Tell us a little about yourself.
My name is Paul Williams, and I am a U.S. Army Cyber Officer, leading a team of soldiers and the Department of the Army Civilians charged with defending the Department of Defense and critical U.S. information systems. I was commissioned as a Second Lieutenant after graduating from Wentworth Institute of Technology in 1999. Before that, I programmed in BASIC on an Atari 800, ran a bulletin board system around the age of twelve, and have pretty much-enjoyed computers and engineering all my life. I’ve been pretty fortunate that WIT gave me an education that prepared me to serve in the army as a Communications Officer and continue a lifelong path of training and education that led me to earn two graduate degrees and become one of the first members of the Army’s Cyber Corps.
Is a Master’s in Cybersecurity worth it? Alternatively, are certifications better? Which one is more valuable?
Better isn’t quite the word I would use when talking about education vs. training; each is important depending on your goals. Training is very important in developing and refining technical skills and abilities. There are a lot of certifying bodies out there, some more respected than others, that certifies your ability to perform at a level that demonstrates your competency among your peers. They also help you get that alphabet soup some folks love to use on their e-mail signature blocks. When I am assessing folks coming on to my team, certifications help me determine where I can best use them. These let me know how well they perform in certain environments, such as Microsoft- or Linux-based environments. These also help tell me where the candidate’s personal interests lie.
Education is something quite different, and the distinction between levels of education is quite important. A Bachelor’s degree demonstrates an ability to absorb the material and learn its proper application. The nature of a B.A. or B.S. program is guided by a course instructor with lots of in-class time. A Master’s degree demonstrates the individual ability to go very deep in a certain topic and conduct independent research. There is less in-class time, and the lectures should be structured to help facilitate peer discussion rather than deliver instruction. The culmination of the graduate program should be a research paper or thesis where the student uses the scientific method to state a hypothesis and then collect data to confirm or deny the hypothesis and show results. I found my experience at the Air Force Institute of Technology to be extremely beneficial to my career as a Cyber officer. I had never been in an environment before where I could conduct research on a topic I was interested in and then dive deep into a problem to show all of the variables that impact certain outcomes. It is where I really learned the art of critical thinking, questioning every assumption and documenting through research the positions I took in my thesis.
What advice do you have for students looking to work in Cybersecurity in the public sector?
First of all, I highly encourage anyone interested in public service to consider it seriously. There isn’t a day that goes by where I am not directly or indirectly working on something in the news. Knowing that the long hours and hard work I put in benefits other people instead of a corporation’s bottom line is very fulfilling. Second, I’d recommend that you determine your core values and let those guide you to the right place in public service. Do you value your own professional growth? Do you want opportunities for upward progression in pay? Do you want to maximize your own personal time to take charge of your own interests? The public sector can offer opportunities to do all this, but you have to find the right organization. You can work for a charitable organization, the local or federal government, or the Department of Defense as I do. I’d also recommend that you approach these positions with an open mind; you may have some misconceptions about the U.S. government’s role in cybersecurity that may not really be true to life.
What career paths are there in cybersecurity?
Cybersecurity career paths are continuing to expand, which shows the immaturity of the field. There continue to be advancements in specialty areas such as threat intelligence and in emerging technologies under the umbrella of the “Internet of Things.” I would say though that you can focus on three core areas and work within these: policy, forensics, and defense. The cyber policy is the least attractive of these areas, so there is no wonder why there isn’t a lot of interest in pursuing a career as a cyber bureaucrat. With that, the policy establishes the rules and the environment in which Cyberspace exists. Cyber is unique in that it is an environment developed by humans—policymakers are exponentially more powerful because they govern the fabric of cyberspace.
What are the top cybersecurity concerns that organizations face today?
At a technical level, corporations are most concerned with poor admin and user security practices. It is hard to stop a determined adversary with the latest exploits, but the truth of the matter is that poor practices at the user or admin level create vulnerabilities, even temporarily, that can be exploited and give an attacker a foothold inside a network. At the executive level, CIOs are concerned with risk management and policy. They are the ones who decide on funding, resourcing, and investing in security infrastructure. They are the ones who have to decide the level of ‘good enough’ in order to find balance with expenses on infrastructure and payrolls and limit the risk to their intellectual property.
What advice do you have for recent graduates looking to enter the cybersecurity field?
Your academic journey is not over. Your peers are already looking to the next opportunity to learn a new skill or contribute back into the field with journal publications or presentations at industry events like BSides. Look for opportunities to grow your experience and understanding. Network. Join professional organizations. Surround yourself with inquisitive people that are not comfortable standing still. This is not a field that is forgiving to those who let their skills atrophy. Hopefully, a curious mind drew you into this field. Do not let it die off thinking that you are transitioning out of academia. You are just moving forward, not moving on.
Interested in joining the STEAM Boston Community, then visit this link: https://community.steamboston.com/
You will have the opportunity to expand your network and connect with students & professionals in the STEAM field in the Greater Boston area.