Equal Opportunity Publications - Article Page

Cybersecurity pros ensure a stable, safe, and resilient cyberspace while protecting our daily life, economic vitality, and national security.

As companies go increasingly digital, the need for security monitoring by cybersecurity experts becomes increasingly apparent, making jobs in the cyber field more and more necessary.

Currently, there’s clear evidence that threat actors continue to improve their cyber techniques, weapons and attacks on emerging technologies, making all organizational sectors - and individuals - at serious risk of potential infection and attack.

So much so that in 2018 President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act, which elevated the mission of the former National Protection and Programs Directorate (NPPD) within the U.S. Department of Homeland Security (DHS) and established the Cybersecurity and Infrastructure Security Agency (CISA), which builds the national capacity to defend against cyber attacks.

Meet several cybersecurity professionals here who are on the online forefront of protecting cyberspace for the government, for consumers and for companies, and find out what you need to know about cybersecurity.

A. Selcuk Uluagac, Ph.D. has deep background in cybersecurity issues. Using that, he digs deep into cybersecurity research at Florida International University (FIU). It’s Miami’s only public research university and the institution that graduates the nation’s largest number of Hispanic students as a Hispanic-Serving Institution (HSI).

Uluagac is the director of the university’s Cyber-Physical Systems Security Lab (CSL). He’s also an associate professor in the School of Electrical, Computer and Enterprise Engineering within the College of Engineering and Computing.

As such, he and his undergraduate and graduate students conduct research related to cybersecurity and privacy topics.

Prior to joining the university in 2014, Uluagac garnered cybersecurity experience in academia, government and industry - all of which enabled him to see similar problems from different angles.

“Given my 21 years of experience, it was the intellectual benefits of teaching and research that led me to my current career path,” he says. “I enjoy helping shape young, enthusiastic minds, and the intellectual freedom of conducting cybersecurity research.”

With modern society having entered into a cybersecurity era where information is distributed across uncontrolled domains, Uluagac sees our everyday lives continuing to be dominated by billions of smart, connected devices and applications.

“It’s imperative these devices and applications be secured,” he states, emphasizing the importance of preparing students - tomorrow’s cyber workforce - to be well-prepared in the best cybersecurity practices.

Uluagac’s advice for individuals preparing for a career in cybersecurity is to gain proficiency in several technical areas, including machine learning (ML) and artificial intelligence (AI).

“With AI-based security systems on the rise, competency in applying AI-ML in the cybersecurity domain is tremendously beneficial to building a rewarding career,” he underscores, citing recent figures by the National Institute of Standards and Technology (NIST) from cyberseek.org/heatmap.html stating that currently in Florida there are more than 13,000 cybersecurity openings and more than 35,000 employees working in cybersecurity-related jobs.

Thus, given the explosive growth of devices and applications, cybersecurity is a fascinating, rewarding and well-established field that can pay off in terms of job opportunities and higher salaries.

While most problems in cyberspace today still stem from simple issues, Uluagac believes the threat landscape is changing rapidly.

“While a fundamental understanding of the security field can address current problems, continued education, and research is essential for staying up-to-date on new cybersecurity technological developments and advances,” he asserts, while also mentioning Cybersecurity@FIU, an emerging pre-eminent program and collaborative endeavor with the potential to build upon its merits and strengths to takes a multifaceted approach.

For more information about Florida International University (FIU) careers, visit hr.fiu.edu/careers, Facebook, Twitter, YouTube, Tumblr, Flickr and Instagram.

Molly Payne is on the hunt for cybersecurity threats, and finds piecing together the puzzle when she finds them exhilarating.

“What better puzzle is there than trying to find malicious activity in a sea of innocuous data?” asks Payne, a cyber threat hunter at Raytheon, Intelligence, Information and Services, which is headquartered in Herndon, VA while its parent Raytheon Company is headquartered in Waltham, MA. “Solving puzzles just tickles my brain.”

Starting her career in the STEM fields as a chemistry teacher, Payne transitioned into security work after receiving an associate degree in forensics. Following work as a security tool developer, she joined Raytheon as a full-time threat hunter two years ago.

“While teaching gave me the opportunity to work with all types of people, chemistry provided me the scientific framework to analyze the complicated problems I confront working at Raytheon, a 67,000-employee, worldwide technical and innovation leader specializing in defense, civil government, and cyber solutions,” she shares.

Because there’s really only one internet, cybersecurity is a high priority, contends Payne, who provides her clients with guidance and advice about how to improve their cyber posture.

“By actively researching the latest threats, threat actors, techniques and exploits, I hunt for malicious activity in my clients’ systems, activity that industry’s best vendors are unable to deter or stop,” she explains.

