When you think of careers in cybersecurity, do you picture fighting cyber threats with Mission Impossible cyber feats? Those slick scenes from Hollywood studios may get attention, but the reality can be even more compelling. While the term “cybersecurity” is relatively new, measures like firewalls, user authentication, and information assurance are long-standing industry protections. What’s different now is a renewed emphasis on security, resulting in stronger defensive infrastructure and more sophisticated offensive attacks. Today the field is rapidly evolving as investments from private industry and the federal government spur growth in cyber-related careers, with options in many technical specialties, including support, security, networking, programming/app development, system administration, hardware design and repair, and engineering, as well as nontechnical roles in sales, management, marketing, and operations. The threat these roles are addressing is real. Identity theft is the most common cyber crime says Brad Scott, Chickasaw Nation, CEO of the Cetan Corporation, an IT solutions company in Chesapeake, Va. He explains that attackers are also looking for wide-ranging confidential information, such as corporate trade secrets, client data, and top-secret plans, and this stolen data can be used to initiate a host of crimes. Or attackers may simply want to disrupt their target’s normal operations.
Digital-Age Warriors
Cyber crime, Scott points out, affects every one of us, from newborns to grandparents. “By pursuing a career in cybersecurity,” he says, “you can do your part to protect our tribal communities and democracy as a whole.” Scott is a “cyber entrepreneur” who turned an initial investment of $5,000 in 2007 into more than $11 million by 2012. He says this success was influenced by his grandmother Pearl Carter Scott, who at age 14 became the youngest solo pilot in America and earned a spot in the Chickasaw Nation Hall of Fame. His company’s client list of more than 300 across the Americas and Europe includes the Library of Congress, the U.S. Army, and Novartis. “The reality is that we are at war in this digital age and need warriors to help us win,” he says. “The cyber crime war isn’t being fought on a battlefield on another continent, but right here in the United States. It touches everything you see and do electronically — even the mobile device, tablet, or computer you might be using to read this article.”
Wanted: Experienced Techies
To be part of the solution, say the experts, get as much experience as you can as soon as you can. Start by helping your family and friends with computer problems or interning with a local company. Initially your payback may be just the earned experience — but you are investing in yourself, and your compensation will increase along with the value you can add. One strong booster of experience is Bonito Gene, Diné and Hopi, managing founder of Indigenous Intelligence. This Native American–owned company provides consulting services to the federal government and the military, including strategic and tactical signals intelligence analysis, cyber training, and operational support and training for mobile, cellular, and wireless technologies. Gene knows firsthand what it takes to succeed as a Native American cybersecurity professional, and he says that Hollywood is a big reason why the field garners a lot of interest. “Cybersecurity is attractive to Native youth because it’s in movies they watch at home,” he explains. “Their remote locations also mean that they spend a lot of time on the Internet, and it’s a good outlet for those who embrace the technology.” Gene recommends that aspiring young professionals start teaching themselves early. “Tinker with computer hardware and software as soon you can,” he says. “Cybersecurity involves both these elements, and you can gain so much by reading the software documentation and taking apart a computer and learning about the components.”
Experience + Education
While Gene encourages young people to get experience on their own, he points out that most industry roles require formal education. For Gene, certification is a good way to start, and he recommends looking to training partners of organizations like CISCO, CompTIA, EC-Council, CWNP, and Microsoft. But, he cautions, “these certifications should not be looked at as replacements for an actual degree — only as supplements.” Scott seconds Gene’s advice. “At Cetan we look for team members who have a nice combination of experience and education,” he says. “Given that IT is constantly evolving, we look for self-starters and problem solvers.” And he has a serious caveat for young people: despite those stories of a few college dropouts who created technologies and vast wealth, staying in school is the right path. “While some of these stories are true,” says Scott, “they represent a minute fraction of the successful professionals in the IT industry. Education, combined with experience, is the formula for success.”
Hitting the Books
Getting that education in cybersecurity can involve a range of classes, from psychology to language, cultural study, computer sciences, engineered devices, security procedures, and systems engineering. California Polytechnic State University in San Luis Obispo, Calif., and Embry-Riddle Aeronautical University in Daytona Beach, Fla., are two schools that have inaugurated new concentrations in cybersecurity, with first-year budgets (just in the last 12 months) in the range of $20 million to $50 million per school, funded by major corporations. Cal Poly, for one, has established a Cybersecurity Center, opened a new cyber lab, and developed a cybersecurity curriculum, hoping to become, according to calpoly.edu, “a leading supplier of cyber-ready experts, professionals, and innovators.” The program, spearheaded by the Cal Poly College of Engineering, is a new major collaborative initiative between the university and public and private organizations. One of those organizations, Northrop Grumman, has funded 32 workstations, classrooms, and lab facilities with online access to the company’s Virtual Cyber Lab. This collaboration could serve as a model for other schools. (For other samplings, see “Find Your School” on page 35.)
Cybersecurity and Defense
Martin Machniak leads the Science and Technology Forecasting and Transition Branch of the Office of Research and Technology Applications at the Space and Naval Warfare Systems Center (SSC Pacific) in San Diego. He also serves as cyber outreach coordinator for STEM-related programs for young people. Much like Scott and Gene, Machniak says there is no substitute for learning at a personal level combined with a formal education. That education, he says, should range from software development, mathematics, and statistics to simulations and modeling software programming. “There was a time when I would have said computer engineering and physics were the way to go,” he explains. “But now other fields are developing, and it would be beneficial to include degrees in computer networking and courses in information assurance, operating systems, and more.” Machniak also stresses the need for leadership- and team-building skills. “It’s not just about book smarts anymore. Sometimes students study a homeland security program, and they think they can come right in. But we really do like much more of a technically proficient background.” The payoff can be a chance to serve in a satisfying professional role. “We are the Navy’s premier research, development, test, and evaluation laboratory for command, control, communications, computers, intelligence, surveillance, and reconnaissance,” he says. “With all these fields to choose from, the possibilities of getting into a career are nearly limitless.”