The recent 2023 Spotlight on Security hosted by University of Maryland Global Campus (UMGC) examined what employers look for in cybersecurity job candidates and what prospective employees, including those transitioning out of the military, can do to get a foot in the door.
The Oct. 11 event at Ft. Meade also provided its audience of current and transitioning military personnel, students and other jobseekers with networking opportunities. Spotlight on Security featured ample meet-and-greet time with eight private, public and military organizations.
Whitney Barrera of Intelligent Waves, Anthony Gillis of CACI International, Jackie Snouffer of the Defense Information Systems Agency (DISA) and Farhan Ahmed of TISTA Science & Technology Corp. participated in a panel discussion that focused on both technical skills and non-technical traits sought by employers, including a desire to learn and the ability to problem solve.
“Think about what you're passionate about,” Ahmed advised. “For example, are you a red team or a blue team person? The red team is about hacking and finding gaps and the blue team is about fixing things, so find your sweet spot and then, based upon that, start your career journey.”
Gillis said his company looks for “people who have the grit and tenacity to think through problems.” He added: “We need diversity of thought, people who are eager to build upon what they already know.”
Ahmed also encouraged jobseekers to follow the news to keep up to date, noting that every day a new technique emerges among hackers seeking to compromise the security of an organization.
“My boss and I talk a lot about the fact that we don’t have people who are willing to look left, right, up and down to solve a problem,” said Snouffer. “Where is the data going? What am I connected to? Do I have other people who may have knowledge about this system? We need people who can ask the important questions.”
Panelists agreed that getting started can be daunting. They advised being open to all aspects of cybersecurity and to begin with the basics.
“Start with what you’re good at and what you like,” said Snouffer. “I started in the government as a software developer and then moved into cybersecurity as a natural evolution through numerous rotations, training and growth opportunities.” Ahmed, meanwhile, encouraged job candidates to look for internship, “shadowing” or mentorship opportunities.
“You can even go on YouTube and look for ‘day in the life of’ videos to learn more about different job roles,” he said. He said other resources, such as Tryhackme, can be used to sharpen skills.”
Snouffer agreed on the importance of internships. “They give an employee a good idea of whether they will like a job or an employer or not,” she said. “Often they open that door to a permanent job.”
Individuals moving from the military into civilian jobs were advised to include organizations with transition programs in their job searches. The panelists all agreed that it is important to communicate military experience in a way that employers grasp.
Gillis pointed to the Skillbridge program, through the Department of Defense, which enables servicemembers to gain valuable civilian work experience. “They will help you build your resume and communicate your skills in language that employers understand,” he said.
For career changers, panelists agreed that it is harder to find jobs in the defense contracting community. “The labor categories that we require have a certain level of the years. Go for entry level positions in big companies like an Amazon,” Gillis advised.
Snouffer said the federal government offers more flexibility for career changers. “The salaries might be lower, but you can move up as quickly really as you want,” she said. “For a computer scientist, for example, you can move every six months to reach a certain level. You may start low, but you will accelerate quickly.”
The formal Spotlight on Security program kicked off with an informative ethical hacking presentation and demonstration led by UMGC’s Lawrence Awuah, collegiate professor of Cybersecurity, and Jesse Varsalone, collegiate associate professor of cybersecurity technology.
Beyond the technical explanation and demonstration, Varsalone summed up the importance of ethical hacking with a childhood story about his first “hacking” experience.
“When I was 11, I discovered that if I put a 50-cent coin in the arcade token machine, I would get $5 in tokens,” he said. “What do I take away now looking back on that event? No one tested that machine.”
The bottom line: We must test everything.
The event also examined how institutions of higher education can help students break into cybersecurity by focusing on partnerships and internships.
“It is important for schools to create partnerships with companies to create pipelines to jobs,” said Barerra.