Breaking into the Cybersecurity Field and Skills for Success Transcript

Mary Kate Howard, enterprise security operations program manager for Hewlett-Packard, Inc., and Michael Howard, a Career and Technical Education (CTE) teacher, shed light on the growth and opportunities in the field of cybersecurity. During this conversation, they explore the value of degrees and industry certifications and discuss the importance of curiosity, leadership and communication skills. Hear about how cybersecurity is no longer just a niche market but a vital component of every industry, transforming the way we think about career paths in the digital age. 

Transcript

Craig Weaver: Welcome to Response Leadership, brought to you by the Texas A&M Engineering Extension Service, a leader in response training. We are a podcast bringing you stories of leadership expertise and insights on career paths from across the response industry. I’m your host, Craig Weaver. I work in marketing and communications here at TEEX. 

We have a few people here today. I guess I should introduce my colleague/peer. 

Bart Taylor: Yeah. Colleagues! 

Craig Weaver: Bart Taylor training manager, cyber training. You work in business and cyber solutions here at TEEX down the hall. Our guests today are Michael and Mary Kate Howard. Mary Kate, Enterprise Security Operations Program Manager at HP. And Michael Howard, Information Technology/CTE teacher (Career and Technical Education) at A&M Consolidated. 

Michael Howard: Correct. 

Craig Weaver: All right. Well welcome. Thank you all three for being here. 

We want to talk today about careers in cyber or cyber careers. I was thinking today that it wasn’t that many years ago, we couldn’t have this conversation because there weren’t careers in cyber in any way. But is a career in cyber just as broad as ever these days? And whoever wants to jump in can go for it. 

Michael Howard: My favorite thing to say is this year’s cybersecurity person is yesteryear’s version of engineering. Engineering was, you know, your classical engineers. You had the people that had very, very, very minimal specializations. And then all of a sudden you had chemical engineers and biomedical engineers, and mechanical and telecommunication and it spread out even further into the computer realm for computer engineering and computer electrical engineering. 

Cyber is doing the exact same thing and it’s just a facet of IT. So, you have information technology services, and you have the people who help and do information technology, but then you have information technology security. And those security people can be network security people. They can be firewall security people. And it is a choose your specialization. It is a smorgasbord of things that are available to you.  

Mary Kate Howard: Yeah. And I laughed when you said you couldn’t have this discussion not too long ago. 

And I mean, that was even within the last 8 to 10 years. Where cybersecurity was still fairly gridlocked into government, and, you know, behind the scenes. And it was something we were doing either, you know, as an extension of armed services or like I said, government work. And then if you did have an implementation anywhere, you had to be larger scale, like medical, something infrastructure, something where, you know, maybe you had a team of a few people. Or it was more commonly, you know, “give it to your IT guy. They can make sense of it”. And now it’s really taking off. 

Bart Taylor: Yeah, I agree with both of you. I mean, the cybersecurity boom has been crazy and amazing and nice. But you know, I think everything came out so fast that, you know, it’s taken us a minute to catch up to how fast it grew, almost to reflect back, like Michael, you said, looking at the different careers in cyber, like which pathway do you go to get there? And so I think that’s why this podcast was so important, because with Cybersecurity Awareness Month coming up, a lot of the times we focus on all those same awareness things that we see all the time in cyber, “use strong passwords”, “use multi-factor authentication”, but a lot of the times we’ve never really got into how do you get into cyber security. And so being in education and working in cyber now, you know, it’s just something I’ve seen. And so, looking at the values of certifications versus, you know, college careers, I think it’s a great conversation to get in. Because cyber is so ubiquitous now with technology and I road with TEEX with preparedness and emergency services and response, you know, realizing the importance of cyber in securing America, securing our economy and securing everything. You know, it’s just that important where we got to push cyber to the front. And really, like Michael said, really rethink what those traditional college paths look like. So electrical engineering, computer science and all those different engineering paths. Cyber is one of those big paths that people need to consider now too. 

Craig Weaver: Michael, do you see a much larger group of people, high school, coming to you investigating careers in these fields? 

