   Chris Tomei: I’m always building something—home labs, hardware projects, 3D printing, improving my house. Engineering never really stopped being part of my life. It just shifted between work and hobbies. 

    

7. What does being a Cybersecurity Champion mean to you? 

   Chris Tomei: Preparation. Preparing people, systems, and processes. 

   I enjoy offensive security work, but it only has value if defenses exist in the first place. You have to put a door on the vault before testing whether someone can break it. Being a Cybersecurity Champion means helping organizations get ready, so when something happens, they’re not starting from zero.