“Basic certifications are important to get out of the gate, but hands-on experience goes a long way toward opening doors,” said Mike Janke, master of ceremonies for “Decoding Your Cyber Career,” a networking and informational event held on October 2 at the Robert and Eleanor Romadka College Center on the Essex campus of the Community College of Baltimore (CCBC).
Co-hosted by University of Maryland Global Campus (UMGC) and CCBC, this year’s event engaged participants through a hands-on, capture-the-flag cyber challenge, invaluable networking opportunities and the seasoned advice of professionals in the field. All offerings were aimed at helping those in the audience—including current UMGC and CCBC students, professionals seeking a career change, and a small number of career-focused high school students—to map out the best path toward a successful career in cybersecurity.
Opening remarks by Janke, a seasoned cyber entrepreneur and co-founder and board member of DataTribe, followed by a keynote conversation with Matt Dunlop, vice president and CISO of Under Armour, and a Q & A session with a panel of former students and human resources professionals set the stage for an informative and insightful evening.
Janke kicked things off by providing a 30,000-foot view of the local cyber industry, emphasizing the robustness of the cybersecurity job market in the DC area. “There are so many unfilled cyber jobs in Maryland and Virginia combined, 20,000 in all,” he said. Janke added that Maryland is the No. 1 cyber location in the world, by population of cybersecurity-trained engineers. In fact, Janke noted that Maryland passed California in advanced cyber engineer degrees in 2018. “The bottom line is that Maryland is the cybersecurity hub, both for government and commercial enterprises,” he said.
Janke also noted a shift over the last six to seven years, whereby most chief information security officers (CISOs) now have some form of government experience. Why? “Today, most hacking comes from nation states, not some kid in his basement,” he said. “Corporations need nation-state experience because our adversaries have changed.
Keynote speaker Matt Dunlop exemplifies this shift, having come from a military and national security background where he directed offensive and defensive teams before arriving at Under Armour as its CISO.
Dunlop echoed Janke’s point about the trend of people with a government background moving into the commercial space. Particularly with the military, “you have built-in leadership and familiarity with today’s nation-state threat landscape,” he said.
In any enterprise, though, it is most likely the end-user who poses the biggest threat. “End-user error is a systemic problem across the country,” Dunlop said. “Everyone touches technology, yet we don’t train our users.” To mitigate this threat, Dunlop goes beyond the typical corporate cybersecurity checklist to offer a monthly, targeted five-minute focused training. Also, he assigns a portion of his team to work with individual business units to offer cybersecurity lunch-and-learn deep dives on identifying attacks, better cyber hygiene and other relevant security dos and don’ts.
The evening concluded with a panel of local employers, current students and recent graduates who offered their personal insights into what employers are looking for, the value of internships and the varying paths to a successful cybersecurity career.
As an employer, Theresa Allison, senior cybersecurity policy, risk and compliance consultant at Booz Allen Hamilton, said that clearances, technical skills, and certifications top her list of what she’s looking for in a candidate. But she also emphasized the importance of critical thinking.
“In a consulting environment, the client hires us because they have a problem they can’t solve,” she said. “You need good problem-solving skills to create a solution for them.”
Michael Brown of Exelon Corporation offered a real-life example of a career changer’s path to success. Pointing to a fellow panelist and recent CCBC graduate, Brown said, “We actually have someone who initially received a degree in bioscience, but then went to CCBC for hands-on cybersecurity experience, received an internship at Exelon and then was hired based on his basic knowledge and good communications skills.”
Ultimately, all agreed that beyond skills and certifications a passion for learning is of paramount importance to career success. Anyone can make the transition from non-cyber to cyber and, in fact, many jobs are non-skills based, such as cyber law, cyberethics, compliance and forensics. But your desire to gain the necessary experience and credentials is vital.