Michael Howard: So, the increase is in how do I do this sometimes without college? So, we’re seeing a couple that the interest is there, but the drive for another four years of education kind of changes a little bit. And I try to sell it to them that if you have one or the other, you have, you know, a chance at that job, right? You have to have the skills. You have to have the interest. You have to have something. And if that’s a four-year paper or a alphabet soup paper, you have your A plus, M plus, security plus, CISSP, your tech plus (IT fundamentals) that having those, is paper with practice. A lot of the difference between the person with the cert is you have paper and practice versus a person who just has paper or a degree. But if you have both you are the best candidate for the job.  

And so even at the technical colleges, if you do a two-year program, a lot of these two-year programs fight for you to try and get a cert too while you do your two-year program. So now you are that person that has both sets of paper. You have the paper that shows that you can do the skills, and you have the paper that says that you know your skills. And having that knowledge is power is very, very important there for cyber. 

Bart Taylor: So, Michael, how many kids are, I say, kids, students, you know, in education that are taking your IT courses. How many actually get interested in going and pursuing a field in cybersecurity? 

Michael Howard: I am looking at roughly, out of the ones that take the class, it’s usually around 10 to 15% will end up going into cyber. And so out of all of my students, 10 to 15 will end up in cyber. I have some that are interested in computer science and then their backup is cyber or IT. And there’s nothing wrong with that because there’s always going to be jobs.  

But they know that there’s saturation in those markets that they’re looking at– saturation in the engineering, saturation in computer science, saturation and even in medical fields. And so a lot of them, the IT realm ends up being a backup, but it’s not just a backup for some of these kids they are very talented. And I try to let them know that this could be their primary.  

And again, there’s nothing that I can necessarily completely push them away from what their choice is. But with me being there and getting them those skills so that not only are they just learning the skills in general, but with understanding PCs and understanding the architecture behind security and networking, but they have those skills because everyone uses PCs anyway. Everyone’s using PCs in the medical field, everyone’s using PCs in the engineering like you, you can’t not use PCs and most of the fields right now. So then just getting the hands-on skills, they’re already a power-user in the realm of computers, so they know how to use their PCs. They understand how to do it. And so, they’re a more educated worker who knows how to use a computer. So, they’re going to cause less problems for you in your field anyways. 

Bart Taylor: And that seems like a big difference. You know, I taught IT years ago, as you all may know, the audience may not know, but yeah, I had my time in teaching IT as well. But back in those days, it was really hard to try to push kids towards a cybersecurity career. They wouldn’t consider that. 

And so, it’s nice to hear that it’s changed that much, that you have kids that are interested in that field. So Mary Kate, at HP you’re a large company, you know, out of your colleagues and people, maybe in your IT and cyber departments, how many do you see that are have actually went towards a college career in cyber that are actually working in cyber versus those who may have went the certification route, or those who are just IT that stumbled into cyber. 

Mary Kate Howard: Yeah. I think especially within the last honestly five years and really even like the last year or two, with the changes that are going on in the industry, with regulation, everything like that has driven more people into cyber. And so, this is the first time, you know, where I wasn’t where I was in HP and IT. I’ve been there for ten years, and I was still one of the youngest people. I was one of the last college hires that we had done in a while and I was an architect. 

And it was a much older group, people that, you know, everybody had been making their career out of IT. Whereas you looked at cyber and it was similar, but a lot smaller. And almost everybody from that group had come in from something previously, whether it was, you know, hey, I was in the armed forces, and then I worked for the NSA, and then I came here. I mean, they were career cyber security that were driven from, you know, some of the original sources, some of the original industries in cybersecurity, you know, and then our company split. 

We had changes that had to go on in terms of cyber. It was a lot smaller than it used to be, even compared to right now. And as we’ve started to rebuild the cyber organization, we have seen a lot of people come in, like myself, that are coming from IT, mostly from IT but also from other business functions where they’ve seen, “hey, you know, I’m really passionate about like, hardware security”, Let’s get in here and start working on that. And let’s look at firmware and how do we secure that. 

And then only really within the last couple of years, are we seeing that it’s actually intentional. These are college hires coming in, that their degrees were specifically related to, the most common that I see are pen testers, because, like all of our threat intelligence hunting, almost that entire team came from somewhere in the government beforehand. And then, you know, I’ve been talking to interns within the last year or two that have reached out to me and they’ve said, hey, you know, I’m doing this other thing, but I really want to get into cybersecurity. These are the things I’m interested in. And now they’re talking about, oh my gosh, cybersecurity with AI. And so, it is the trend that we’re seeing a lot of new blood. 

