Changing the Face(s) of the Cybersecurity Workforce
Raytheon‘s Julian Zottl talks with Charlene O’Hanlon about the changing faces of cybersecurity professionals—those coming from all industries and all walks of life—and how organizations can and should go broad in their hiring practices when it comes to cybersecurity professionals, from novice to seasoned. The video is below followed by a transcript of the conversation.
Charlene O’Hanlon: Hey, everybody. Welcome back to TechStrong TV. I’m Charlene O’Hanlon, and I am here now with Julian Zottl, who is the CTO of cyber protection solutions over at Raytheon. Julian, thank you so much for taking a couple minutes and talking with me today. I sure appreciate you being here.
Julian Zottl: Oh no, thank you for inviting me. I appreciate it.
Charlene O’Hanlon: Great. First of all, I’m interested in your job title. What is the CTO of cyber protection solutions? What do you do over at Raytheon?
Julian Zottl: On a daily basis, I’m helping drive the company, and specifically my area, to develop cyber protection solutions for government customers, commercial customers, even international customers.
Charlene O’Hanlon: All right. Wow, that’s a lot going on there. I imagine, I mean part of your job, or at least either a small part or a large part, involves working with cybersecurity professionals, either inside your organization or outside of your organization. I imagine you are working with folks from all walks of life and all spectrums and levels of experience. We’ve seen so many changes in the cybersecurity field over the last few years, especially over the last 15, 16, 18 months now. Because of the pandemic, so many things have changed. What is your sense of the cybersecurity workforce that we’re seeing today, as opposed to maybe five years ago?
Julian Zottl: It’s interesting. People that are entering the workforce are much better trained. They’re coming in kind of ready to go, I would say, for the most part. There is also a lot more interest. There seems to be interest from a variety of people, so not just people in comp sci majors, for instance. Myself, I have an electrical engineering degree, so there is a variety of people. We have people coming in even with degrees that you just wouldn’t think of ‒ political science, things like that ‒ and they all bring their own spin on the problem, which is great. It’s enabling us to really develop more solutions that are better protecting our customers.
Charlene O’Hanlon: Yeah, and actually I have a friend from high school, of all places, who is a graphic designer and now she is really interested in cybersecurity, so it’s great to see that so many people are interested in it. Obviously, with the lack of cybersecurity professionals that are out there, when you consider the number of open jobs that companies are struggling to find the right people to fill them, the fact that there are so many people from so many different walks of life who are interested in joining cybersecurity. That’s a great thing, I think. Do you think that that’s going to be something that is ‒ as I said before, we are experiencing this dearth of folks, but do you think that because there is this interest now, that the gaps are finally going to be filled in organizations when it comes to cybersecurity, or do you think we’re always going to be, from a personnel perspective, kind of like one step behind, always trying to fill those jobs?
Julian Zottl: I think we’re always going to be filling those jobs. It’s very difficult to catch up. I know we’ve had recs open for months at a time nowadays trying to find qualified people, and even taking beginners and bringing them in. A lot of people fear entering it. I know plenty of people who are say, “I’m interested in cybersecurity,” but they’re not taking that leap. I’m like, “Look, just apply. We can teach you. We do on-the-job training all the time,” et cetera. I think it’s important to note that people, like I said, just need to apply to a job. The beginner requisitions are out there, and we also, of course, need experienced people, and that’s the problem, is there is a very small pool of very experienced people and we’re all vying for it, all the companies. I don’t think that this is going anywhere. Of course, the blacksmith probably said that many years ago, “I will always have a job,” but the truth is I think cybersecurity is around here to stay, and there will always be gaps.
Charlene O’Hanlon: Yeah, I agree with you. People talk about automation and artificial intelligence is helping fill the gaps, and I think that that’s absolutely true. I do believe that technology is going to help us tremendously in enabling those who are in the cybersecurity field to kind of focus more on the actual business of cybersecurity and not having to do those kinds of remote tasks, or rote tasks, I should say. But, I think you’re right. I think we’re always going to have a need for the human element in cybersecurity. With that in mind, then, what are you seeing as far as those folks who are just coming out of school and are interested in cybersecurity? Do you think that they have the chops and the background or the education necessary to really kind of dive right into cybersecurity, or are they missing something?
Julian Zottl: No. Okay, so I think it’s kind of divided, I’ll say. I do a variety of STEM events, I’ve actually got one coming up this afternoon, and I always say college and high school, they teach you how to learn. The real-world, practical things are learned on the job, which is why I always encourage people who are in college, and even high school, to get internships with companies like Raytheon, et cetera, because you’re getting that valuable on-the-job training that you just can’t teach in school. Now, I was in school quite a while ago, but going from when I was in school to now, it’s leaps and bounds better. It’s amazing how much better the training is, the courses are much more, I’ll say, realistic, so we’re making strides.
