Lauren is the first person I’ve interviewed in the Cyber Security and Information Security space. This is an EXPLODING space that seems to be poised to continue to grow for a very long time. Lauren makes the case about how Veterans - regardless of your background - are well suited to this expanding field, which is very mission and team centric. There are going to be 3.5 Million unfilled security jobs by 2020… this is a BIG opening and opportunity for Veterans. We talk about how Cyber Security may meet a Veterans need for purpose and for a team-centric environment.
Lauren Burnell heads up Federal Programs & Cloud Alliances at FireEye, a company that protects customers from the impact and consequences of cyber attacks. She started out at the Naval Academy, after which she earned her Master’s Degree in Political Science & Government at the University of College Park Maryland. She served as an Officer in the Navy 5 years before joining PCM-G as a Security Systems Architect.
StoryBox- People trust each other more than advertising. StoryBox provides the tools and supports businesses need to take the best things customers say about them, and use them to drive more sales and referrals. StoryBox offers a 10% discount to companies employing veterans of the US Armed Forces.
Lauren found her first job through Tech Qualled; I recently interviewed Nick about Tech Qualled, and you can listen to this interview here: BTU #206 - Tech Qualled: Helping Veterans Enter the High Tech Industry (Nick Breedlove)
FireEye recent news
Cybersecurity companies: https://cybersecurityventures.com/cybersecurity-500/
Channel/reseller companies: https://www.crn.com/news/channel-programs/300101126/the-2018-tech-elite-250-complete-listing.htm
Job Opportunity/Talent Shortage
More advanced helpful certs
SANS certs: https://www.giac.org/
EC-Council Certified Ethical Hacker (CEH)
Cisco Certified Network Associate (CCNA)
ISC^2 Certified Information Systems Security Professional (CISSP)
Tech Qualled: http://qualled.com/
Microsoft Software and Systems Academy (MSSA): https://military.microsoft.com/programs/mssa/
Hire Our Heroes: https://hireourheroes.org/veterans-training/ *FedVTEfree certification training for vets
American Corporate Partners: https://www.acp-usa.org/
Dark Reading: https://www.darkreading.com/
Krebs on Security: https://krebsonsecurity.com/
FireEye M-Trends 2018: https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html
Paul’s Security Weekly
SANS Internet Storm Center Stormcast
Transcript & Time Stamps:
Joining me today from Corpus Christi, Texas is Lauren Burnell. Lauren heads up Federal Programs & Cloud Alliances at FireEye, a company that protects customers from the impact and consequences of cyber attacks. She started out at the Naval Academy, after which she earned her Master’s Degree in Political Science & Government at the University of College Park Maryland. She served as an Officer in the Navy 5 years before joining PCM-G as a Security Systems Architect.
What does FireEye do?
We hunt evil in cyberspace. We’re an industry leading cyber security firm and we focus on three major areas - one is cyber threat intelligence. We also have Mandiant which is our first-line response defender. And then we have our technology arm. Recently in the last couple weeks we’ve been in the news regarding a lot of what is happening at Facebook. FireEye identified that there was a security breach. We’ve been called the “Navy SEALs” of cyber security which I agree with considering the amazing people I get to work with.
Who are your clients?
I’m on the federal government team so our clients are the Department of Defense and other federal agencies. It’s a lot of similarity to what I was doing on active duty in the military. We also have a commercial arm where team members are working with private companies on their security operations. We also partner with a lot of organizations such as technology and security companies.
What is a typical day like for you?
I generally work from home. My husband is active duty in the Navy so we’re down in Texas. What I’ve experienced in the past 2.5 years is that my workdays are quite flexible with the understanding that you’re going to get the work done. For example, last week I made a presentation to our sales team and had meetings with some of our partners that we’re growing relationships with. It can very, too, depending on what kind of a role within cyber security that you have. Right now I’m in a business development role. When I was a security architect at PCM-G, my schedule was much more in tandem with the sales team and I was getting in front of clients and presenting to them. So there’s a lot of different ways that it can look working in cybersecurity.
Can you talk to us a little bit more about your transition out of the military and how you came upon your first job?
I separated from the military in March of 2016. Immediately, I stepped into my role as a security engineer at PCM-G. I was in the first cohort at Tech Qualled which is a program that helps transitioning veterans break into high tech sales. It’s designed for people to end up in an account manager position whereas I ended up going more of an engineering route. But through that program, I was provided with a lot of valuable training.
How would you describe the cybersecurity industry?