Craig Weaver: What would you say are some essentials that people coming into this need to have? 

Mary Kate Howard: The things that I have seen that really stand out? I mean, you’re always going to have somebody, it doesn’t matter what organization you’re in, what role you’re filling, you’re gonna have somebody that, you know what, this is my career. This is what I’m going to do. I’m going to do this one thing, and I’m going to be really good at it. But more and more, as cyber is coming out from, you know, behind the curtains and it’s more than just, hey, we’re actively fighting threats. 

You know, we’re having to actually show, you know, hey, you know, it’s not always like, oh, who’s this threat actor that we’re working against? Sometimes it’s just understanding what our own internal people are doing as human beings and making sure that, you know, there’s validity in the MFA, there’s validity in securing your, your PC and everything. And to secure if you secure you, you secure the whole network, everything like that. And so, you need people more now than ever that can make that case, that can go out there and be that kind of that liaison between that really technical, almost daunting “I don’t even want to really understand it” part, but still feel like, you know what I’m doing, what I’m supposed to be doing.  

There is so much regulation and policy that, you know, that’s a huge change in cybersecurity that now you have to have internal teams that their job is not just writing the policy for your company and your organization, but it’s understanding, you know, what governments are putting out there, like GDPR and being able to say in layman’s terms, “hey guys, you need to do this. This is why. Do you want to lose business? Do you want to potentially be, you know, a threat to yourself and others unintentionally? If not, then do these things.” 

And so, it has put more in the hands of cyber than any other time. I know even within the last few years, a lot of upper-level managers and CISOs that I’ve talked to across the board have said, you know what? They’re having a shift their position from cyber, being the policymakers and just kind of saying, “this is what we do” and walking away and waiting for everybody to interpret it and adopt it to actually saying, no, we actually have to be driving this. We are now actively participating and driving what’s going on. So having people that are coming into cyber and are comfortable with that in whatever capacity, really stands out. 

Bart Taylor: So, I think, Michael, maybe you can expand on this with what you’re doing with some of the kids in high school and preparing them for these careers. But with some of those essential skills that Craig was asking about, you know, I feel like IT is very technical in those aspects. But when you get into cyber, I feel like some of those essential skills that you need actually got to fall into some of those employability skills and almost leadership skills as well. 

You know, communication is so big and has to be big in the world of cyber security, when you’re looking at incident response. What kind of things are you covering at that secondary level that add to that IT learning and those essential skills needed for a cyber career? 

Michael Howard: To expand on what Mary Kate was saying and what Bart was saying, I wholeheartedly believe that the number one skill that works in the cyber world is curiosity. If you don’t question the surroundings, if you don’t question the current policies, the current things, if you don’t think about what your current posture is and understanding the posture and what can break that posture, then you are in defense-only cyber. 

And right now, cyber is red team and blue team. You have defense, you have offense. You have to have both sides. If you’re only posturing for defense, then you don’t know how actually weak your posture is. And so the curiosity, having a kid that is curious about the security and wanting to understand what can be done to this network and what we do to protect the network. 

And so that’s why security exists. It’s because people push the barrier. And if you’re not pushing the barrier and you’re not advancing the barrier, you are behind. And so, that curiosity thing is really important for cyber. And then those soft skills, being able to talk to another person about computers without having to be an overbearing person, you can talk about computers without having to be the smartest person in the room. 

Everyone uses computers. We can all speak the same language. And so being able to communicate and work with other people across the disciplines really, really works well, because your Fire Department needs cybersecurity, your water people need cybersecurity. Your school needs cybersecurity. You know, that mom-and-pop business needs the ability to set up multi-factor authentication so that somebody can’t steal the warehouse log-in for their storage facilities and whatnot. 

So, everyone can speak cyber at a minimum. And the the soft skills to be able to interact with other people is very, very important. Then, so, I say curiosity. I said those soft skills and then, the other major one is just having a minimum of a little set of leadership skills, because if you can’t take charge of a situation, or at least try to be a contributor during a situation, you’re not helping that cyber posture. 

And so that goes with activity in the world. And so, there is passive cybersecurity, but there is a lot of active cybersecurity. And so, if you aren’t working towards that, that’s going to cause some issues. 

