A career in cybersecurity is dynamic and fast-paced; it is also rapidly changing and rewarding. But, what does it take to get into cybersecurity? Nina Amla, Program Manager in Computer and Information Science and Engineering (CISE) at the National Science Foundation, stressed that to be successful in cybersecurity one must keep learning to stay up to date on emerging areas in the field because cyberspace is constantly evolving. The reward for this hard work is being in an intellectually challenging and highly rewarding career. A career in cybersecurity is not just for those with a background in computer science. There is a need for people with skills in many areas including behavioral and cognitive sciences, economics, education, engineering, human-centered computing, law, mathematics, social science, and statistics. This is because cyberspace is a complex ecosystem that involves computer hardware, software, networks, data, and people all integrated with the physical world. Nina began in engineering and continued her studies in computer science on a formal technique called model checking, which checks whether a system satisfies a property. Model checking is now widely used in verification of software, hardware and networks. Over the years, Nina realized that formal methods are a tool that can be used to ensure the safety and security of computing systems.

Nina pointed out that as her work in cyberspace has progressed, she has taken a holistic approach to cybersecurity by understanding the role people play in cyberspace and educating others on good cyber hygiene. Nina suggested students investigate the programs available for students at all levels, as cybersecurity is rewarding for a number of reasons. Not only does it pay very well and many opportunities are available, but also it is an intellectually exciting career path to ensure trust in cyberspace. Moreover, she noted that people in this field keep society safe and contribute to national security and economic prosperity.

As one of the early pioneers in cybersecurity, Victor Piotrowski studied the very first computer worm that spread via the internet ­ the 1988 Morris worm. This worm could infect 2000 computers in 15 hours rendering them useless. Back then, internet protocols were pretty insecure. Victor discovered hidden directories  with stolen information on the networks of the university where he worked. A talk Victor gave in 1995 titled “www: Wild Wild Web” highlighted that at the time law enforcement had not become involved with internet activities.

Twenty-five years is a relatively short time for a career field to evolve, which is why cybersecurity is one of the youngest and fastest growing professions. Victor pointed out that securing cyberspace requires addressing both scientific and engineering challenges as well as vulnerabilities that are caused by human behaviors and choices. This is why cybersecurity is a multidisciplinary field combining social, behavioral, and economic sciences with mathematics, computing, engineering, and business. Expertise in business, health, and law play a role as there is a human-related layer in cybersecurity.

When asked what skills helped in his cybersecurity career, Victor gave a quote from Lewis Carroll’s Alice in Wonderland: “My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that.” In other words, cybersecurity requires life-long learning and adaptation to new environments because the field is rapidly changing. Genuine interest, passion, and adaptability – are critical in this fast-paced career. In discussing what is needed to be successful, Victor highlighted a unique feature of cybersecurity – the presence of an adversary. Those working in cybersecurity need adversarial thinking skills so that they can think like an adversary in order to understand offensive action and become a good defender.

For the last 13 years, Victor has been the Lead Program Director at the National Science Foundation for CyberCorps®, a scholarship for service (SFS) program that supports undergraduate and graduate students while they complete their education in cybersecurity. When asked for a cool story, Victor said most stories he would tell are embargoed for the next 25 years, but one he did share was about CyberCorps® students at the University of Tulsa. Students helped police crack an eight-year-old triple homicide case that was profiled on the TV series Forensic Files. The students used a state-of-the-art forensics lab to recover email evidence from a computer as well as instant messages from a phone that was badly damaged. The results of their work led to a conviction and life sentence. The efforts by these students spotlight what Victor said is necessary to succeed in cybersecurity … curiosity and passion!

Cybersecurity is a constant race between the bad guys and the good guys. So, what keeps people in this field? Fouad Ramia, the IT Manager for the NITRD Program at the National Coordination Office, said it is the gratification knowing that you have a role in slowing down and potentially stopping the crippling effects cyber hacks can have on another person’s life. The stakes are high and you can’t miss a step. In today’s world, security is part of everything people do – banking obviously, but now it is part of shopping, finance, doctor visits via telehealth, education, and entertainment. Fouad illustrated this with a story. Being in the cybersecurity field makes one more aware (and maybe even a bit paranoid) of the dangers that others often do not consider. In applying for a bank loan, the loan officer wanted the filled-out application sent back by email.

But it had personally identifiable information, which raised so many red flags. The bank assured Fouad that his information would be safe and an encrypted system to deliver his application was not needed. Knowledgeable in the potential risks this posed, Fouad insisted and after many days of back and forth, the bank finally provided a secure system to submit his information. The outcome of Fouad’s action? Fouad’s expertise on cyber and his presentation of the risks the bank posed to its customers obviously made an impression on the bank’s management. The loan officer informed Fouad that moving forward the bank would utilize a secured system for other customers. Fouad spotlighted this story because he feels his “paranoia” or cautiousness made a difference in the bank’s policy and hopefully will help others protect their data. It definitely showed just how important a role that experts in cybersecurity can play helping others. Fouad pointed also out what many experts in cybersecurity have emphasized – that cybersecurity is an ever-evolving fast-paced field. It is this uncertainty, combined with learning something new every day that makes cybersecurity a fun career with never a dull moment.

“Cybersecurity is for everyone.” Matt Scholl, of NIST, explained that we all make risk decisions to some degree as we navigate our digital world every day. Matt provided insight into how diverse the field of cybersecurity really is, saying that it is analogous to the medical field as both specialties offer many kinds of opportunities to develop expertise. This ultimately opens up the cybersecurity field to people with diverse educational backgrounds. Those interested in physics and mathematics can work on the next encryption algorithms, while those inclined toward law and law enforcement can tackle cybercrime. Teachers can train the next cybersecurity generation. But one key characteristic that people in cybersecurity share is an overall curiosity about how things work. Maintaining this curiosity while continuing their education and training is crucial for cybersecurity professionals because cybersecurity is dynamic and ever-changing, which is why it is a galvanizing and fast-paced field.