During the last five years, despite the growth of cybersecurity, many cybersecurity problems are still approached in the same way. Recognizing the need for change, Payne applauds the recent move to create more diverse workforces, those creatively capable of solving complicated problems.

“Only with thoughtful, creative, imaginative and innovative people can new disruptive technology systems be developed, systems that will be successful in combating the ever-changing landscape of online criminal activity,” states Payne.

“There’s always a new piece of malware to understand and that makes collective cyber hunting exhilarating,” adds Payne, who advises those considering a similar career to have the desire and passion to teach yourself everything you don’t understand.

“Computers and the internet change so rapidly, you must be able to roll with the punches and get a kick out of being on the bleeding edge of it all,” says Payne. She further emphasizes the need for compassion for the people you’re protecting, as every company differs in its handling of delicate information that belongs to others who don’t want it stolen, read or used against them.

The skills Payne finds most necessary include critical thinking, creative problem-solving, strong communication and a propensity for exploring how things work.

“Malware never plays by the rules, and those who enjoy ‘bending rules’ can well have the makings of a good cyber hunter,” she asserts.

For more information about Raytheon careers, go to jobs.raytheon.com, jobs.raytheon.com/category/cyber-jobs-jobs/4679/22810/1, Facebook, Twitter, YouTube, LinkedIn and Instagram.

Since childhood, Lena Taylor has loved to figure things out. “As the oldest of four children, my siblings depended on me for answers,” she recalls.

Known for asking the proverbial, “Why?” when she found something she didn’t know and wanted to understand, Taylor sought answers that extended beyond the surface.

Admittedly curious - even describing herself as sometimes nosey - Taylor’s appetite for knowing “why” proved a good asset as an adult in the working world. In fact, it led her to the world of cybersecurity where asking why and digging deeper for answers are very much an asset.

Now, as the director of security technology and innovation, and the chief of staff to the chief security officer (CSO) at Monroe, LA-headquartered CenturyLink, she relies on her knowledge, professional experience, and keen sense of inquisitiveness to carry out her duties and provide input on cybersecurity issues.

As the second largest U.S. communications provider of secure connections to global enterprise customers, CenturyLink enables customers to navigate IT complexities, while providing managed network and cybersecurity solutions. Employed at CenturyLink for 19 years, Taylor previously worked in tier 2 and 3 IT positions. Five years ago she joined CenturyLink’s security organization.

Taylor credits the time she spent in IT with making her transition to security a natural progression. “Having worked with my security counterparts over the years made for a comfortable adjustment,” she points out.

Taylor categorizes cybersecurity as a hot and growing field, and urges people to pay attention to the importance of securing their devices and fully understanding the severity that surrounds devices when they’re compromised.

“Take an accurate inventory of your devices, and don’t underestimate the importance of the three little letters: ‘IoT,’” she advises.

Today Taylor delves into the breadth and depth of the organization, from budget management and organizational communications to strategic planning.

“In short, I make sure the organization runs smoothly. I love interacting with the people I work with as we bounce ideas off each other. There’s never a dull moment,” she enthuses.

Taylor points out that, by 2021, it’s predicted there will be as many as 3.5 million unfilled cybersecurity jobs. That’s a lot of job openings that can be filled, she says, by people from many backgrounds that have many skill sets. That diversity can and should expand the qualifying pool of candidates.

Her advice to those joining the cyber threat fight is to “be collaborative, as the cybersecurity world changes frequently. Without collaboration people will not benefit from the opportunity to see the big picture.”

A proponent of having, and being, a mentor, she adds: “Guide and mentor people. Don’t manage them.”

She also recommends opportunities for leadership development and giving back to the community via employee resource groups.

To that end, as part of CenturyLink’s PANN (Pacific Asian America Network), she mentors new members and drives brand awareness via community events like Colorado’s annual Dragon Boat races.

“It’s a great way to engage summer interns, and give them the full corporate experience in and out of the office,” concludes Taylor.

For more information about CenturyLink careers, go to jobs.centurylink.com, Facebook, Twitter, LinkedIn and YouTube.

“Just read the newspapers or watch TV to realize how critical security is in daily life,” says the vice president of IT and security at Portland, OR-based PacifiCorp, a six-state, western utility with 5,000 employees.

That’s why security is front and center in everything the utility, which is a wholly owned subsidiary of Berkshire Hathaway Energy Company - does, especially when it comes to protecting the electric grid. In fact, Lahti says PacifiCorp now invests more capital and human resources in security programs than ever before.

Referencing her 35-year career in IT, Lahti recalls starting in the lowest entry-level position, working 24-7 shifts in every functional area. In 2015 she worked her way up the management chain to achieve her current position.