Bart Taylor: Yeah. And Michael, I definitely see the need of leadership in cybersecurity because ultimately when you get in these cyber roles, one of the things we’re tasked with is actually changing, like y’all said, changing the culture of cyber in your organizations. I mean, we’re in a generation in an era now where we actually do have to be those agents of change to say, hey, I know this is the way we’ve always done it, but it’s 2024, y’all. We’ve got to change the way we do things because cybersecurity, and what the threat actors are doing is so pervasive everywhere at multi levels. You know, your mom-and-pops aren’t safe anymore. Everybody is subject to cybersecurity, awareness and increasing their cyber postures, you know, no matter where you’re at. And so, I think with these changes in cyber cultures, it makes me think, do y’all think there’s more value in certifications or lately now, because cyber has changed so rapidly, you know, IT has changed so rapidly—we quickly go from things from I feel like plug-and-play was just a couple of years ago to virtualization now to the world of AI—and so do you think certifications lend more value because you can get a new cert to progress, to learn about cloud technology or get a certification in cybersecurity, you know, artificial intelligence. 

And so, what do you think about these certifications and how does that help your company and organizations? 

Michael Howard: I have the perfect segue. All right. There was legitimately an article published by WhiteHouse.gov about it’s called “Service for America: Cyber Is Serving Your Country.” It was published on the 4th of September. Talking about the need to lower some of those levels for people to get into the cyber realm. They talked about how some of the things that we have right now is there’s barriers to entry in the cyber realm. 

It is kind of like a closed-door kind of behind-the-scenes thing. And right now, the article essentially talks about how we have things, we have entries into cyber, we have certifications, we have the people who are interested because, number one, that interest in cyber and interest in IT is what becomes that ultimate factor for somebody to actually go and become an individual in that, having that little bit of interest is better than having a person who’s disinterested but good at the job. 

If you have a person who’s interested and good at a job, they can go further than the person who’s disinterested but okay at that job or good at that job right now. Their level of which they can obtain is much higher than the person who just wants to stay static. You know, the difference between a lifelong learner and a static learner. 

Mary Kate: Yeah. And that life learner, and that curiosity, I mean, those are the things that, you know, even with me personally, I’ve only been officially in cybersecurity for one year. When I was in infrastructure, and IT teams working with cyber, I worked with them for five years, but everything I had in my ten years earlier was from the certifications and the degrees I got, you know, when I started my career. 

I haven’t done any new learning. And then within the last year, I’ve gotten two new certifications, from Sans. I actually, I guess technically three. I did one through TEEX. And so, you know, I’ve done more in a year than I’ve had for ten years. And just even from personal experience, you know, there is so much you can learn that is on-the-job learning that’s always going to be relevant. 

I think, even, I had this stance when I thought my career was purely going to be IT for the rest of my life. I knew that whatever I got, you know, starting out was just my foundation because everything moves way too fast to stay relevant forever. But especially since making this transition and this move over to cyber, you know, I see everything that I did before as that foundation, as, you know, this gave me the context into how we as HP worked, but also how a lot of companies and organizations work. 

And then with that understanding, I had a new light, even just with the certifications I did. You know, I felt like especially with one of them I was like, I already know all this. I’ve been doing this for ten years. But then, you know, one day it was looking at it, you know, from defense in-depth perspective and taking all of the things I had been doing and saying, you know, hey, this is why these things were important for me to do for ten years. And I feel like those certifications that I’ve done have made me a more rounded individual that I can go out there and be like, okay, guys, this is what we’re trying to do here. 

Bart Taylor: That’s awesome. And, you know, I think I’m one to really always talk about the power of certifications because I’m a product of certifications. I am Doctor Bart Taylor, and I’m here today because I earned an A-plus certification back when I was a kid, starting in IT. And that really changed the trajectory of my entire career because of a certification. 

And so those certifications hold a lot of merit, and they hold a lot of power. And so, I appreciate being in the world of cybersecurity, where we value work experience versus certifications versus college education. To me, they all have the same value and merit. Just depends on the combination that you’re bringing to the plate. 

