Tag: IT and cyber security

Cyber Security in Today’s World

Posted on by Venessa Regali

Interview with Ron Woerner: What Is Cyber Security in Today’s World

Ron Woerner stands as a seasoned IT veteran and a luminary in the field of cyber security, offering a wealth of knowledge from which one can glean valuable insights. His current role as the Director of Cyber Security Studies and an assistant professor at Bellevue University underscores his expertise in this domain.

His journey into the realm of IT and cyber security was ignited by an early fascination with computers and an innate curiosity about unraveling the inner workings of technology. This initial spark paved the way for his illustrious career as both a distinguished cyber security expert and an educator in the realm of IT.

Cyber Security Tips Ron Woerner

Woerner commenced his academic journey by achieving a Bachelor of Science degree in Computer Science, a commendable feat he accomplished at Michigan State University’s esteemed College of Engineering. His thirst for knowledge then led him to pursue a Master of Science degree in Information Resources Management, an achievement he attained at Syracuse University’s renowned School of Information Studies & Technology. To further fortify his expertise, Woerner has also earned various certifications, including the esteemed Certified Information Systems Security Professional (CISSP) and the highly regarded Certified Ethical Hacker (CEH).

As his reservoir of experience and capabilities expanded, Woerner has earned recognition as an authoritative figure in the realm of cyber security. He has shared his profound insights by contributing articles to industry publications, delving into pressing topics such as “4 Challenges to Address Corporate Cyber War” and “Educating Employees to Build Better Cyber Security.” Moreover, Woerner frequently graces conferences on cyber security and risk management as a distinguished speaker. Notable presentations in his repertoire include a captivating “Human Hacking” discourse at the US Cyber Crime Conference and an illuminating “Security in the New World” presentation at the Armed Forces Communications and Electronics Association (AFCEA) conference.

So what is it like to work in cyber security in today’s ever changing technical world? We are pleased to share Ron’s thoughts on that topic.

Please give a general definition of cyber security for someone interested in Information Technology but may not be familiar with the field.

The practice of cyber security is preventing, detecting, and responding to threats to the confidentiality, integrity, and availability of information systems and data.

Tell us more about your background and education. What brought you to work in IT and cyber security? 

I’ve always been interested in computers. I started using them in middle school in the early 1980’s and bought my own computer in 1982. It stems from always being curious on how things work. I studied computer science in college with a full-ride AFROTC scholarship to Michigan State University

After college, I worked for a year at AT&T Bell Labs in New Jersey in their archives researching the history, patents, and technologies. Once active-duty, I was an Air Force Intelligence Officer. That taught me many of the fundamental concepts of cyber security. I gravitated toward that topic as a Master’s degree student in the mid-1990’s, since it merged my computer science and intelligence backgrounds. I started working cyber security full-time in 2000 when I created a security program for a major billing company.  

Your professional IT work experience has been in many varying industries, from TD Ameritrade Bank to Nebraska Department of Roads to a food packaging company. Can you tell us a little about how cyber security varies from industry to industry?

The basic cyber security concepts and philosophies don’t change from industry to industry. What’s different are the compliance requirements and the organization’s risk management approach. TD Ameritrade is both a publically-traded company as well as an online brokerage. They have many more regulatory requirements than organizations not in that industry. Regulatory and legal requirements often make a security professional’s job easier, since it sets the goals for a security program. For other organizations I worked for, I had to sell the reasons for security technologies, policies, and procedures to ensure they fit the organization’s business model.

The other difference is how the organization manages risk. Financial organizations and publically-traded companies are much more mature in their understanding and handing of risks. Government and private organizations have a different risk tolerance and therefore the security program must be able to work within their risk framework. 

Cyber security is really a component of risk management and a function of the organization’s business. Cyber security professionals need to use sound risk management processes to ensure IT and cyber security risks are identified, assessed, and appropriately managed based on the business model.  

Can you talk about your dual role as an educator at Bellevue University and as the university’s Cyber Security expert?

The Bellevue University Cyber Security programs are designed to meet the high demand for cyber security professionals in both the public and private sectors. Combining theory with active learning, the program provides a framework for protecting an organization’s information and technology assets. The program is designed for professionals who want to build and expand their knowledge of protection and risk management techniques in the realm of cyber technologies. The program focuses on network and software security, risk management, protection mechanisms, business continuity planning, disaster recovery, and governance of information systems.

