Some of the Duo employees did a Reddit AMA where they were asked how they got started in InfoSec.

The common thread here, and in most of our individual stories, is a desire to tinker and try to break things to better understand them. That, combined with being a part of a hacker community that educates and supports n00bs, helped our security researchers ultimately find similar paths that have converged at Duo, where they’re doing awesome things like finding serious vulnerabilities in Windows OEM, playing with public Wi-Fi, and attempting the first Push authentication from the boundary of space.

Personally, I have a long history in IT, probing the boundaries to keep systems running and then got caught up in all the compliance mandates of the new millennium. I’ve almost always been a blue team guy, focusing on hardening, logging, and forensics.