Michael Howard: Yeah. To also add, I mean, without getting my A-plus certification in high school, I probably wouldn’t have had my first job in IT, doing IT service desk. And same thing, I for the longest time when I was in high school, I really wanted to do like EMT stuff because that was something that I had a lot of interest in. I wanted to go into emergency management and understand that sort of world and, you know, doing my first sets of things, it made me sick to my stomach. And I was like, man, I guess I can’t really do this job. And so, then the like IT realm really, really opened up to me because I knew that I liked it and I was good at it, but like, I didn’t know how good getting my cert was in high school as a, you know, 17-year-old or 16-year-old. 

And at that time, I was like, okay, well, now I know that I really can do this, and I know that I can get that job early and then start my career early. And so, by the time that I came to Consol (A&M Consolidated High School), I had roughly 12 years of experience in IT, and I was 28 years old. 

I had been working since about 16 in the world of IT and management and service management. And so, it did help me with that because again, I’m also a product of certification. And that’s why I do value the education from the cert world. Because there are some kids that need that. There are some adults that need that. I mean, getting an entry level cert can change that job. 

We’re seeing more and more, places that are removing that bachelor’s degree and some of them are putting in like, you know, some like Amazon cloud certificates, boom, you know, $200 a month certificate. They know that your barrier was $200. They know that you have skin in the game to get that cert. And then they’ll get you in doing, you know, cloud essentials work on AWS or you do, I think it’s, you can do the, CompTIA techplus or IT fundamentals, which is a “I’m very good at service desk and I can help, fix computers and you can trust me to do that. I’m not just some guy off the street.” Right? 

And so, the big thing with certs is that certs show and prove that you have skin in the game because you put money towards the certification. But some of these other ones that end up being once you’ve been in the world, it now knows that you have skin in the game and you have really knowledge of the game, like your CISSP requiring two years of security-type job experience is really important. 

I think GIACs require, the Sans courses, require some experience in the field before you take those as well. And so getting your steppingstone certs first, getting in the field, getting experience and then going and getting more means, again, it’s that same lifelong learning. You’re continuing to learn and you’re continuing to grow. 

Because again, we said it before, the cyber field is growing. If you’re not advancing with your cyber field, you’re staying behind. And so, continuing to earn those certs helps you be a better individual. 

Bart Taylor: Do you have any, like, tips for anybody looking at getting a career in cybersecurity as far as perhaps a job interview tip or something that they can bring to the game when they’re applying or looking for careers in cyber? So Michael, maybe you can tell us–what do you tell high school kids in preparation for careers in cyber? 

And then Mary Kate, maybe you can tell us some tips for anyone that would apply for a job in cyber in your area too. Like how can they get these jobs? 

Michael Howard: My main thing that I do with my students, I actually do interview prep with them. If I have a kid that wants to do a internship, if they want to do some sort of job interview at some of the local places or anything, I do interview prep with them, and I just prepare a couple of questions. 

And I mean, one of the major ones that we always talk about is, we talk about  answering their question with a scenario-type thing. So, if you’ve seen a scenario, you’ve worked in a scenario, or you’ve encountered something in the IT world using that scenario and how you solved a problem is really important. 

And so, walking them through how you troubleshoot a problem, how you break it down, you know, we teach troubleshooting in my classes. And so that is a skill that is very important. So, understanding how to barebones a situation and go down square one and walk them through how you troubleshoot. Because the best part about learning and understanding that troubleshooting is that you can troubleshoot even their question. 

You can break their question down into a couple of things, answer those in parts, and then put it all together and into your summary of their answer. Because the way you answer the question is, is just as important as the answer to the question. Because if you can talk the talk, eventually you’ll be able to walk the walk. 

Craig Weaver: I mean, how are companies balancing the need for pros with so many people coming out of college with this seemingly new, you know, we were talking about how ten years ago we couldn’t really have this conversation as much. But, I mean, there probably are a lot of people coming through high schools and colleges that are getting into this. 

Is it tough, have you seen if it’s tough to manage that? 

Mary Kate Howard: I think one of the biggest things that I have noticed is a shift in, not just how people are being hired, but how they’re being interviewed. And that’s been honestly probably one of the biggest, pivotal changes that’s happening in any sort of technology field. We’re seeing interviews being more behavior based now. And also more, you know, more panel-based. So, you might still have that element of, you know, it’s multiple interviews. You might have, like the first phone interview and, some of those, I mean, just like college classes, there might be a weed out question here or there that is probably very technical. Because they are trying to at least say, hey, do you at least know what you’re applying to? Do you understand it? 

