Many paths to a cyber career
You don’t need to code or hack or wear a hoodie for these jobs
Editor's Note: October is National Cybersecurity Awareness Month. In partnership with the National Cyber Security Alliance, Raytheon cybersecurity experts share their backgrounds and area of expertise.
You don’t need a hoodie. You don’t need to read green binary numbers zipping across the screen like the Matrix. And you certainly don’t need to type like a rock drummer.
“There’s a lot of misconceptions about cybersecurity as a career, like you need an engineering degree, you need to code and it’s super-technical,” said Russ Schrader, executive director of the National Cyber Security Alliance. “While some jobs require some of these skills, there are so many cyber jobs where you don’t need that, so you have a lot of options open to you.”
Schrader said that military veterans are particularly well suited for the cybersecurity field because of their discipline, commitment and training.
“We find that veterans have the work ethic, ability to work in teams, they follow direction, doggedly pursue tasks and keep the mission in mind – the same traits you’d want in a cybersecurity professional,” he said.
Schrader suggests those interested in a cyber job can search the National Initiative for Cybersecurity Education website to look through the different specialty areas and occupations.
“I urge people to visit the site to see if their education, skills and knowledge match up with their interests,” he said. “And if you’re a student just starting out, the NICE framework is a blueprint for your future career.”
Here are some of the jobs that you’ll see:
How can a company really know how effective their network and device security controls are against a skilled attacker? How do they know if they’ve got holes and exploitable vulnerabilities in their system? They hire pen testers.
“We’re not looking to find just one way into a system, which is the objective of a malicious hacker, but we’re looking for every way in, we’re looking for every flaw,” said Mary Kim, a penetration tester at the Raytheon CODE Center in Dulles, Virginia. “We then provide recommendations and guidelines to harden the system. When we go back for a post consult, they’re so much better. That’s what is gratifying about this work — knowing we found and fixed the juicy flaw before the bad guys did.”
Penetration testers must keep abreast of the latest threats and vulnerabilities to stay ahead of hackers.
“You need to have a desire to continuously learn,” Kim said. “The technology is changing and the techniques, tactics and procedures are ever evolving. Sometimes you think you’re keeping up with technology, but then you come across an environment that you’ve never seen before. Then you have to learn something new.”
Cyber threat hunter
In an old farmhouse in Iowa, Molly Payne, a cyber threat hunter for Raytheon, is tracking and snaring hackers.
"Basically, I hunt all day," Payne said. "Logic is my weapon of choice. Every company that has me in their network has different tools and a slightly different flavor of software. I need to know enough about each one of those systems to poke under rocks, set traps and see if I catch anything. And I love when I catch things."
Like penetration testers, cyber threat hunters must keep current on new threats "found in the wild." A lot of the intelligence she receives comes from her teammates, who share what they've found and how they fought it. Payne started her professional life as a middle-school chemistry and science teacher in Alaska and Colorado. She later developed an interest in information security, and earned an associate's degree that gave her the technical knowledge to "jump into the field."
"You don't even need a degree to work in cybersecurity," Payne said. "I work with an 18-year-old who is a rock star. If you like it, have a passion for it and you get good at it, then that's all you need."
Searching for cyber weaknesses is the job of vulnerability researchers. They must understand standards, conduct dynamic and static analysis, audit source code auditing, reverse engineer systems, modify hardware, script and program, penetration test and document and report details.
"Successful vulnerability research requires a disciplined team of engineers knowledgeable across all industries, are subject-matter experts of legacy technologies, and continually seek to learn emerging technologies and advanced offensive and defensive techniques," said Matt Wilmoth, a Raytheon vulnerability researcher in Herndon, Virginia.
Wilmoth cited work he did with medical device hardware manufacturers and software developers on implantable devices, which helped ensure patient security, as one of his memorable achievements.
"What makes this cybersecurity job exciting to me are the companies and technologies I have, and continue to, perform research and analysis for," he said. "Challenges, such as developing custom tools to perform vulnerability research against connected vehicles, ensure each day is new and exciting."
Cedric Fletcher began his career as a mechanical engineer at Raytheon, and today, he's not only a cyber engineer, he's the chief cyber engineer for Raytheon Cybersecurity and Special Missions.
"Being a mechanical engineer by trade allows me to see problems differently," Fletcher said. "It's not just ones and zeroes; there are mechanical aspects to systems, too. If I can see the weak points, then I can point our ethical hackers in the right direction so they can use their skills to protect a system."
Fletcher said that his job requires him to understand the technologies that Raytheon and its customers are using and staying up to date on the latest exploits.
"I need to understand our customers' cyber care-abouts and goals, and then make sure their needs are being met," Fletcher said. "I need to understand their environment, what persistent threats that they have and what we can do to enhance their cybersecurity posture. Then I need to find the talent to execute that mission."
Digital forensics & incident responder
Fabian Franco used to spend his days decrypting hard drives that the FBI took from criminals. Today, he's a Raytheon digital forensics and incident responder based out of Dulles, Virginia.
"When somebody gets hacked, when a website is defaced, when an employee or attacker installs malware, when a phishing email is opened and infects a system or network, or when any crime takes place on a computer system, they call me in to fix things," Franco said. "When a machine gets hit with ransomware, I'm the one who decrypts and recovers the files, and gets everything back to a clean slate."
According to Franco, ransomware is running rampant. He believes it will get worse before it gets better, and urges those who get attacked not to pay the ransom.
"If you hire experts like us, we not only recover your data, but we can tell you how you got infected and secure your network," he said. "We clean up all the badness."