Season 1 | Episode 3 | Erin King With Guest-Host Brandon Anthony
The Bureau of Labor Statistics predicts cybersecurity jobs will grow 33 percent by 2029. On top of faster than average job growth, the median pay is higher than the national average making cybersecurity an extremely attractive field to break into. So what’s causing the shortage? We talked to Brandon Anthony, a recent graduate from the University of Maryland Global Campus (UMGC) who earned his degree at the height of the pandemic while working in the field. Today, he's a Cyber Risk Consultant at Coalfire. Here's his career story.
[0:06] ERIN KING
This is your host Erin from Steppingblocks and welcome back to DataU. More people than ever are questioning the value of higher education. We're here to explore why they're right, why they're wrong, and which institutions are rising to the challenge.
In Season 1, we're investigating the new normal created by the COVID-19 pandemic and the ongoing challenges in higher education. Today, we're here to discuss cybersecurity. The Bureau of Labor Statistics (BLS) predicts that cybersecurity jobs will grow by 33 percent by 2029, which is way, way faster than the average. The median pay is also way higher than the national average. So both outlook and salary make this an attractive opportunity in the field of cybersecurity. So what's causing the shortage?
Today, we will get the perspective of a recent grad who earned their degree at the height of the pandemic while working in the field. Thank you so much for joining us today, Brandon.
[1:05] BRANDON ANTHONY
Thank you for having me.
COVID-19 drove a shift to remote work, remote learning, remote everything, which really increases concerns around cybersecurity. Quick stat from Deloitte: Between February and March of 2020, over 500,000 breaches occurred during video conferencing. So, like what we're doing right now.
Not only were you earning a degree in cybersecurity at the University of Maryland, global campus during the pandemic, you were already working in the field as a Cyber Risk Consultant at Coalfire. Can you talk about your experience?
Yeah, so I started at Coalfire in 2018 in October, so actually, I just reached my three-year anniversary the other day, but the experience has been great. I've been able to work with a lot of people that have inspired me and people that mentored me throughout the process. But it's been awesome so far.
Has your workload changed at all during COVID? Or has your job description changed over the pandemic?
Yeah, so I started out on the associate level, and then probably a couple months before I got my master's degree, they moved me up to consultant. So when I first started out in a junior position, I was a SETA Analyst, so that's Security, Education, Training and Awareness. Pretty much what you do there, you make sure everybody in the agency is compliant with their training. You also run phishing campaigns to keep people on their toes, to make sure they're not opening, crazy emails, stuff like that. Also just consulting the agency on how to improve their SETA process to make it efficient and easy for everybody to use.
But after I got my masters I had a title change. Now, I'm an ISSO. It's ISSO: Information System Security Officer. I'm also on the system owner support team, and I also oversee the team that I was on, because I have the experience. I helped the new people that are in that position to navigate through their day by day stuff. So yeah, that's kind of how everything's changed for me.
It sounds like you were already working there, and then you were working on your degree; but earning your degree in that field has allowed you to really advance your career in that way.
Yeah, I would definitely say that Coalfire (I always thank them) they really pushed me to go get the degree, and helped me through payments and stuff like that. Then they rewarded me once I got it, so I can't complain about that.
Right. Tons of incentive.
Fastest growing skill for cybersecurityData by Burning Glass. Read the full report on Forbes.
Some sources cite an inflexible and dated hiring process as one of the reasons for the shortage. So what has been your experience with hiring? Or I guess, you know, moving up internally, did you experience any roadblocks in that way?
The hiring process at Coalfire for me was very easy. I applied, had an interview and was hired probably within a week. Because that was when the project had first started, so I guess they needed to get people through. That was very easy and efficient. As far as upward mobility, there were a couple roadblocks. They were trying to move me up a little earlier. I didn't have a lot of experience at the time in terms of years, and I didn't have my master's degree in a couple of certifications. So the agency didn't approve of that move at first. But once I got my credentials up, I was able to move upward in the agency and to get to where I am now.
Would you say that with your position right now at Coalfire and with the team that you work with, do you feel the shortage personally in your day to day? Are you in need of, you know, more resources on your team or people resources right now?
Yeah, definitely a theme in the cybersecurity field. I don't know if we don't have enough people. I know that people would like to bounce around from contract to contract a lot, so that can create gaps in the employees in our teams, but we've been fine as far as just having people there. I don't think the company is struggling hiring people. But sometimes, there's been a lot of, especially during the pandemic, people moving and stuff like that. So there were a lot of gaps as far as people bouncing into other companies.
Okay, so this sort of segues into the next question: What is your outlook for 2022 as a cybersecurity professional? Is it hopeful? Is it bleak? Are you somewhere in the middle? And you can talk some about your personal role or just cybersecurity as an industry.
Yeah, no, I'm very hopeful. I know that as far as the industry goes, and as far as more organizations are turning to technology in their companies to help streamline processes and stuff like that (like you mentioned earlier: 500,000 breaches on things like Zoom calls and stuff). As far as job stability, I think cybersecurity is a great option for people looking for a great, stable job. Also, I feel like there's a lot of upward mobility, because there are so many certifications you can get, so many things you can learn to make yourself more valuable in the market.
But yeah, as far as my personal position, I feel very good at Coalfire. I've got a great team around me. They're pushing me, and I'm pushing them to deliver the best product for the agency that we work at. So yeah, everything's looking good as far as the outlook for 2022.