As the program director, I need to convey to my student and colleagues the skills, abilities, knowledge, and behavior required of security professionals. I am often asked by people both internally and externally for my expert opinion on a particular security issue, breach, or vulnerability. This requires continual study and research to be able to answer questions accurately and intelligently along with keeping my technical skills up to date.

As an Cyber Security professor, what concepts are you teaching students that are new for even you, a veteran of the industry?

The more I learn, the more I realize just how much more I have to learn. This is true in almost any field, not just IT. A good security professional needs to be well-versed in a multitude of subjects including economics, business management, psychology/human factors, legal studies and project management along with technology. 

Within technology, the newest area is mobile and cloud computing. Many organizations are moving to cloud technologies and using mobile devices like smartphones and tablets. This requires a slightly different mindset than traditional technologies. So, I’m continually learning the technologies in use such as virtualization, mobile app development, and big data.

Bellevue University is partners with numerous large companies like IBM, EMC, and Cisco. I’m taking advantage of the great training that comes with those partnerships.

It sometimes boggles my mind how much more there is to learn.  A philosophy I live by is to always be learning.  

How has cyber security changed since you entered it? Where do you see it going in upcoming years?

We will continue to see anytime/anywhere computing grow. Mobile and cloud computing enable this. The Internet of Things (IoT) is also a great change where more devices are made network-accessible. This means we’ll need to identify the threat, vulnerabilities, and risks associated with those technologies and apply security accordingly.

We are slowly migrating away from passwords. They are a very poor security control, yet they are very simple and cheap to operate. We will continue to see a growth in two-factor or multi-factor authentication, which requires users to use something they know (like a password) along with something they have (like a cell phone) or something they are (like a fingerprint). It’s much more common-place and user-friendly today, which is great because of the additional layer of security it provides.

Many companies from varying industries have been featured in the news recently for having their company and consumer information stolen by hackers. How does the field of cyber security contribute to preventing these kinds of hacker attacks and security breaches?

The recent breaches are causing many (if not most) organizations to re-prioritize cyber security. They don’t want to be the next headline, so they are hiring cyber security professionals to improve their technologies, policies, and procedures to reduce their risks. Cyber Security professionals understand threat vectors and the threat landscape to better anticipate potential security problems and hopefully stop them before they occur (aka prevention). They also understand how to detect issues to reduce the impact or probability of damage occurring. Lastly, they can help the organization respond appropriately when there is a breach.

There is no silver bullet to security. It takes dedicated security personnel along with universal participation of all employees to keep risks at a manageable level.

In your opinion, is it an ideal time to go into IT or to become an IT specialist? If so, why?

IT continues to be one of the hottest career fields. Computers are now ubiquitous and we need people to program, maintain, manage, and secure them. There are way more jobs than there are workers. 

What qualities or skills do you think are necessary for pursuing a career in IT and cyber security?

We need students who know more than just how to point and click, but understand the underlying technologies. They need to be consistently curious about the technology with a passion to learn the many different facets of the career field. To be successful cyber security also takes maturity. Things rarely go as planned. The professional needs to be able to handle adversity and implement contingency plans to meet organizational goals.

Other skills needed for not only IT / Cyber security, but all career fields are the ability to (1) communicate and (2) work with people. Being a successful IT or cyber security professional means more than just the technology, but the ability to interact with the people who use that technology.

What advice do you have for students pursuing a degree in IT or cyber security? How can students prepare themselves for the challenges?

A-B-C: Always Be Curious. There’s so much to learn (see my quote above) that you can’t get it all in the classroom. You need to do your homework even when you’re out of school to stay up to date. The real tests aren’t in the classroom, but in the workforce. 

Ask questions. If there’s something you don’t understand, it’s your job to ask intelligent questions to learn. 

CYA: Check Your Assumptions. Don’t assume that things are as they appear. Also, don’t assume that people understand what you’re talking about.

What do you find is the most exciting thing about the work you do?

The students. I love interacting and learning with them.

The experts interviewed for this article may be compensated to provide opinions on products, services, websites and various other topics. Even though the expert may receive compensation for this interview, the views, opinions, and positions expressed by the expert are his or hers alone, are not endorsed by, and do not necessarily reflect the views, opinions, and positions of EducationDynamics, LLC. EducationDynamics, LLC make no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in or resulting from this information or any losses or damages arising from its display or use.

