What inspired you to choose cybersecurity as your career path? Is it something that you always wanted to do?
Cybersecurity as a career path was chosen for me by the Air Force, at the time I had no clue it would lead me into a career field that I am both passionate about and I love.
What are some of the things you do in your current role?
In my current role, I handle cybersecurity engineering, consulting, analysis, strategy creation, policy creation, and project management in support of Corporate and DoD Programs.
What sorts of tools do you use in your current role?
McAfee ePolicy Orchestrator (McAfee ePO), Assured Compliance Assessment Solution (ACAS) , AWS Native tools, Atlassian, Humio, MS Project, etc.
What are some pros and cons about what you do? What’s your favorite/least favorite part?
Pros: The opportunity to learn new technologies, consistent change, growth, etc.
Cons: Technology changes at the speed of thought and keeping up with new technologies and threats never stops.
Describe your journey to us. What sort of academic/technical training have you received and how do you feel it has benefited your career?
BS Political Science United States Air Force Academy
Undergraduate Cyber Space Operations Course (USAF 17D)
Comptia Security +
EC-Council Certified Ethical Hacker
Joint Regional Security Stack
HBSS/ACAS Training
ArcSight Advanced Analyst
AWS Cloud Practitioner
I received a lot of training over the years in different areas of Cybersecurity, all the courses I have taken have benefited my overall scope of knowledge in one way or another. Training is just that, you need the opportunity to practice and use that training in a real-world environment to grow.
Are there any programs that you would recommend to people just starting out (e.g. e-learning opportunities, specific certifications, etc.)?
Comptia Security + and Comptia Network + are two certifications I would recommend to people getting started. You need a basic understanding of how things are interconnected and routed, this combined with a general overview of security are a solid baseline.
Linux Academy also has a ton of good material for a reasonable price.
Onward to Opportunity Syracuse University (For Veterans)
What are some relatively common questions that you have gotten in interviews? What skills are employers looking for in your particular field?
Employers want to see that you are competent and have the ability to learn. There is no specific set of questions I have seen during my interviews. What you will absolutely be asked in every interview is “tell me about yourself”. It’s really important to have something good at this point because it is usually the first time you will be speaking. The panel or manager has already looked at your resume, this is not where you repeat that same information. Rehearse and have the answer to this one down cold.
In your experience, which of the following grabs employers’ attention more: a traditional academic education or certifications?
Certifications are more important when getting started in Cyber Security than a degree. I know multiple Senior Cybersecurity Engineers and Analysts that have no degree. What you know is more important than a degree. I am not saying that a degree from a well respected institution of higher learning is not important; however, I have seen it not even be considered in interviews.
How do you stay up to date in regard to cybersecurity trends, attacks, overall current events?
Conferences, LinkedIn, Intelligence, Blogs, News, etc.
In your opinion, what are some trends that you have noticed and what do you predict will become a trend?
AWS/Azure will continue to dominate the space. I honestly would not hire someone without Cloud experience especially when you can create an account for free. [You] don’t need to be an expert, but you have to understand the basics of cloud technology and why it is different than a traditional networks.
AI is already being used, but it is not fully mature; look out for how it changes the game. Think about the tasks it can be given and the different applications toward today’s problems it will solve.
What skills do you possess that you feel have been the most essential for your success in your current role?
People skills and the ability to communicate will take you further in Cybersecurity than your technical ability. A lot of people understand the technology but not everyone can explain it to the lowest common denominator
Based on your skill set, if you were to make a transition to a different role within cybersecurity, where do you think you would be the most qualified?
I’ve been lucky enough to work for a company that gives me the ability to do a lot of different things. I am probably most qualified to pivot to a Compliance/Strategy role.
What are two books that you would recommend to others interested in your field? Why would you recommend those two books?
Creativity-Inc by Ed Catmull and A Better Way to Think by H. Norman Wright. [I believe] both books nudge you to think differently. The world is changing; you can get ahead of it or be left behind. I see so many different ideas and ways of thinking shot down because people are unable to think critically. Your co-workers, company, customers, boss, and the people you manage or will manage need you to foster creative thoughts not stifle it.
What is one free online source of information that you have saved as a part of your tool kit?
LinkedIn, seriously there is a lot of good information out there.
What is something you know now that you wish you had known when you began your journey in this field?
The opportunities are endless…keep learning.
If you were standing in a classroom right now, what advice would you give to the students who want to pursue a career in cybersecurity?
Cybersecurity is a great blend of creativity and logic. The nature of the career field forces you to grow your skills and talents with the demands of the industry. You can learn one thing really well and do that for an entire career, or you can commit to expanding you knowledge base and learn about multiple domains. The only limit to how far you can go is you!
What do you like to do when you’re not “nerding out”?