Competitions like the National Collegiate Cyber Defense Competition, that’s another big one. Kids are entering this, getting attacked by real-world people that have _____ _____, and they’re learning these skills and they’re coming out. They’re no longer beginner analysts, they’ve moved up significantly, so I think it’s great. Then, you have the people who, like I said, poly sci majors who want to get into cyber all of a sudden, and they’re taking the leap, so it’s great to see.
Charlene O’Hanlon: What can we do, then, from an educational perspective to continue to ensure that these graduates, when they come out, whether they are focused on cybersecurity from the get-go or whether it’s something that they want to move into, what do you think universities and colleges, and even high schools can do to kind of help ensure that they’re at least on the right path when they decided to do that?
Julian Zottl: A variety of things. I think partnering with companies like Raytheon, of course, that’s a big part of it. Also, just commercial companies, because we’re about half commercial, half government. Companies like Microsoft, Google, et cetera, they are facing these threats every day, so the more involved that these kids and the educators are getting with these companies, the better. They’re also staying abreast of all the newest threats. A lot of this stuff is becoming pervasive, the recent ransomware attacks, for instance. It’s hilarious because even members of my family who don’t do anything in cyber, are asking me questions about this now, so I think it’s really coming to the forefront, and so a lot more people are interested in it. I think that a lot of these universities and the high schools, et cetera, they’re getting involved and it’s great.
Charlene O’Hanlon: Yeah. Well, I think there is definitely a greater awareness of ransomware and other cyber threats because, obviously, they’re in the headlines. Let’s take the Colonial Pipeline attack, for one. People were directly affected by that because they couldn’t get gas or whatever. I’ve always said, once it directly impacts you, you’re going to start paying attention to it, so I think that that is actually having a silver lining here, a positive impact on people’s interest in cybersecurity and possibly getting into the field. I think that that is definitely something that I think increased awareness is going to help organizations find cybersecurity folks, either just starting out or even more seasoned.
But, as far as making sure that beyond a high school or a college education, that folks who are in the field, or even out of the field and want to learn more about cybersecurity, I know that there are so many organizations out there that are designed to help organizations and individuals learn more about cybersecurity and stay abreast on the latest threats, the latest technologies out there, some of the standard guidelines, things of that nature. Are there certain things that you guys gravitate towards at Raytheon in helping or in suggesting to your employees to read up on, to study just so they have the most up-to-date information?
Julian Zottl: It’s interesting. I think just because cybersecurity has become such a pervasive problem, it’s actually in the mainstream news nowadays. I remember for years always having to search. You would go to specific websites ‒ or podcasts ‒ to find information, and now it’s in Apple News, it’s on the nightly news, YouTube, et cetera. Obviously, these are all just great resources. You have the government stepping in, so you have the Cybersecurity and Infrastructure Security Agency, CISA, out of DHS. You have the Multi-State Information Sharing and Analysis Center. All of these are sharing information as best they can. I go to a variety of websites almost every single day, I have newsfeeds set up, and I think that’s the best way because no single site is going to have all the news, so you kind of have to go across a wide berth of them.
Charlene O’Hanlon: Okay. All right. Great. For folks who are maybe just starting out who are interested in cybersecurity, what would you suggest to those people? What would you suggest that they do to kind of prep themselves, get themselves ready for a career in cybersecurity?
Julian Zottl: There is a variety of information out on the Internet. First, start reading. I read constantly. It seems like I’m staying up until midnight or 1:00 AM every single day reading about various things, right? Is it new technologies coming out to combat problems? Is it just ransomware attacks, et cetera? The other thing is our machines nowadays are extremely powerful, so download something like VirtualBox, set up a virtual machine, start playing around with security. I came from the offensive background, so the defense came naturally. If you set up a machine and you’re like, “Oh, I want to try to see what happens when I do this,” that’s the best way to learn. Just start doing that. There are also tons of hackerspaces around.
Hacker has, of course, a connotation, but these are spaces where people that have either some industry experience come forth and can help beginners, and they’re like, “Look, this isn’t that hard. Come out,” and then there are conferences, et cetera, that you can go to. Here we have ShmooCon in D.C., and you have Black Hat in Vegas. Black Hat is now international. These are all opportunities for people to learn.
Charlene O’Hanlon: Yeah, I agree, and we have this great website, too, called Security Boulevard, so ‒
Julian Zottl: There you go.
[Laughter]
Charlene O’Hanlon: Also, here on TechStrong TV, we have the Haunted Hacker Podcast. I’m not sure if you know about that, but always tons of great conversations on Haunted Hacker Podcast, so a shameless plug there for Mike Jones. But, yeah, good stuff. Julian, thank you so much for having the conversation with me. I think as we move forward and hopefully get a better handle on cybersecurity in general, I think the best cybersecurity workforce is one in which folks really do come from all walks of life and all areas, from graphic design to computer science, and electrical engineering and whatnot, so diversity makes it all flow. Thank you, again, for your time. I really do appreciate it.
Julian Zottl: No, thank you for having me. I appreciate it, too. Take care.
Charlene O’Hanlon: All right, everybody, please stick around. We’ve got lots more TechStrong TV coming up, so stay tuned.
[End of Audio]