Financial Aid Info

Cyber Security Issues

Posted on by Venessa Regali

Interview with Michael Meikle: Challenges of Working in Cyber Security

Michael Meikle has witnessed the profound transformations within the Information Technology (IT) sector during his extensive two-decade tenure. The landscape that initially revolved around combating viruses and fortifying passwords in the 1990s has since undergone a substantial shift towards safeguarding data in our wireless, mobile-device-dominated world. Holding the pivotal roles of Chief Operating Officer and partner at the cybersecurity consultancy firm secure HIM, Meikle enjoys an unobstructed view of the ever-shifting terrain of data protection and risk evaluation within the IT domain.

Michael Meikle pursued coursework at Virginia Commonwealth University before embarking on a journey with a startup, where he gained invaluable hands-on experience. He furthered his education by earning a Master’s certificate in International Business Management and subsequently pursued multiple certifications, including the coveted Project Management Professional (PMP) and the esteemed Certified Information Systems Security Professional (CISSP).

Thanks to his profound expertise in the field, Meikle has been called upon to share his insights in articles addressing topics ranging from security breaches to effective business strategies. His contributions have graced esteemed publications such as the Los Angeles Times, the Chicago Tribune, and PC World Magazine. Additionally, Meikle is a sought-after national speaker on technology and cybersecurity, regularly delivering talks at diverse industry events, including those hosted by the Medical Society of Northern Virginia (MSNVA), the Intel/McAfee FOCUS Conference, and Secure360.

Meikle emphasizes that many of his early positions played an instrumental role in shaping his current career trajectory. He points to pivotal roles such as a system and network administrator at an engineering startup, a project manager within the US Department of Health, and a security architect at Capitol One as vital stepping stones in his professional journey.

A significant milestone in his career was achieved when he received the prestigious Governor’s Technology Award from the Virginia Department of Social Services. This recognition was bestowed upon him for his exceptional contribution to the implementation of the Division of Licensing Programs Help and Information Network (DOLPHIN) System. Notably, this marked his inaugural software product implementation intended for statewide use, marking a momentous achievement in his professional portfolio.

Our interview with Michael Meikle explores the challenges currently facing the field of cyber security and the importance of continuing education in order to stay current and informed in the IT industry.

Tell us more about your background and education. What led you to work in IT and cyber security?

I have always had an affinity for computers and technology, so when I joined an engineering startup in college, I naturally fell into a system/network admin role. From there, I leveraged my experience and gradually shifted my career toward software development project management. After completing some large enterprise projects, I saw that information security was becoming more crucial and so I sought out more opportunities that would take my career toward the cyber security discipline.

Please describe cyber security and what your company does for someone who may not be familiar with the field.

To boil it down to its most basic essence, cyber security is the protection of data. All the processes, technologies, and people involved are all concerned with confidentiality, integrity and availability of that data.

Our company, secureHIM, is a security consulting and education company. We provide cyber security training for clients on topics such as data privacy and how to minimize the risk of data breaches. To facilitate these services, secureHIM has partnered with the Information Institute and its founder Dr. Gurpreet Dhillion. This partnership provides an accredited information and security framework for these programs.

Our consulting programs include security program evaluation, HIPAA & HITECH security assessments, strategic social media programs, and IT security planning services.

What is the most exciting thing about the work you do? Or the most rewarding?

Developing and delivering security training programs for companies are two areas that are the most exciting for me. I really enjoy interacting with folks and providing some great material that can be interesting, helpful, and contribute a great deal to the security of their company.

The other area that is most exciting for me is incident response. While stressful, there is a thrill of tracking down the origins of a phishing attempt or successful malware infection and then crafting the appropriate solution to protect against such an incursion in the future.

Can you tell us about your different roles in the IT industry (security consultant, risk consultant, author, trainer, voice in social media)?

I’ve held quite a few different roles in the IT & Security Industry. I’ll list a few of these below:

Security Consultant – I have provided security consulting services for around 15 years across multiple industries (Financial, Healthcare, Government, etc.). Projects I have led include Data Loss Prevention (DLP), endpoint encryption, intrusion detection/prevention, risk assessments, and data breach response.

Risk Consultant – As part of my security consulting practice, I have provided a wide assortment of risk consulting services, primarily in risk assessments. These assessments include HIPAA, HITECH, application security, and enterprise security environment.

Author – I have a significant body of published work across various publications, including a recent article about the Affordable Care Act in Social Work Today.