But it might not necessarily be, you know, 100%. It’s just, you know, that litmus test. Hey, where are we on this? The behavioral part comes in, where they might ask a question that seems like it is technical in nature. And this is something that I’ve had to even personally advise people on is–don’t get hung up in that, especially if it’s something that you think it’s technical or even if it’s not technical you think, oh my gosh, I have to answer this question 100% correctly. Usually, no. Usually that’s not the case. What they’re trying to see is, first of all, do you respond? Because there are some people who just say, “nope, that’s not my problem,” and pass it on. And leave it at that. And, you know, if you’re in the same room the interviewer is probably staring at you saying, “oh gosh, okay.” 

They actually want to see you make an attempt to, on the fly, maybe not necessarily solution the problem, but that is absolutely possible, but display that evidence that you would try to reach out to other people, you would try to collaborate, take ownership, problem solve. 

Whatever it is, you can show you can work yourself out of that problem or at least try. That is becoming more and more common, as well as, those panel interviews I talked about a lot of times these days, panel interviews, you know, where you’re in a room with maybe 4 or 5 other people or in a Teams or a Zoom call with all those other individuals? 

A lot of times that is so the rest of the team afterwards can collaborate, and say, hey, did I feel like this individual was not only knowledgeable, but could they work with our team? Could they mesh with, you know, whatever it is we’re doing today? And then it ends up being that conversation after the fact where they’re weighing, you know, hey, did this person know everything? 

Maybe. Maybe not. But also, you know, could we see ourselves just talking with them in a call? Can we eat lunch together? How many times I’ve been on interviews where just that little difference there changed the direction we went with who we hired. 

Craig Weaver: Yeah, I guess in most industries, it’s not just if someone’s capable. It’s “can they mesh?” It’s a huge part of it. 

Mary Kate Howard: I mean, if you can’t mesh, if you can’t collaborate, it doesn’t matter where you’re coming from, what your background is, I mean, you’re either going to succeed together or fail together. 

Craig Weaver: Yeah, yeah, that’s very true.  

Well, how do organizations, what have you seen that organizations, how do they address differences in working styles, what they expect? 

Mary Kate Howard: Honestly, I think the normalizing factor, regardless of, you know, generation and work style is training and certs. And so, if it is a more technical role, even if it’s cybersecurity, IT, project management, everybody having the exact same opportunities for the same training and the same certificates is always great because we all know that we’re always constantly learning. There’s things always changing. 

But the other part of it is, I mean, we’ve done, I don’t know how many times it’s been a while, though, since we’ve done things like Myers-Briggs. I think that was over ten years ago. And strengthsfinder and, you know, sometimes they’re kind of silly. But even just things like that have helped our own teams be more cognizant, of not how others work, but how we ourselves work. And it opens up that ability for us to talk more and to collaborate more and honestly lets us see things that, you know, maybe we didn’t before. It’s good to have like a little pulse on stuff like that even, over the years, if you’re a new hire or you’re more seasoned, you’ve been at a company or in a particular role or industry for a while, because we do get set in our ways. 

It doesn’t matter how long, you know, we’ve been working or not working. It’s hard to, you know, see the individual trees in the forest if we’ve just been doing the same types of things frequently. And so, particularly when there are new hires, or if there is an organizational change or anything like that, and things start shifting around and roles and responsibilities start changing, things like that, at least help us take a step back. 

And then if it’s an organization where maybe they don’t have those types of opportunities, but we still see that, you know, you need to be able to step back. That’s where it’s at least, hey, if the culture of that team and of that organization is, hey, we are all in this together, we are all learners. We are all lifetime learners. 

And see that everybody, despite, you know, what generation they’re coming in from, whether they’re a new hire straight out of college or just a non-degree hire or a mid-career hire that’s changed their position to something else. Every one of those individuals, including the person that’s seasoned, have opportunities to teach others something they didn’t know before. 

You know, I like that concept of, I like whenever we bring somebody that’s new into a team and because they don’t have that history, they don’t have that baggage, they are able to say things that, you know, to them might sound out of left field and might be left field for the rest of us, but it’s that new perspective. And as long as that team is already open to that, that’s where I see teams be very successful despite, you know, differences in how people work. It really comes down to that mindset and less about how people are doing things. 