Hanging out with my wife and son
Bowling
DIY Projects
What inspired you to choose cybersecurity as your career path? Is it something that you always wanted to do?
Curiosity is what brought me into cyber security. I took a security class at the end of my undergrad degree and started to learn more about it - to a point that I decided to complete my graduate degree in cybersecurity.
What are some of the things you do in your current role?
A couple of things that I dabble in regarding my current role are risk assessment, threat modeling and in-house product pen-test.
What sorts of tools do you use in your current role?
To keep it clean and short, we use most of the widely known open-source and commercial tools (which I cannot list).
Describe your journey to us. What sort of academic/technical training have you received and how do you feel it has benefited your career?
My journey started after I completed my undergrad degree in Information technology and started working at Verizon as network support for the FIOS department. While at Verizon/frontier, I acquired A+ and the CCNA. However, my interest in cyber security was growing stronger every day. A good friend of mine and I decided to go for our master’s in cyber security. The cyber security program at UT made a difference in my career. I got the chance to learn new tools and techniques. I acquired my CEH certification before I graduated. The academics benefited my career tremendously but truly you don’t need a Master’s degree to be successful in the field.
Are there any programs that you would recommend to people just starting out (e.g. e-learning opportunities, specific certifications, etc.)?
There are a lot of great resources out there to help any individual brushing up on their skills. Below are a couple of eLearning resources that I recommend to start:
Cybrary
Coursera
Those platforms provide a vast amount of knowledge for any individual to read and update themselves.
What are some relatively common questions that you have gotten in interviews? What skills are employers looking for in your particular field?
Some questions that I have been asked during interviews are the following:
What is a CIA triad?
What network ports are commonly examined in a pen testing exercise, and what tool can be used for this
Please explain the checking for Rootkit infections in Linux.
Explain the MITM attack and how to prevent it?
How will you keep yourself updated with the latest cybersecurity news?
What command would you use for editing, searching, and replacing text in Linux?
What type of tools are there out there for packet sniffing?
How is cloud different from traditional data centers?
In your experience, which of the following grabs employers’ attention more: a traditional academic education or certifications?
This is one question that causes a lot of debate in our community. Someone will say that a certain certification is better to start verse another. The best advice I can give is to research your local employers through Indeed and LinkedIn to see what type(s) of certification(s) they are looking for; you will have better data. Having a certification like Security+ or CEH will help you tremendously during your process.
How do you stay up to date in regard to cybersecurity trends, attacks, overall current events?
I stay up to date by going to conferences, training, listening to podcasts and reading on cyber security trends. Podcasts are an easy way to stay up to date, and they are free since you don’t have to subscribe. Darknet diaries, Malicious Life and Cyber Wire are my favorite podcasts at the moment.
In your opinion, what are some trends that you have noticed and what do you predict will become a trend?
One trend I notice at the moment is ransomware. Currently, multiple healthcare organizations are facing the risk of their data being locked, and then they are required to pay threat actors (i.e. individuals, groups, etc.) in order to gain access to the data.
Additionally, I predict an increase in the illegal use of AI (i.e. nation state threat actors might use AI to hack government and private sector).
What skills do you possess that you feel have been the most essential for your success in your current role?
The most essential skills for my success in my current role are the ability to learn and adapt. Do not be afraid to step out of your box to learn and help your team within your working environment.
Based on your skill set, if you were to make a transition to a different role within cybersecurity, where do you think you would be the most qualified?
Based on the skills I have acquired, I would transition to Pen-testing / Red teaming. Offsec is really intriguing to me, and I want to continue to dive deeper into it through training and experience.
What are two books that you would recommend to others interested in your field? Why would you recommend those two books?
Threat Modeling: Designing for Security discusses the different ways of modeling software to address threats, as well as techniques and tools to find those threats.
Rtfm: RED Team Field Manual is a reference guide; it will repeatedly save you time when it comes to looking up hard to remember Windows command tools and scripting.
What is one free online source of information that you have saved as a part of your tool kit?
OWASP is a free online resource that I have saved as part of my tool kit; it contains a vast amount of information about web application pen testing.
You can access the OWASP web page via the following link: https://owasp.org .
What is something you know now that you wish you had known when you began your journey in this field?
At the beginning of my journey in this field, I wish I took networking more seriously and acquired more certifications before I graduated from my graduate studies.
If you were standing in a classroom right now, what advice would you give to the students who want to pursue a career in cybersecurity?
The best advice I would give any students pursuing a career in cyber security is to build a lab for practice and go to a lot of networking activities. Having a lab helps you to practice and cultivate the skills you need to be successful, and networking exposes you to your cyber security community where you might find it easy to get a job or internship.
What do you like to do when you’re not “nerding out”?
During my free time, I like to play video games, play guitar, help my family and participate in church activities. We need to unplug at times to help our loved ones that support our goals.