Based on her technical and risk management background, Lahti was selected - right after the terrorist attacks on September 11, 2001 - by the CEO and tasked with building a corporate security team.

“Initially, I hired three cybersecurity professionals, which has grown to 45. In 2016 it was combined with the physical security team to increase efficiencies in responding to any security event, and is now recognized as best-in-class,” she explains.

As manager of more than 500 employees and contractors on a 24-7-365 basis, Lahti is involved in designing, delivering, and supporting technical assets required to run and secure the business and its customers. She’s accountable for the risk management compliance program, certifying that the company is maintaining and operating critical cyber controls, as well as general computer controls for a regulatory and yearly audited environment.

“Our risk program ensures PacifiCorp can recover and secure employee and operational assets in the event of an unplanned incident,” she adds.

At the start of Lahti’s career, security wasn’t the top priority it is now. And its prioritization will continue to increase as technology evolves further into smart technologies, robots and predictive analytics.

“Bad players are becoming more sophisticated in hacking tactics, so staying one step ahead is a daily challenge. Cybersecurity will be on the forefront for many years to come,” she underscores.

For those considering such a career, she recommends extensive, enterprise-wide knowledge of IT systems, infrastructure, and network-telecom tools and processes, in addition to knowledge of cybersecurity tools and practices.

However, Lahti cautions against pursuing a cybersecurity career based on perceived salary and job stability. “A successful career in cybersecurity flows more from an interest in computing and security rather than the other way around,” she states.

While the expected number of jobs is anticipated to reach 2 million in 2019, she points out, success, she further contends, comes more from dedication than initial skills. So while the demand is higher than the supply of skilled cybersecurity professionals, she believes it’s essential to understand the content and possess a consistent willingness to learn.

“I work with outstanding and incredibly talented and skilled individuals who are committed to what we deliver and secure each day,” Lahti shares.

Referencing phishing as a top cybersecurity threat, she remarks that, in 2016, PacifiCorp was in line with the industry average click rates of 16%. By 2019, after implementing robust training and awareness campaigns, plus technical tools and controls, the company brought the click rate down to around 1/10 of 1% - a major achievement, she proudly points out.

Says Lahti: “I enjoy being involved with fast changes, and new sets of challenges and opportunities. While my career has been amazing, today is even a more exciting time to be a part of PacifiCorp’s IT and security team. I’m grateful for the opportunity to highlight the importance of cybersecurity and the role it plays in daily lives.”

For more information about PacifiCorp careers, go to careers.pacificorp.com, LinkedIn and Twitter.

Having a secure defense is the best offense against current cyber concerns, threats and attacks, according to Jimi Mills. This strategy allows him to stay ahead of harmful hackers and track them down.

“With most everything today having a digital link, cybersecurity and building secure defenses are critical,” says the IT manager in the security operations center (SOC) at Dallas, TX-headquartered Texas Instruments, Inc. (TI).

Mills’ nine years of cybersecurity experience began while studying for a Bachelor of Science in information technology (IT), with a focus on network security.

Offered the opportunity to work in various IT help desk positions at the University of North Texas (UNT), Mills was hired in 2015 as an SOC security analyst at TI - a 30,000-employee company that engineers, manufactures, tests, and sells analog and embedded semiconductor chips, with operations in more than 30 countries. By 2017 he was appointed team leader, and a year later he was promoted to his present position.

Asked what best prepared him for working in cybersecurity, Mills replies: “Hands-on work. While college helps one understand concepts and theory, real-world attacks differ drastically.”

Citing his participation in UNT’s Collegiate Cyber Defense Competition (CCDC) - designed to provide real-world experience to students - Mills as team captain and his team won third place in the Southwest region and participated in several online events. This all proved helpful to him in terms of learning hands-on security applications.

“I enjoy taking part in thrilling and satisfying cat-and-mouse-like games that require staying ahead of others,” admits Mills, citing the excitement of chasing down hackers and building secure defenses that the field of cybersecurity offers.

As the manager of a global team that provides 24-7 security monitoring, Mills is involved in threat-hunting, security tool tuning, threat intelligence, penetration testing and application administration.

“These build off each other to make sure that TI has robust prevention defenses while still being able to detect and respond quickly to security-related events,” he explains.

According to Mills, cybersecurity talent is in demand right now - with not enough skilled individuals to fill job openings. With more devices and people on the internet every day, the number of attacks, and the span of what must be defended, increases.

“To help meet this demand and grow the talent pipeline, TI is dedicated to equipping educators and students to take on STEM-focused careers while learning hands-on skills that come with experience,” he points out.

