October is “National Cyber Awareness” month. To better understand this growing and ever-changing field, University of Maryland University College’s (UMUC) Office of Career Services is highlighting the University’s cybersecurity experts to examine career and industry trends, and to provide students and alumni a chance to learn about different career paths within this industry.
Recently, UMUC cybersecurity graduate school faculty member Dr. Joshua Rosales answered questions about career trends and opportunities working in the cloud and information technology fields. Dr. Rosales is a well-respected and dedicated Cloud and Information Technology, credited with career progression that defines excellence and performance as head of Global IT Services with over 18 years of experience in the field. He has directed large, complex projects through development, deployment, and support of globally-distributed software, and architecture. This also includes the management of various world-wide teams to include hiring, retention, and professional development with geographically dispersed staff. Dr. Rosales’ strength is reflected through clear communication and strong collaborative leadership with all members and levels of his organization.
Q. How important of a role does information technology play a part in preventing and combating cybersecurity breaches? What are some advances in information technology within cybersecurity that we can expect to see in the future?
A. Information technology is a key component in fighting cybersecurity breaches, as these breaches are based on the misuse and abuse of technology itself. The three keys to fighting breach attacks are detection, response, and prevention, and combat malicious activity using the tools and techniques applied throughout the seven layers of the OSI model.
Properly implemented tools such as firewalls, encryption, end point security, antivirus software, VPNs, and strong authentication pair with strong usage policies to protect networks and information systems based on a defense-in-depth principle. This principle is based on acknowledging the real and pervasive threat all businesses and individuals face, educating and implementing as protection, and applying layers of security. Some of the chief advancements in cybersecurity include multi-model accessibility (the use of features like biometrics to authenticate users), artificial intelligence to better protect malicious activity from gaining access to networks and data, and a mental shift from defensive ‘just stopping the threat’ to more offensive ‘trace and confront’.
Q. What career paths could one pursue working in information technology within cybersecurity?
A. I would group the primary career paths into five categories; 1) Chief Information Security Officer (CISO), 2) Digital Forensics Expert, 3) Security Architect/analyst, 4) Penetration tester/Vulnerability Assessment (a.k.a. Ethical Hacker), and 5) Secure Software Developer.
The sectors looking for these professional are both private and public, medium size and up. Most medium-size organizations that place a high value on protecting data have a need for a CISO and Security Architects/Analysts. Organizations that develop their own programs would want secure programming skills. Digital forensics experts are most likely to be employed by law enforcement, legal firms, and private consulting firms. Ethical hackers also tend to be most popular with consulting firms. The ‘hottest’ sectors right now for cybersecurity careers are those that are either mandated by legal regulations to protect personal data such as healthcare and the financial sector, or large law enforcement agencies, including the FBI, NSA and state agencies.
Q. What inspired you to pursue a career path in information technology in the cybersecurity field? What education path did you pursue? How did you begin your career?
A. My journey into both technology and cybersecurity were both based on a desire to become more educated on areas where I saw growth and innovation. Following a focus of technology while earning my Masters of Science in Cybersecurity., I pursued a Ph.D. in Information Technology Organization and Management. Following my education, my career path included private consulting and then a return to higher education. I began teaching while completing my graduate degrees and developed a keen sense of the need to educate and inform people with regard to the magnitude of Cybersecurity vulnerabilities and threats.
Q. How have some of your career experiences shaped you into the professional you are today?
A. I am acutely aware of the need to educate people. People can either be your weakest link, or greatest asset within an organization. Whether I have five minutes in an elevator, an afternoon with family and friends, or a semester with students, I make every effort to integrate education through information, anecdotal examples, and by asking questions.
Q. What personality and character traits must information technology professionals, especially those working in cybersecurity, possess?
A. A secure system is based on the CIA Triad; Confidentiality, Integrity, Availability. I think the same triad applies to a professional in the cybersecurity field. Since technology and cybersecurity are dynamic and constantly evolving, it is paramount for any professional to remain constantly educated in the field, and to be ethical—you have significant access to private data and knowledge that can be used both for the good and bad.
Q. What advice would you give UMUC students entering information technology and/or cybersecurity?
A. Employers want professionals who they can trust with their greatest assets; people and data, so cybersecurity professionals need to have the skills, knowledge and ability to meet these needs. This means staying informed and educated every day, seeking professional certifications that are valued by the employer, and working to demonstrate trustworthiness. Volunteering and mentoring are great ways to help educate others while developing the relationships and experience that validate your ethics.
Q. For UMUC students and alumni already working in the field, what advice would you give them on how to keep advancing within the industry?
A. Get and stay informed. There are many ways to do this, from constantly reading up on news and blogs to earning and maintaining professional certifications. The key is to identify industry needs and innovations so that you are able to advance along with technology and provide the utmost value to your organization.
Q. Any final thoughts or recommendations you want to share with UMUC students and alumni?
A. I think we are on the cusp of a cybersecurity maturation. Recent years have provided the foundation that is the industry’s infancy, marked by numerous breaches, a lack of awareness and prioritization on security, and a general attitude to ‘sweep issues under the rug’. The plethora of malicious activity as well as the advances in attack methods have hit a ‘tipping point’ that will only be fought when private and public sector share information and resources to make the giant turn out of infancy and change the attitude from a defensive posture to one that is offensive and aggressive.
As with any warfare, the only way to provide defense and stop threats is to answer with an equal or stronger threat, and this is when cybersecurity maturation is achieved. The other propelling factor is that we are in a presidential election year, and both candidates have cybersecurity as a key focal point of their platform.
For more information on career opportunities and resources available to UMUC students and alumni from the Office of Career Services, click here.
Jennifer Tomasovic is the director, Communications for Career Services and Alumni Relations at University of Maryland University College. She has spent her 15 year career crafting communications strategies and messages using both marketing and public relations tactics enhancing the brand and reputation for both the clients and organizations she has represented.