There’s different terminology that’s thrown around in this industry but I would generally describe it as information security which can really touch anything. I was in a bit of a security role as a junior officer. But I think that while I had exposure to a lot of amazing things, I wasn’t necessarily as hands on as I’ve gotten to be in my civilian career. Since I got connected to this field as a JO in the military, I’ve really enjoyed it because it’s all about the mission. You’re defending your organization from adversarial threats. That makes me excited to work everyday. There’s also a lot of teamwork because you cannot complete a mission on your own.
I appreciate that you’ve pointed out how well suited for this industry veterans can be.
I’ll throw a stat out to you from a recent report. They were studying the shortage of workers for cyber security jobs. The report estimated that by 2020, there will 3.5 million unfilled cybersecurity positions. Today, we have so many interconnected devices that are making life easier. Businesses and government want to continuing making life easier with these devices. But they need to do it in a safe way that won’t leave them vulnerable to cyber attacks.
I did have a bit of technology background going into this job but I don’t think that you have to. I think what you have to have is a hunger for learning. You need to be able to solve problems and have an innovative mind. I think this is natural to veterans.
I think veterans can disqualify themselves too early from certain civilian positions so I like that you’ve mentioned that veterans can be a great fit for this space even if they don’t have extensive experience in cybersecurity.
I 100% agree. Veterans struggle when they get out of the military on deciding what they want to do. But you don’t have to lock into one thing immediately. I think veterans have a tendency to think that if the job does not directly translate to what they did in the military, they can’t do it. But I think especially in a space like this, there’s so much opportunity. We’re screaming for mission-oriented, team minded folks that have a hunger and an ability to learn.
Why might this space be good fit for someone?
It’s a field that’s not going away. Also, when you get out of the military and find a civilian job, you want to find a field that gives you fulfillment. I feel that because I feel like I’m truly helping the agencies I’m working with. The nature of this business is “good fighting bad”. This gives you a real sense of purpose and you also form strong bonds with the people you’re working with.
How can people learn more about this field?
I think just Googling will give you a really good list of the tech vendors that are out there. There’s a lot of companies you might not have heard of but are doing really interesting things. Tech Qualled helped me get my job at PCM-G which is an IT service provider. There are so many different great organizations out there.
The other thing I would throw out is that there are more positions than just the security side. We have people writing proposals and doing sales. So you don’t have to be completely in the technical side of cybersecurity to take on a role in this field.
Can you talk a little bit more about the different functional roles are that typically available with a cybersecurity organization?
What I have been in goes by a number of different names - sales engineering or systems engineering. I would suggest finding a company that resonates with you and go from there. There’s a whole lot of different things people can do. They can do analyst work or they can be more on the intelligence side if they want.
You have a Master’s degree from the University of Maryland. How important is an advanced degree in this space?
I would say it’s not that important. Both my undergraduate and graduate degrees were in political science, so not a technology focused field. So I don’t think a higher education degree is a barrier. With that being said, there are some great IT and computer science programs out there. Having that STEM background will help you. But I would say certifications are more important than a degree and experience trumps all.
What can people do to prepare themselves to go into the cybersecurity field?
There’s a couple different industry certifications that would be really helpful. For someone that has no IT background, I would recommend the Network+ certification. It will provide some good fundamentals. You can use that certification to then move up to Security+. The other one I would throw out there is CCNA which is really the defacto standard for networking. If you want to go a more technical route, this can be great to have on your resume.
Do you have any other resources you would recommend?
There’s a program called VTE that provides free cyber security training to veterans. They have some great training and certification. Skillsoft is another one that is available.
The other thing I would mention is that I didn’t come up with all of these on my own. I got them from a security engineer at FireEye that has been a great mentor to me. Mentorship is very important, especially on the civilian side. It’s important to have someone that helps you own your skills. Veterans tend to downplay their background and experience so having a mentor can help encourage you.
I would also say that your career in this industry can take a lot of turns so think about where you want to go. When you think 5 to 10 years into the future, it doesn’t have to be a linear progression and mentors can help you think about what’s possible.
Is there anything else you’d like to share with our listeners?
I went through the Tech Qualled program which was truly phenomenal. There are other organizations that partner with technology companies as well. There’s an academy that Microsoft gives as well that can help give you tech skills.
Veterans have experience in taking a Commander’s orders and turning that into something that is executable and repeatable. Those skills are highly valued on the civilian side. There’s so many positions in cybersecurity that need to be filled. Don’t be scared if you don't have that background but are interested in going into this field. There are a ton of resources out there to help you get started on your way.