Matt’s own background illustrates just how important mentors are to help people get on the right path in life. Matt started in the Army, which gave him a solid foundation in understanding threat models, adversarial points of view, and force protection priorities — a background immensely useful in cybersecurity. From there he moved into software projects, learning how software can be developed correctly and–just as importantly–incorrectly. From these experiences, Matt realized that “out of boundaries” testing could indicate security problems. He gained an understanding of how a system responds to unplanned activity, which is an indication of a system’s security and resilience. Appreciating Matt’s background and his obvious curiosity about the IT field, a mentor encouraged Matt to make cybersecurity his next career step. This recommendation started Matt down the path he is on today and shows how one can find new directions despite being mid-career.

As you just read, the point was made that “cybersecurity is for everyone” and that can even include working in the field. Temmie Shade, with the National Security Agency (NSA), explained that “you don’t need to be a ‘computer nerd’ to work in cybersecurity”. Cybersecurity has many diverse aspects and if you are interested in solving problems and use a multidisciplinary approach to problems then the field has much to offer. A basic understanding of how computers work does help but key, Temmie emphasized, is continual learning because the field of cybersecurity continues to grow as more of our lives interact with and in cyberspace. To highlight her key points, Temmie mentioned her varied and diverse background. She started as a special education teacher and then began her second career as a psychologist and college professor after finishing her Ph.D. in counseling psychology. While Temmie was in her 3rd career working in Intelligence Analysis, she met another psychologist at NSA who was creating an informal group of behavioral scientists. Through this person, Temmie met a cybersecurity researcher interested in the effectiveness of innovative cyber defenses. This led to a role as a researcher in cybersecurity that allowed her to use the expertise, she had gained throughout her three careers, that is, describing, understanding, predicting, and influencing human behavior. Now Temmie applies her expertise in human behavior research to prove the effectiveness of newly developed methods for cybersecurity research. Temmie’s background and varied expertise shows that cybersecurity is a career field that brings in people with different types of experiences, training, and education all with the goal of investigating adaptive methods of cyber defense to demonstrate a defensive advantage.

Mentors are one important component for success but another is scholarship programs that the U.S. Government promotes to find top-notch talent and those who have passion for IT and cybersecurity. Vincent Sritapan, Acting Section Chief of Mobile Security Services in the Cyber Quality Services Management Office at Cybersecurity and Infrastructure Security Agency (CISA) found his love for cybersecurity through the NSF Scholarship Service Program and the ODNI’s Intelligence Community Scholars program. Vincent emphasized that he attributes his success to these scholarship programs as they directly positioned him for his dream job in cybersecurity with the U.S. Government.

Mentors played an important role for Vincent, both from his academic institutions and at his first cybersecurity job at the Department Homeland Security (DHS) in the Office of the Chief Information Security Officer. Vincent benefited from the mentoring and leadership programs at DHS as they allowed him to seek guidance and leadership to advance his career, developing relationships along the way with trusted colleagues and mentors in Government and other universities. Vincent further advanced his technical and leadership experience by becoming a commissioned officer in the U.S. Navy Reserves serving as an Information Warfare Officer. This highlights another option for a cybersecurity career. Each of these paths in cybersecurity – civilian, military, and academic – has helped Vincent develop technical, leadership, communication, and team-building skills that are vital to any cybersecurity career. He emphasized that technical and non-technical skills are highly valued in the cybersecurity field leading to endless opportunities.

When asked why a cybersecurity career, Vincent highlighted that technology is the present and future, i.e., artificial intelligence and emerging technologies will revolutionize how humans and machines interact in our daily lives. And, with the growth and greater reliance on technology, cybersecurity will be paramount to ensure security for our online activities. Vincent stressed the important role mentors provided, but he underscored that those looking at cybersecurity as a career need also to look for opportunities, such as scholarships and fellowships. There is a plethora of pathways in cybersecurity. Thus, the career track one takes depends on the type of job one pursues. He wrapped up with the point that those who want to have a meaningful impact while protecting critical infrastructure, work in sectors that use technology such as, communications, healthcare, and others, should consider a cybersecurity career as it is fulfilling and very rewarding.

Tomas Vagoun is the Technical Coordinator for the Cybersecurity and Privacy Interagency Working Groups (IWGs) for the NITRD Program. Tomas’ educational background is common in cybersecurity, that is information systems and computer science. However, he brought a unique framework for cybersecurity when he joined NCO. Previously Tomas gained experience in the telecom/internet industry on software development, which led to his work with major Federal civilian and defense agencies. This perspective on global telecommunication and software provided Tomas the understanding to see cybersecurity discussions in a slightly different light –  the why, what, and how of cybersecurity issues. He was able to relate to why software needs to be resistant, what ultimately can happen, and how to deal with potential complications. As Tomas pointed out, being in the cybersecurity field he has come to realize that it is shaped by social and economic aspects because technology has historically been driven by the needs of the market. This has subsequently opened opportunities for cyber criminals, creating a demand for cybersecurity to be constantly evolving from both the technology and human aspects. Tomas emphasized the social component in his account of his high school kids’ experience with cybersecurity. Many kids are interested in cybersecurity but do not have the computing and programming skills to compete in the cyber club’s events. Tomas pointed out we need to be more inclusive and broader in appeal when courting students to enter cybersecurity so we do not turn off 99% of prospects and instead have a more diverse workforce in cybersecurity.