Awesome. That's, really great. So that brings up another point. If I'm a student, what skills would I need? I know there are many different roles in cybersecurity, but what are the top skills that companies like Coalfire are looking for, and, you know, if I was a student wanting to become a Cyber Risk Consultant like you?
Yeah, I would first, focus on your teamwork. I was a former college athlete. When I was looking for a job, I wanted to be in a team environment. I know that now I see how valuable that is just to be able to work with a lot of people to get the job done. I would work on my leadership skills, teamwork, also as I mentioned earlier, all the certifications like Network Plus, Security Plus. Those are big. Also, the risk management framework is something that's big in government agencies. There's a new one called RMF 2.0, RMF 2.0. There's a big certification for the CISSP, which I'm starting to study for. I'll probably get that next. But yeah, there are a lot of skills. Also, I would look into cloud. A lot of organizations are looking to go into AWS cloud. So there's a lot of AWS cloud certifications.
So yeah, I would just focus on always learning because cybersecurity is always growing. And since it's kind of a new sector within the last 30 years or so, there's a lot of stuff that even the top people don't know, because so many new threats are coming in. I think the biggest skills like I said: teamwork, leadership, because there's always room for leaders. And then you've got your certifications. And just always learn. Be hungry for knowledge. I would say.
That's really great advice. Can you talk a little bit about your experience earning your degree while working? Were you getting your education completely remote while you were working full-time? And maybe specifically at UMGC, what your experience learning cybersecurity at that institution was like?
Yeah, so I started in 2019. It was already all online even before the pandemic. You had your team meetings online. You didn't have to log into a class, but it was like a portal that you would log into. You would submit all your work on that portal. UMGC was great, because what they do is. tailor. It's not like your regular college class, where there's a lot of tests or anything. It's more like they put you in a situation, say a cybersecurity breach happens. How do you respond? So it's kind of like more on the job stuff, which I really appreciated from UMGC.
There were a lot of long papers and a lot of long essays, but through writing those, you get a deeper understanding of cybersecurity in itself. And they're really flexible as far as just having a good schedule for people that work full-time. It didn't seem too overwhelming. I mean, the classes are hard, but they do a great job allowing the students to be able to work full-time and do the class at the same time. So yeah, I would definitely recommend UMGC if you're looking for a cybersecurity degree.
Yeah, that's one thing I do know about UMGC, specifically, when it comes to career services. I know they do everything they can to meet the students where they are, because their students are nontraditional. A lot of them are working full-time. A lot are parents. So if you give them anything beyond what they're already expected to do, then it's probably not going to happen. So I do know that is true about UMGC. They meet the students where they are.
I would also add: They had a lot of virtual career fairs where they would have 20 or 30 companies come in, and you would get face time with these companies. I made a lot of connections just through that. So yeah, they do a good job educating the students and also trying to place them out in the market with the company that they're partnered with. So kudos to them for that.
Networking. That's a huge buzzword. But I think it's really important to remind students to step outside your comfort zone a little bit. I mean, you have the advantage of already holding a position at Coalfire. But for those who don't, then you have to get outside the classroom in order to meet the right people, to learn the skills that maybe they aren't teaching in the classroom. Maybe you can touch on that: Have you picked up anything new? Have you learned any new skills since you've earned your degree and advanced your career in cybersecurity? What did you learn in the field versus in the classroom?
Yeah, in the field, I think a big part of consulting with agencies is just being able to speak the language and just being able to communicate well. You can know everything about cybersecurity, but most of the time, you're talking to people in the agency that aren't as knowledgeable. So you've got to put it in a way that they understand, especially to the higher up people. Make it easy and plain for them. Tailor your presentations to people that don't necessarily have the same knowledge base as you. So I think that was probably the main skill I picked up on.
Definitely a big skill in the Pandemic was virtual meetings, because that wasn't something we were doing a lot; and it was a little awkward at first. But now, doing that for the last two years, it was definitely a big skill as far as leading meetings and just preparing the right information for the government agency.
Communication is huge. I think that's something we all had to get better at and do a little differently, and try to replicate the human experience in this weird virtual world. I mean, it's really, sometimes impossible to do. You don't always accomplish the same things. But you're right, that learning new ways to communicate or to be more effective in that way is really good advice for anyone, in any field.
So last question, why cybersecurity?
Yes, I was always pretty good with computers. So after I graduated, I was like, okay, what am I good at? What can I see myself doing? So I found that there is a lot of teamwork in cybersecurity, because people that are subject experts in different subjects have to come together and form a solution. So that was a big thing: Teamwork. Also, like you said earlier, the pay as well. I think you said the median is a lot higher than the average. So that's always a big plus. And then the job stability because there are so many open jobs. I live close to Baltimore now, but I was in the Washington D.C. area. And there are so many government agencies there. That's a big hub for cybersecurity. So that's also what drew me. So yeah, I would say the job security. The pay is great. The teamwork and yeah, that's pretty much what drew me in.
All right. Well, thank you so much Brandon for sharing your experience today. I feel like you will probably recruit a few more people to cybersecurity with the way you talked about it today. Thank you so much, and we look forward to seeing the changes in cybersecurity moving into 2022 and beyond.
Great. Thank you for having me. Appreciate it.