Trainer – I am an eLearning expert with dozens of online courses/webinars in my portfolio. I have provided these services for ExecSense/Financial Times, AtTask, Medical Practice Trends, and in person at various enterprises.

Social Media – I am an active participant in social media and I also provide security services for enterprise social media programs. I have spoken at national conferences on the topic of social media and I have designed several social media campaigns for regional companies.

How has your entrepreneurial spirit been a benefit to you in the cyber security field?

The drive to take a concept and create a viable business around it is very beneficial in several ways. It forces you to keep on top of your industry. You have to continuously educate yourself to ensure you have not missed a crucial opportunity or made potentially damaging missteps. 

It also provides a healthy reality check regarding business realities and forces a person who is oriented toward technology to manage the day to day operations of a business. This is invaluable experience and a definite step outside of the comfort zone of a typical technologist.

What are some of the key points you emphasize when training a company on risk, compliance, and security? What are some of the challenges of the profession?

Key points on Risk:

  1. Effective enterprise risk management requires a certain level of corporate maturity. This entails a managed and supported governance program.
  2. The concept of risk management itself must be driven from the executive suite with full support of those executives.
  3. With a new risk program, start small. Track no more than 10 critical business processes (KPI). Attach a Key Risk Indicator (KRI) to each.
  4. Risks must have executive oversight and business ownership.
  5. There is no technological silver bullet for managing risk.

Key points on Compliance:

  1. An effective compliance program is a component of a robust Governance, Risk, and Compliance initiative. This relies on a level of corporate maturity and support from the executive suite.
  2. The regulatory burden on multiple industries is continuously increasing. An enterprise needs to be educated on its local, state, and federal regulatory burden to ensure its program is covering its exposure.
  3. Beware of compliance by “checklist.” A checkbox compliance program may be tempting but many industry regulatory frameworks are incomplete or vague, which could lead to missing key risks. PCI compliance can be a good example of compliance by “checklist.”

Key points on Security:

  1. Security must become more of a priority at the executive level. Even with the latest breaches, corporate leadership mostly considers cyber security as a necessary evil with appropriate funding and visibility to match.
  2. The most unsophisticated security solutions still provide the most bang for the buck. These include patching your servers and endpoints, training your users on security risks, standard, updated antivirus/antimalware protection on servers and endpoints.
  3. Consider that nearly all of the recent major breaches have begun with a phishing campaign that lead to accounts becoming compromised and eventually stolen data.
  4. Monitor the tools you do have in place. All of the security solutions in the world will not protect you if they are not managed and monitored. Trained staff interpreting the data that is received by these solutions is very critical.

Challenges of the Security Profession:

  1. Staying current on the latest technologies, threats, and regulations is quite difficult. It requires continuous education.
  2. Communicating the need for training to leadership. Training in the enterprise today is not a priority for most companies. I have consulted for quite a few who do not invest at all in their employee’s ongoing education.
  3. Communicating the importance of security to leadership. It is an unfortunate reality that the security team of most companies becomes involved in a project near its completion when a security issue occurs. Proactive information security involvement in the enterprise is still in its infancy.

Companies from varying industries are desperately trying to safeguard their information from being hacked. What are some principle practices that you emphasize to companies trying to maintain security?

When considering your security program, remember it is about protecting the enterprise data. Data is the new currency and is increasingly important to the enterprise. In some industries, the protection of data has added federal mandates, such as healthcare Protected Health Information (PHI).

When protecting your data, review the Data CIA model. This stands for Confidentiality, Integrity and Availability.  Is you data confidential to unauthorized users? Do you know who has accessed, changed, or copied your data (integrity)? Can your data be accessed by authorized users when appropriate (availability)?

How has the cyber security field changed since you entered it?

The security field has changed tremendously since I first entered it in the 1990s. At that time, decent virus scanning tools, patching endpoints/servers when necessary, and a firewall were considered a viable security program. Security was usually an activity underneath the IT department that was managed by system administrator on an “as needed” basis.

Fast forward to today and the pace of security has become frenetic. New threats arise constantly and staying ahead of the curve is nearly impossible. In many cases, cyber security is still a subcomponent of information technology, but that is changing quickly. The basics of security still apply. Patching, monitoring, endpoint and server protection, employee training etc. are very critical.

The biggest change has been the arrival of consumer technologies into the enterprise (Consumerization). Gone are the days of corporate Blackberries, laptops, and desktops being the only devices an employee uses to access corporate information. Now a plethora of iDevices, Androids, and other mobile devices have knocked down the enterprise technology barriers. Managing how data is accessed, stored, and transmitted on these devices is one of the largest security challenges for security departments today.

