I started building large information technology systems for different industries back in the late 1990s. At that time, cybersecurity wasn’t a specific skill or role, but building secure and fault-tolerant systems was just part of creating a good design. As time went on, the complexity of the systems and the environment we were deploying increased and the number of threats and adversaries multiplied. In order to protect critical systems we needed dedicated people to focus on keeping up with the threats and learning the techniques to defeat them.

Currently, I’m the Director of Federal Alliances at Corelight, a startup company that built the open-source network monitoring tool Zeek and combines it with other capabilities to provide a network security platform. I find and develop partnerships with technology vendors, federal system integrators and cloud providers to help Corelight grow and deploy the best solutions to support threat hunting, network visibility and incident response for IT/OT and industrial control systems (ICS) networks. At the beginning of my career, I worked in a small technology startup building computers from scratch for a local university and providing desktop support. After learning the technologies and earning certifications, I started designing networks and systems architectures. That led to a role as a technology consultant designing and deploying increasingly large IT projects.

During that time I earned my Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP) certifications to learn the skills needed to continue to design successful security architectures and also manage the teams required to deploy and support them. One of the coolest projects I worked on as a result was deploying a global point-of-sale system for a major US retailer.

After working in so many roles in my industry including engineer, consultant, solution architect, program manager, senior director, account executive, I found that my favorite things to do are build teams and bring people together. I’ve found a niche where I help smaller technology companies build alliances and collaborations to support government missions across the public sector. I get to help Corelight grow and help our partners and customers do their best work. It’s a hard job, but I feel very lucky to be able to do it.

I supported DHS as a senior systems architect designing and building the Homeland Information Security Network for the Critical Infrastructure Sectors (HSIN-CS). This job required meeting with stakeholders in critical infrastructures and their government counterparts, and designing systems that allow leadership to collaborate on ongoing security issues.

For me, a few things have been really helpful. Paying attention to details: I tend to scan a big problem and then take it apart into little bits. Then I attack each smaller bit. Being persistent and tenacious: Working in cyber can be frustrating. Some of the technologies still need a lot of work and mistakes by others can lead to long hours wading through mountains of data. The tenacious person will keep pushing through to the goal despite roadblocks. Being a people person: I enjoy being around people and teams and that has helped me work with lots of different types of colleagues. Understanding and enjoying service: IT is a service industry and we’re here to help people. Very rarely does a company make money on IT, so leadership expects IT to enable the primary focus of the company. If we take that attitude that we’re here to help, that goes a long way to providing good service. Being curious: I’ve always been curious about how things work. Given the volatile nature of the industry, being naturally curious has helped me stay current with the latest technologies.

My initial advice would be to go to as many conferences as you can and talk to people in the industry. If the conference has an expo, you can talk to technology builders and find out what they’re working on and learn from other professionals in attendance. You can begin to figure out what part of cybersecurity you want to focus on. Learn as much as you can about core computer functionality. It’s much easier to understand a complex computer configuration if you already understand how that computer functions at its most basic components. Learn about networking, computer components, storage and file systems at the packet, binary and assembly code level and that will make it so much easier to understand micro-services, fabrics, containers and complicated solutions like zero-trust.