Craig Weaver: What do you see as one of the biggest challenges working in the cyber industry? 

Mary Kate: Honestly, it’s the reason I made the move to cybersecurity. It is that it is not in people’s minds. And the way I’ve been saying it is like, I don’t even care if it is not at somebody’s forefront of their mind, that it’s not the very first thing they think of, but I need it to be there. Even if it’s just at the back of their mind, that’s better than where it is for quite a few people, where it’s non-existent. 

And part of that is inherent to how cybersecurity has been in the past. It has been siloed. It has been behind the curtains. There was always this assumption that, you know, other people have my best interests at heart. They’ll take care of it. I mean, the example I even just gave this morning was, you know, a lot of people today they’ll see how Google or Microsoft will have integrated authentications to different applications and stuff. And that now if you go to different third-party shops or apps, they’ll say, hey, do you want to sign in with Google, link it to your Google account? You just say, yeah, absolutely. 

And there’s this just inherent trust. It’s like, oh, well, because they’ve got Google on there right. Clearly, they’ve got my…  I’m safe. You know they’ve already got this done. And then you go through that wizard and you’re like do I want them to have access to my photos and my contacts in my inbox? And how many people? It’s like the new terms and conditions, like, you’re not reading that. So, people are just so used to clicking through stuff. And so if something as innocuous as that, it’s just not there because we are too trusting as people. And we’re also too willing to not be our own agents in things like this. We would rather this be somebody else’s problem. 

And coming from a background in infrastructure and IT. You know, you would think that they’re very close knit. They’re very tightly coupled. You know, obviously most security things happen on the IT side and on the infrastructure. And we’re like yeah, but there’s the human element to it. And we’re only ever as secure as our weakest link. 

And if we are so absolutely secure everywhere else, but you’ve got that one person, that one person that because it wasn’t even in the back of their mind, they weren’t considering it. That’s the biggest challenge. Regardless of what facet of cybersecurity you’re talking about. It has to be culturally part of how we’re operating these days. 

And not seeing that being integrated and not seeing that, you know, that default thought of, oh, well, how do I look from a security perspective? That’s what drove me into the industry is saying, you know what, I want to help facilitate this. I want to help make sure that people are at least thinking of it. 

Bart Taylor: The only thing I would add is, you know, those of y’all that are in mid-career that’s looking for a career change or to get into cyber, you may not have gone that traditional route of college. You may not have gone on to some of those certifications. But like with what Mary Kate and Michael said, you know, if you show that intent for cyber, that intent and willingness to learn or show that you’re in a certification program or you’re in that, I think that makes a big difference. 

And so, people with mid-career, if you just have experience, the biggest thing I suggest is shake off that imposter syndrome. Your experience has so much more value than you understand. So, shake it off, believe in yourself, be your own champion. like Mary Kate said. You know, careers in cybersecurity to me are so wonderful and important because, yeah, they’re current, they’re fresh, they’re neat. Innovation’s happening all the time. There’s a purpose there. 

But what I like about it falls along with what we talked about in this podcast, is that traversing that lines of certifications versus the college career, so that nontraditional college route or traditional college route. I love that we’re in a career that blurs the lines between college readiness and career readiness, because I don’t believe that success should be measured by the color of your collar. Blue collar work versus white collar work, to me, doesn’t make a difference. It’s believing in yourself. It’s believing in the work that you do.  

Because ultimately, when you do that, you’re going to make a difference. You know, cybersecurity, we’re here to secure our world, to secure the economy, to make everything a better place, you know, to save lives and livelihoods. And so just building that resiliency is so important. So, yeah, that’s what I would say. 

Craig Weaver: Thank you all for being a part of this today. And giving, I know your time is valuable and I really appreciate you letting us speak to you and giving your insights. It’s very valuable.  

Thank you for listening to Response Leadership, brought to you by the Texas A&M Engineering Extension Service. We hope you enjoyed this episode. If you did, please leave a review and follow us on Spotify, Apple Podcasts, or wherever you listen to podcasts or visit us at teex.org/podcast. 

New episodes are released on the fourth Tuesday of every month.