Security has gone from the moat, drawbridge, and castle model to building a multiple secure perimeters around crucial pieces of corporate data. 

Do you think it’s an ideal time to go into IT or to become an IT specialist, and if so, why?

I believe it is a viable career choice with some caveats. You must realize that IT has been the target of downsizing, right-sizing, outsourcing, whatever euphemism you want to call it for over twenty years. You must be very flexible in your IT career and constantly aware of what trends are impacting the profession. Information security is relatively hot at the moment, but that could change quickly. Be prepared to shift your direction in your career and always have a few other IT skills you can fall back on.

Which skills do you think are necessary for pursuing a career in IT and cyber security?

General skills that may serve you well in IT and security:

  1. The ability to learn quickly
  2. Ability to troubleshoot problems while drawing on multiple sources of information
  3. Ability to embrace change
  4. The ability to communicate technical concepts to business users so they can make the appropriate decisions
  5. A love of technology

Valuable technical skills would be:

  1. Operating Systems
  2. Networking
  3. Servers
  4. Storage
  5. Virtual Machines
  6. Software Architecture

What advice do you have for students pursuing a degree in IT or cyber security? How can students prepare themselves for the challenges?

To prepare for the pursuit of an IT or cyber security degree, I would earn an industry certification or two. Take a look at the various CompTIA certifications and see what fits your interest. They may be valuable for your resume but there is no replacement for experience. Experience in the industry will give you the best feel for what to expect in a degree program. Internships may be abundant for IT and security, so seek them out at your university. 

The experts interviewed for this article may be compensated to provide opinions on products, services, websites and various other topics. Even though the expert may receive compensation for this interview, the views, opinions, and positions expressed by the expert are his or hers alone, are not endorsed by, and do not necessarily reflect the views, opinions, and positions of EducationDynamics, LLC. EducationDynamics, LLC make no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in or resulting from this information or any losses or damages arising from its display or use.

Financial Aid Info

Cyber Security Career

Posted on by Venessa Regali

Interview with Doug Landoll: Navigating A Cyber Security Career

Amidst the era of digitization, where reports of cyber security breaches make frequent headlines, Doug Landoll has consistently maintained a proactive stance. Functioning as an authority in security risk evaluation and serving as the Chief Executive Officer of a firm specializing in information security, Landoll boasts a wealth of years spent acclimatizing to the dynamic shifts within the realm of IT. This encompasses the diverse array of perils that loom over digital data, spanning the domains of public and private information alike.

Cyber Security Career | Doug Landoll

Fueled by a passion for engaging with computers, Landoll achieved his Bachelor of Science degree in computer science from James Madison University. Subsequently, he pursued his executive Masters of Business Administration (MBA) from the esteemed Red McCombs School of Business at the University of Texas in Austin. Alongside his academic accomplishments, Landoll obtained certification as a CISSP (Certified Information Security Professional), a premier credential within the information security arena.

Over the passage of time, Doug Landoll’s professional journey encompassed diverse roles within multiple companies. These ranged from serving as a Trusted Product Evaluator at the National Security Agency, to assuming the mantle of Practice Director of Risk & Compliance Management at an enterprise specializing in information security, and culminated in the establishment of Lantego—a firm comprising adept professionals in information security compliance—with Landoll at its helm as CEO. He crafted a comprehensive handbook for security risk assessment, a vital resource embraced by IT practitioners and learners alike. Owing to his extensive expertise, he has earned prominence in numerous publications addressing information security subjects, and he frequently delivers talks at prominent IT conferences such as the recent Information Systems Audit and Control Association conference.

Read our full interview with Doug Landoll to find out how he got into IT and the field of cyber security and how the navigates the ever-developing challenges of the digital age.

Tell us more about your background and education. What led you to work in IT and cyber security? 

I always loved working with computers and enjoyed the mathematics background and analytical aspect of it all, but I never really enjoyed programming. Back when I went to school, programming seemed to be the only option in the field. Somehow I just knew I would find something in this field so I kept on with my education. A BS in Computer Science allowed me to pursue work in this field and discover that there were a wide variety of positions. I was introduced to the field of computer security (which I really did not know existed) when the intelligence community recruited me in my senior year of college. Once I caught that bug, I have never looked back. I love this field of study.

