What to do after high school? College, technical school, a gap year, or just find a job? As an SSFS junior, these ideas and next moves dominate my thoughts daily. Which major is best suited for a self-prescribed ‘computer geek’ who enjoys coding, gaming, and all things technology?  Based on a cursory review of computer careers, one area is experiencing phenomenal growth and increased earning potential: computer cybersecurity. The need for quality cyber security professionals dominates the computer landscape worldwide.

Did you know…

1. A cyber attack is launched every minute?
2. New hackers are ‘born’ every hour?
3. Cyber attacks or hacks cost the general public hundreds of millions of dollars in losses (loss revenue and goods)?
4. Cyber crimes (think ‘Ransomware’, or identity theft) have increased more than 100% since 2013?

A cyber security attack has the ability to cripple a company, government, or institution’s infrastructure. Most recently in the U.S election, hackers have been implicated in ‘influencing’ the last presidential election. Can you say, Russian hackers? There is a critical need to fill thousands of open cyber security positions with qualified personnel in the next five to ten years.  As such the U.S government, specifically the Department of Defense, has increased their information technology budget towards creating capable cyber security specialists. How are they accomplishing this objective? The Defense industry has funded STEM programs and competitions for students at various academic levels and provided access to advanced technology equipment at the post-secondary level.

Personally, I have benefited from these programs by attending several summer cybersecurity camps for years. One camp stands out in my mind: the advanced cyber security class at Marymount University. At Marymount, we were exposed to and utilized the most advanced cyber security within the DOD (Department of Defense). A few of the classes were taught by current and former DOD personnel and were fun and informative all at the same time. I gained a lot of knowledge into the intricacies of how one defends a network and how one can exploit a network’s vulnerabilities.

Recently, I had the opportunity to interview and speak with industry experts in the cyber security field. These security professionals work for one of the largest DOD contractors to the U.S. government. The questions that I posed to them centered around working conditions, how to enter the field, and what a typical day looks like.

Q1: How did you get started in the computer field as a Cybersecurity Specialist?

Cyber Expert 2: “I was hardware and software programmer when my position was eliminated, so the company put me into the security group.”

Q2: How many years of education does/did it take for you to enter this field?

Cyber Expert 1: “I would say that most companies would probably require a college degree, but it does not necessarily have to be a degree in a security-related field. My undergraduate degree was in Information Systems Management, which was focused on information technology in general. I think what prepared me most for my position was the experience I gained over the years through my student IT jobs and eventually full time IT work.”

Q3: Were there any special course(s) that you took in college or technical school that you feel prepared you for your position today?  

Cyber Expert 2: “Initially I just did OTJ (on the job) training and learned as much as I could from my mentor.  I started to read up on my own for 3 years to get a certificate (CISSP). I got a few other certs too. I then followed up at UMUC in cybersecurity with a BS degree.”

Q4: Have you dealt with security breaches/issues? How and when did you know there was an issue(s)? What alerted you or your Team that an issue had occurred or was occurring?

Cyber Expert 2: “Yes. Usually a user alerts us to something not right.  Sometimes random inspections reveal nefarious things. Many times the Department of Homeland Security alerts us to an active threat.”

Cyber Expert 1: “Yes, I have dealt with many security issues in my current position. Most of them are day-to-day investigations to find out who might have downloaded a malicious file and verify that it was stopped by our antivirus solution. Other more serious events, such as ransomware events, are more involved. Those types of events require coordinating with different teams to ensure the source system is identified and isolated to prevent further damage. After the threat is stopped, there is more investigation that must be performed to identify how the malware came into the environment. At the end of the incident, we would also get together to see what actions could be taken to prevent future events like this.”

Q5: Are you able to disclose one or two prevention techniques you use to prevent attacks or breaches?

Cyber Expert 2: “Security 101 tells the users not to click on links, or attachments from unknown sources, and to carefully look at the email addresses that come to them.  Delete suspicious emails. Keep your antivirus up to date and install security patches when the vendor releases them.”

Cyber Expert 1: “End user security awareness would be the best prevention technique. This is because they are the primary targets of malicious attack attempts. If a piece of malicious code makes it through to the end user and they infect themselves, then the malicious process could have access to internal resources. The users must be aware not to download unknown software or email attachments because the security protection tools that are in place might not be able to catch everything malicious that comes into the environment.”

Q6: Do you think that most people outside of the computer profession take computer security measures seriously? No. If not, Why not?  

Cyber Expert 1: “No, I think most people outside the computer profession don’t even put a lot of thought into security. I think it’s because increased security often can make things harder to access or less convenient. Take for example someone that uses Gmail. There is an option to enable two-factor authentication, which can help reduce the chance of someone hacking into your account. People might not turn this option on because it would slow down their login or even prevent them from logging in from a new device. However, in the event that the user is targeted for an unauthorized access attempt, it could prevent it from happening.”

Q7: How relevant is cybersecurity to the general public?

Cyber Expert 2: “It’s very important.  Identity theft can ruin your life.”

Cyber Expert 1: “It’s more relevant than ever. Technology continues to move at a fast pace and as new services and devices are developed, they must be secured to prevent security breaches. People must be aware on what data can be generated by these technologies so they can make appropriate decisions on whether to use it. Examples like choosing what you share on social media because how companies might handle or share the data. Or smart home devices like Amazon Alexa, which are constantly listening. If the devices are not properly secured, someone might be able to listen in without the user’s knowledge.”

Q8: Do you have any words of wisdom for high school students that are looking to enter this field?

Cyber Expert 2: “UMUC Cyber Security Program is excellent. I highly recommend it.”

Cyber Expert 1: “I would say that if this field interests you, try to get exposed to as many things as possible because that might give you insight as to what area you might want to get into or not. You have many more resources available than when I was in high school. Monitoring the news for security news, listen to technology related podcasts or YouTube channels to see what might interest you.“

Giovanny Morales, CISSP

Pamela Austrich, CISSP

Resources:

https://www.us-cert.gov/ncas/alerts/TA18-074A

https://adastra.fit.edu/blog/floridatechbound/5-reasons-cybersecurity-industry-growth/

https://lifehacker.com/how-to-secure-your-accounts-after-the-massive-collectio-1831835847

https://dodstem.us/stem-programs/programs