Breaking into the field of cybersecurity can be daunting. Likewise, the difficult decision of whether to follow a technical or management and policy route is, perhaps, equally overwhelming. Choosing the right path, said a trio of former University of Maryland Global Campus students, often depends on one’s academic and professional goals.
UMGC graduates Jordan Bennet, Kimberly Mentzell and Tony Punturiero, were panelists in a late October webinar moderated by Dianne O’Grady-Cunniff, director of the Maryland Center for Computing Education. The webinar was part of the university’s discussion series in observance of National Cybersecurity Awareness Month.
The three shared their practical experiences in achieving their career aspirations and agreed that there are many paths to a cybersecurity career. But, they said, the recipe for cyber career success usually includes the combination of early experiences and influencers, continual learning and a passion for the discipline.
Bennet, who earned his bachelor’s in computer science at UMGC, said he was always a tinkerer with computers and cars, and his interest in IT rose out of those early experiences, He was introduced to cybersecurity through the military, which he described as a viable path to a cybersecurity career.
“My first cyber experience was with the Navy through a six-month training pipeline,” said Bennet, who now serves as a cryptologic technician with the U.S. Navy Reserves.
Kimberly Mentzell, a teacher at Frederick Community College and the Frederick County Career and Technology Center (CTC) High School in Frederick, Maryland, began her path to cybersecurity when it was an emerging field. So, she said her career choices led her there naturally.
“When I started out, cybersecurity wasn’t a big area, so I ended up working first as a programmer and then got into education,” said Mentzell, who is working on her third master’s degree at UMGC. “I had the opportunity to take on a position as a network administrator and then as an IT manager. Then when I came to Frederick County Public Schools, I started off doing more networking, and transitioned into cybersecurity.”
Tony Punturiero, community manager for Offensive Security, a company focused on information security, penetration testing and digital forensics, said he got his start in high school, through course offerings. “As a senior in high school, I took a security course and then became more passionate about cybersecurity and information security,” he said. “I built on the skills I acquired in high school and then gained more skills in college and through certifications as well.”
When he entered college, Punturiero said those early interests coalesced into “a desire to do something bigger than myself. I didn’t know for sure if that would be cybersecurity, but fortunately, I had an uncle in the field who encouraged me to take that path.”
The three panelists agreed that combating an ever-changing threat landscape requires continual learning, that learning does not necessarily have to come through certifications.
“You can’t just learn a set of skills and then put them on the shelf. New things are coming out every day, just as new attacks are coming out every day,” said Mentzell.
“You’re always learning something new, whether you’re on the job or taking the time to research and learn from the community.” Said Punturiero.
More specifically, Bennett stressed that newcomers to cybersecurity learn Linux above all other languages. “Linux is always a good starting point,” he advised.
Additionally, all agreed, while grades matter, experience is what really carries the day. They offered tips for those wondering how they can gain experience and differentiate themselves from others when they are starting out in the cybersecurity field.
Mentzell said one way is to show recruiters that you are passionate about cybersecurity. “When you speak with an interviewer, especially when you’re starting out, talk about tinkering in your home lab. Demonstrate that you have the drive and interest because they can take you and then mold you,” she said.
Putuniero said he gained his early experience as a member of the UMGC cybersecurity competition team. In fact, he got his first job working as a cyber systems engineer after being recruited out of a cyber competition.
“Cyber competitions offer challenges that are based on what you would see in the real world,” he said. “Competing with other people and working together as a team with all the different experiences will help you gain the real-world experience that employers are looking for.”
“It’s kind of like sports . . . you go to a football game and recruiters are there looking for the best players,” Mentzell added.
Finally, the panelists stressed the importance of certifications in a cybersecurity career. However, Putuniero advised, there is no certification “gold standard” across cybersecurity fields. So, earning the “right” certification depends on the cyber area selected and the cyber tasks performed.
“Whatever that area is will determine the certification you’re going to need to do your job right,” he said.
“Often, a certification will get you in the door for an interview, but what you actually know will get you the job,” said Mentzell. All things being equal, she added, if a manager has five resumes for one job that are fairly equal in terms of education background and experience, the person with the certification might see their resume rise to the top of the stack.