Did you hold any past positions that have played a significant role in where you are today?

I held several positions that influenced where I am today. I led several technical teams while serving in the intelligence community, analyzing security vulnerabilities of commercial systems. I led consulting practices within large organizations and grew them with additional services and members. But the most rewarding and influential positions I have held is founding and running my own company. I have done this four times now: founding, growing, and eventually selling information security consulting practices. I now enjoy working for myself and concentrating on information security risk assessments, policy development, and the education of others pursuing a career in information security.

Please describe cyber security and what your company, Lantego, does for someone who’s unfamiliar with the field.

Cyber security can be thought in two distinct missions: Builders and Busters. Builders design, assemble, configure, and operate secure networks and applications. Their job is to ensure that they create the most resilient and secure systems to protect an organization’s assets with the resources they have. Busters review, assess, and test these systems looking for any design, implementation, or operational flaws or vulnerabilities in the system. Their job is to find these vulnerabilities, prioritize them, and suggest how to fix them in the most efficient and effective way possible.

Lantego specializes in assessments. Gap assessments are a review of the current security controls with respect to an industry standard such as HIPAA (Health Insurance Portability and Accountability Act) security and privacy or the Payment Card Industry Data Security Standard (PCI DSS). Security risk assessments go one step farther and assess the likelihood that vulnerability could be exploited and the impact it would have on the organization. This allows us to prioritize our findings. Lantego also develops information security policies and processes for state agencies and commercial organizations when they are lacking appropriate administrative controls. Many organizations seek independent consultants for assessments and policy development because of the need for an independent review and the lack of specialized resources to create policy.

What keeps you excited and interested in the work you do?

I keep excited about my work because there is always something new to work on. Last year, I rewrote the information security policy set for the State of Arizona and worked directly with the State CIO (chief information officer) and State CISO (Chief Information Security Officer) in a project that affected all 145+ agencies in the state. At the same time, I performed HIPAA security risk assessments for hospitals in Virginia, resourcePageQuoteTennessee, Texas, and Arizona. The variety of environments, business models, system implementation, and security requirements keeps me on my toes and the work always interesting.

Expand on your different roles in the IT industry (risk assessment expert, author, voice in social media).

One of the most influential efforts I ever pursued in the writing of my first book: The Security Risk Assessment Handbook. I knew a lot about risk assessments at the time but the research I did to create a textbook expanded my knowledge beyond what I would have ever received from simply performing the risk assessments.

As a recognized expert on security risk assessments, I am able to provide some insight on the process, the state of security in the industry, and how we can continue to improve our security postures as the threat environment continues to mature. Just as regulations and threats continue to evolve so too does my own risk assessment process every time I perform another risk assessment.

I share my thoughts, findings, and experiences through social media and conferences. As a profession, it is important that we share our experiences and continue to mature our tools and processes to secure the infrastructure that protects data assets.

Is your book, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, used for students pursuing an IT degree? If so, what information do they find most helpful?

My book was written specifically for the practitioner. Anyone who intends to understand how to perform an information security risk assessment (or even use the results of one) will gain a practical understanding of how to conduct a complete assessment. The book is used in many colleges and universities as either required or supplemental reading. What the student will gain is practical advice on how to actually perform an information security risk assessment. Most students are surprised by the detail of instruction in the book. I wrote the book because there was no such instruction available elsewhere.

How has your entrepreneurial spirit helped you become an expert in the cyber security field?

My entrepreneurial spirit has allowed me to pursue business plans and offer information security services that my previous employers or “the big guys” did not see coming or did not see enough profit in. I am able to create new services quickly and effectively when I see a potential need. For example, last year I created a new class on the NIST Cyber Security Framework to coincide with NIST’s release of this new framework. I was able to gain several new clients who quickly adopted the standard and were unable to find training anywhere else.

I am also able to specialize in areas that I feel are most needed and underserved. For example, this year I launched my “Black Diamond Initiative”. This is what I call expert-only services. Most organizations have the expertise in-house to develop and deliver most of their information security program elements… with two notable exceptions. The first exception is an objective and independent review of the controls they put in place (i.e., an information security risk assessment). The second exception is education and training. When organizations reach out to consultancies for either an assessment or certification training the most important element is the expertise of the actual consultant that gets assigned. Assessing risk or educating your people is no place to cut corners, so organizations should demand an expert – that’s what Lantego delivers. We only provide experts in the field (i.e., someone who has performed scores of risk assessments or trained thousands of CISSP candidates).

