From Army Brigade to Cyber Brigade: My Uncommon Path to a Career in Cybercrime-Fighting
I fell into cybersecurity, thanks to an old email I found when cleaning out my inbox. Now when I look back at where my life was going, acting on that email was one of the best decisions I’ve ever made.
I joined the Army National Guard in 2013 as a radio communications and security repair technician. I didn’t know what that meant when I signed up, and it turned out that I got to do pretty cool hands-on work with electronics. But when I tried to transfer those skills to civilian life, I found they weren’t so transferable. There were manual jobs digging tunnels for communications equipment, and some positions with Homeland Security overseas that sounded interesting.
But those weren’t possible for me: I had a baby boy last year. So I found myself waitressing, serving with the National Guard one weekend a month, and trying to complete my bachelor’s degree in public relations. I knew once I graduated I’d be making an entry-level salary in PR for a while.
I also knew I wouldn’t be able to support my family on that salary plus military pay, but I had no idea what to do instead.
Then one night when I was cleaning out my inbox, I found an email about Per Scholas: a non-profit partner of the Symantec Cyber Career Connection (SC3) program that trains people for careers in IT and cybersecurity fields at no cost.
I knew absolutely nothing about cybersecurity, but I figured: Why not give it a chance?
I applied and was accepted, and I spent eight weeks learning all about IT, software, and mobile networks. By the time I completed the program, I had already secured a job with Capital One, another non-profit partner of Per Scholas, as an associate member of Cybersecurity Resilience Strategy in Capital One’s Information Security Risk Management division.
This opportunity has completely changed my life. I think cybersecurity is a great opportunity for people like me who are seeking direction. Even if it’s not the career for you, the state of cybersecurity demands that every person takes an active role in protecting their information and their company’s data.
Security of an organization begins with the individual
I n my role at Capital One I learned very quickly that in cybersecurity, just like in the military, everybody is important to the mission. One of the things I’m working on right now is organizing teams to make sure the right people are sitting next to each other so they can collaborate easily without putting data at risk. We need to share information in this job, but the most important thing is to protect our customers’ financial data from constant attempted attacks by external forces who want that information.
So how do you share that in a secure way? It’s not always highly technical. It starts with very basic, everyday practices — like, you don’t click on links in emails. You don’t write down passwords on a Post-It and stick it to your desk where someone might see it. Being freshly trained at Per Scholas, those were the things first taught to me.
It’s easy to get lax in the busy pace of office life. In banking, we have very strict policies on how we create and store documents and how we treat our work devices. So when you walk away from your desk at work it is imperative that you have to lock your screen.
But it’s easy to slip up. You don’t even think about putting data at risk, you just want to get something and so you get up and leave your screen unlocked. I did it one day and my manager called me out. It didn’t matter that I was two steps away. I learned a big lesson that day — my team and I need to set an example with good practices.
Basic protection is as simple as that. When people hear about cybersecurity, they imagine some guy in the movies typing on a computer with black gloves. They see it as something that can’t happen to them. But no one is an exception.
Everyone is at risk of getting hacked — but everyone also has the opportunity to be part of the solution.
You don’t always need a computer science degree
I t sounds trite, but honestly, if I can do this, you can too. I am not an engineer. I work with other people who are not engineers. Then we have people who studied computer science, but they also studied policy. Or people who majored in communications.
You don’t have to be the kid who was hacking his parents’ network at age 5. If you’re someone who is observant, who can understand what you’re seeing and communicate that clearly to your managers and colleagues, you can work in cybersecurity. If you have a vision — if you’re able to see things as how they can be, versus how they are now — you can work in cybersecurity. The field needs out-of-the-box thinkers because there is so much innovation, so much constant change, and so many different ways to fix a technical problem.
If you’re looking for an entry-level way to start, just get started. Find a program like Per Scholas. Work toward understanding cybersecurity, or even just understanding IT. People are intimidated by computers, but your computer is only as smart as you are.
An industry of opportunity
I ’m not sure exactly how the cybersecurity industry will look in the future, but the opportunities for someone like me seem endless. I’m on the strategy and business side now, but that doesn’t mean I can’t get to a technical position if I want to. I can take this wherever I want it to go, and I know other people could benefit from that kind of freedom too.
I see there is a need for individuals who are able to speak to cybersecurity issues in a way that is clear to people who may not fully understand it themselves. Every individual at a company or organization plays a role in security, so we need people who can communicate that importance. That’s where I see myself.
I’m turning my personal mission from being a part of an army engineering brigade into a cybersecurity brigade.
Illustrations credit: Cal Tabuena-Frolli