A close-up of a smiling woman with short grey hair wearing a navy cardigan and purple turtleneck. She has had a long cybersecurity career.
Barbara Endicott-Popovsky. Image: University of Washington Bothell

For a cybersecurity career, you must never get complacent

13 Mar 2019

With unemployment in cybersecurity at 0pc, it seems jobs are plentiful. But how can you succeed in the infosec industry?

There is constant demand for cybersecurity professionals. With technology advancing so rapidly and the need for security in this sector specifically and across technology in other sectors, companies are crying out for talent.

However, this talent still needs to be the cream of the crop, highly energised and ready to deal with problems in a constantly changing environment.

To find out more about a cybersecurity career, Siliconrepublic.com spoke to Barbara Endicott-Popovsky, the director for the Center of Information Assurance & Cybersecurity at the University of Washington. As a teacher of cybersecurity, she was also able to share some essential advice for those looking to pursue a cybersecurity career.

What first stirred your interest in a career in science and tech?

From an early age I was attracted to science and technology, and it had to do with space and the space race specifically. I was very fascinated with the NASA Apollo space missions and that just got me started.

As a kid, I built my own telescope. I would go to the Buhl Planetarium in Pittsburgh and take part in moon watches; I loved looking at the stars through the telescopes at Allegheny Observatory. Coincidentally, I had met Wernher von Braun and Willy Ley, the Germans who came to the US to give a boost to the space race. Years later, Von Braun’s daughter presented me my PhD when I graduated from the University of Idaho. Small world!

What other jobs led you to the role you now have?

Early on in my IT career I worked for a major manufacturing firm where I recognised a ‘man-in-the-middle’ attack on a local area network. When I reported this to management, I was shocked with what they told me: while they thanked me, they said I should not let others know about my discovery lest they think I was paranoid. But their reaction only made me more curious and, ironically, inspired me to pursue a career in cybersecurity. For this, I can thank them!

What were the biggest surprises you encountered on your career path?

The fact that so many people didn’t recognise the unintended consequences of distributed processing was truly my biggest surprise. It seemed so obvious that without perimeter defence, we were opening ourselves up to mischief from the ill-intended. It was difficult to get people’s attention – they were so in love with their devices!

I’m not suggesting that we put the genie back in the bottle. In fact, I don’t believe we can go back to our disconnectedness. I am suggesting that everyone online is responsible for cybersecurity – you can’t outsource personal cyber hygiene. It’s like a neighbourhood watch; we all need to be aware of and participating in keeping our information and devices safe.

Was there any one person who was particularly influential as your career developed?

An employer paid for me to get my doctorate in computer science with an emphasis on cybersecurity. I was fortunate to live near a major National Security Agency Center of Excellence, one of the first seven, so I enrolled and studied under a giant in the field of cybersecurity, Dr Deb Frincke.

Frinkce is now director of research for NSA. She espoused a school of thought that looked at the context for cybersecurity, not just the technical tools for protecting and defending systems. She recognised the role of the individual in maintaining a cybersecure environment and encouraged interdisciplinary, as well as pragmatic, approaches to research. Her thinking greatly influenced mine and launched me in my direction.

What do you enjoy about your job?

It’s an exciting time, not only for people working in the field but also for those of us who are preparing the cybersecurity professionals of tomorrow. I’ve had hundreds of students go through my programmes and rise to the top in their organisations as chief information security officers, chief privacy officers, managers and thought leaders of all kinds. I look forward to each morning knowing that I make a difference in my students’ lives and that I have the opportunity to thus contribute to the safety and security of our world online.

Cybersecurity is one industry that won’t go by way of the buggy whip any time soon. There is 0pc unemployment rate in the field. The key, however, is that employers want you to be ready from day one. That’s my charge – to help them be ready to do so – and it’s one I embrace.

This is one of the most dynamic fields that I could ever imagine because it’s changing at such a rapid rate, and not only as a result of technology. Tech is driving some of it, but the ubiquitousness of cyber and our digital connections means there are impacts throughout organisations. It is impacting the way we think, work, communicate, go to school – you name it. We’re going through an upheaval every bit as much as the farmers in the industrial revolution – except that in the case of cybersecurity, it’s happening at a record pace.

What aspects of your personality do you feel make you suited to this job?

I’m naturally curious and sceptical at the same time. I have developed critical thinking skills that allow me to think outside the box. I enjoy a good mystery novel and like to figure out the villain before coming to the end of the story. I question everything by nature and don’t take anything for granted. This is the basis for good situational awareness in cybersecurity. I come by these traits naturally and have found a good place where these traits fit well.

How did the University of Washington support you on your career path?

Current leadership at my campus share my views of cybersecurity based on their over 100 years of collective experience in military intel. I am fortunate that they get it and wholeheartedly support building our research and education capabilities in cybersecurity.

What advice would you give to those considering a career in cybersecurity, or just starting out in one?

As I mentioned, companies are looking for new hires to have the knowledge and experience to jump in on day one. This will require a commitment of time and energy by prospective hires, but one I believe is well worth it for many. Moreover, since specialities are constantly changing, the minute they shut their books, security pros must be committed to continuous learning.

My students tend to be very bright people who are aware that this is an up-and-coming field, and a rapidly changing one. Their reward is that, if they are any good, they will find that they’ll get pulled up into leadership roles.

If they are ambitious, thoughtful, and understand how to grow and how to learn, they will likely experience rapid advancement. I’ve seen that happen repeatedly. The key is to realise that you must never get complacent and should be continually sharpening your skills.

Loading now, one moment please! Loading