What do you find are the most challenging aspects of cyber security as a field?

Keeping up with changes. No one can be an expert in the entire field of information security. You need to pick your areas of expertise and then be diligent about keeping up. There is always a new tool, regulation, technique, breach, conference, or threat that your customers expect you not only to know about but to have an opinion and a solution.

Has the field of cyber security field changed since you entered it? If so, how?

The field has expanded greatly and will continue to do so for the foreseeable future. It used to be that we all considered ourselves information security engineers. Now we are clearly divided as builders or busters, and then again in many different specialties such as forensics, web application code review, regulation compliance, and many more. The good news is that there is a lot of discovery yet to happen and this is a very exciting field.

In your opinion, is it an ideal time to go into IT or to become an IT specialist, and if so, why?

There are many types of jobs in both IT and IT specialties. If you have a desire to learn and push yourself, and if the thought of your field constantly expanding excites you, then I would advise you to pursue a specialty. It is not for everyone but for those that truly enjoy the challenge, you will find a career you truly enjoy.

Which skills do you think a person should build if they want to pursue a career in IT and cyber security?

Inherent skills include a thirst for knowledge, a desire to solve puzzles, and an analytical mind. If you have those, then throw yourself into the study of the basics: computer science, data analysis, programming, system design, privacy and security law. Once you understand the basics, pursue a position in a large company that allows you the freedom of lateral movement and encourages you to try new things. Pay attention to your interests and seek out experts. Let them know that you want to learn more about what they do. Continue this until you find your own special interest and then dig in.

What advice would you give to students pursuing a degree in IT or cyber security? How can students prepare themselves for the challenges?

Get involved in the cyber security community early. Many organizations such as ISSA (Information Systems Security Association), ISACA (Information Systems Audit and Control Association), and ISC2 (International Information Systems Security Certification Consortium) have student chapters; most security conferences have student rates and potentially even scholarships for qualified students. Attend meetings, go to conferences, even submit a paper. The earlier you get involved, the sooner you will be exposed to those areas that excite you and network with those that can help your career.

The experts interviewed for this article may be compensated to provide opinions on products, services, websites and various other topics. Even though the expert may receive compensation for this interview, the views, opinions, and positions expressed by the expert are his or hers alone, are not endorsed by, and do not necessarily reflect the views, opinions, and positions of EducationDynamics, LLC. EducationDynamics, LLC make no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in or resulting from this information or any losses or damages arising from its display or use.

Financial Aid Info

© Education Connection 2024. All Rights Reserved.

*https://nces.ed.gov/programs/digest/d20/tables/dt20_311.15.asp

Sources for school statistics is the U.S. Department of Education’s National Center for Education Statistics.

Disclosure: EducationDynamics receives compensation for the featured schools on our websites (see “Sponsored Schools” or “Sponsored Listings” or “Sponsored Results”).  So what does this mean for you? Compensation may impact where the Sponsored Schools appear on our websites, including whether they appear as a match through our education matching services tool, the order in which they appear in a listing, and/or their ranking.  Our websites do not provide, nor are they intended to provide, a comprehensive list of all schools (a) in the United States (b) located in a specific geographic area or (c) that offer a particular program of study.  By providing information or agreeing to be contacted by a Sponsored School, you are in no way obligated to apply to or enroll with the school.

This is an offer for educational opportunities, not an offer for nor a guarantee of employment. Students should consult with a representative from the school they select to learn more about career opportunities in that field. Program outcomes vary according to each institution’s specific program curriculum. Financial aid may be available to those who qualify. The financial aid information on this site is for informational and research purposes only and is not an assurance of financial aid.

1 You must apply for a new loan each school year. This approval percentage is based on students with a Sallie Mae undergraduate loan in the 2018/19 school year who were approved when they returned in 2019/20. It does not include the denied applications of students who were ultimately approved in 2019/20.

2 This promotional benefit is provided at no cost to borrowers with new loans that disburse between May 1, 2021 and April 30, 2022. Borrowers are not eligible to activate the benefit until July 1, 2021. Borrowers who reside in, attend school in, or borrow for a student attending school in Maine are not eligible for this benefit. Chegg Study® offers expert Q&A where students can submit up to 20 questions per month. No cash value. Terms and Conditions apply. Please visit http://www.chegg.com/legal/smtermsandconditions for complete details. This offer expires one year after issuance.

×

Sponsored Meaning Explained