Mills stresses the need for such intangibles as thinking outside the box, problem-solving and the ability to work in fast-paced environments. “Individuals who excel at these skills may be a good fit for a career in cybersecurity,” he believes, pointing out that some of the best minds didn’t start out as cybersecurity professionals.

Mills most enjoys constant learning and knowing he’s making a difference. “I’m proud that my job helps protect the company and its employees. There’s also satisfaction in knowing that if nobody notices our team, then we know we’re doing a good job,” he shares.

To persons interested in cybersecurity, Mills offers this advice: get involved and be curious.

“The great thing about the cybersecurity community is the overwhelming support for sharing knowledge,” he continues.

He further recommends participating in conferences, local groups and online events known as “Capture the Flag (CTF), in addition to searching for information on the internet and learning to program.”

For more information about TI careers, go to careers.ti.com, Facebook, Twitter, LinkedIn, YouTube and Instagram.

As part of the U.S. Department of Health and Human Services (HHS), the Bethesda, MD-headquartered National Institutes of Health (NIH) is the principal federal agency responsible for biomedical research. Composed of 27 institutes and centers (ICs), each with a specific research agenda, NIH’s mission is to seek fundamental knowledge about the nature and behavior of living systems and to apply that knowledge to enhance health.

As the chief information security officer (CISO) for NIH’s Center for Information Technology (CIT), Jothi Dugar plays a vital role in the NIH mission by helping to manage, store and share data generated via scientific research. CIT provides the NIH community with high-quality IT services to support NIH’s mission-critical research.

An eight-year employee of NIH, Dugar has a unique background and educational experience in military, governmental, and private fields. An electrical engineering graduate, she was prompted, in 2005, by a previous supervisor to explore the field of cybersecurity.

Although her position is often misconstrued as purely technical or compliance-driven, Dugar disagrees. “Past positions helped me understand the holistic and integrative nature of my role in the organization,” she states.

From her difficult childhood and healthcare journey she learned to set standards and elevate herself to break the glass ceiling. “Being the only female and minority in almost every endeavor, I learned early on that because I didn’t look like the ‘norm’ I wasn’t treated like the ‘norm,’” she shares.

As a result, Dugar strove to view herself, and her life, from a holistic point of view, and began to adapt this realization to the corporate setting.

“As a field, cybersecurity cannot be left to one person or team. Instead it relies on the use of diverse minds, an integrated set of solutions and top-down, bottom-up approaches for strategies to form cohesive solutions,” she states.

Dugar stresses the importance of ensuring everyone in an organization understands his or her role in cybersecurity and cyber safety. She provides leadership, vision, direction, and coordination of information security, manages the CIT’s information security program, and leads the Optimize NIH IT Security - People and Culture initiative, whose mission is, in part, to embed cyber into the organization’s everyday culture.

According to Dugar, the future of jobs in cybersecurity must involve a wide range of areas. “A broad field, it needs a diverse set of skills, experiences and people to operate effectively. Most important skills include interpersonal communications, time and organizational management, empathy, strategic thinking, keeping up with technology, and an eagerness to keep learning and growing.”

A happily married mom of three, Dugar enjoys knowing that no two days are alike on the job. She also enjoys her role as the director of a dance academy and as the owner-practitioner of a holistic wellness practice - proof-positive that “every woman can have it all!” she enthuses.

For more information about NIH careers, go to hr.nih.gov/jobs, Facebook, Twitter, LinkedIn, YouTube, Instagram and Flickr.

https://www.varonis.com/blog/cybersecurity-statistics/, https://www.cybintsolutions.com/cyber-security-facts-stats/, https://www.educationconnection.com/resources/12-must-know-cybersecurity-facts/

3. By 2020 IT analysts covering cybersecurity will be predicting five-year spending forecasts (to 2025) at well over $1 trillion.

6. By 2020 the estimated number of passwords used by humans and machines worldwide will grow to 300 billion.

9. The concern of 91% of security professionals is that hackers will use AI to launch even more sophisticated cyber attacks.

10. More than two thirds or 65% of companies have more than 500 users that are never prompted to change their passwords.

15. There are around 24,000 malicious mobile apps blocked every day. The app categories with most cybersecurity issues are lifestyle apps, which account for 27% of malicious apps. Music and audio apps account for 20%.

16. The information that apps most often leak are phone numbers (63%) and device location (37%).

18. Ransomware attacks are growing more than 350% annually, with the FBI estimating in 2017 that ransomware infected more than 100,000 computers a day around the world.

19. Between 2015 and 2017 the U.S. was the country most affected by targeted cyber attacks with 303 known large-scale attacks.