As I travel around the country, I have had the opportunity to speak with technology and cybersecurity experts from the public and private sectors on a variety of topics, including their personal career journeys. I like to ask people questions like, “How did you decide to get into technology?” or “Why did you join state (or local) government?” and “What excites you most about your current role?”
Needless to say, cyber professionals come from a variety of backgrounds. Most have degrees in technology or cybersecurity, but some have business majors, degrees in history, or (more commonly these days) no college degree at all. Some people don’t. For more information on this cyber career topic, check out this blog.
Which brings me to this moving story and the interview below.
In early September, I had the good fortune to meet Sarah Snell at the StateRAMP Cyber Summit in Indianapolis. Ms. Snell is currently the Information Systems Security Officer for the State of Montana and her LinkedIn profile can be found here.
What immediately struck me about Sarah was her passion, excitement, and thirst for knowledge about “all things cybersecurity.” She was clearly excited to be a part of this national StateRAMP cyber event and spoke confidently and proudly about her team’s mission within Montana government.
But what really struck me and prompted me to publish this interview was her background as an elementary school teacher. Read more about that in Sarah’s answer below.
Dan Lohrmann (DL): Please tell us how you began your teaching career.
Sarah Snell (SS): I had teachers in my family and grew up with a blackboard and old instruction books from the age of five. I spent my free time at elementary school playing school. Seeing my amazing teachers growing up and the impact they had on me and others inspired me to want to help people. I attended college and earned a bachelor’s degree in elementary education. After graduating, I taught elementary school for four years. I decided to shake things up and make a difference, so I moved to Colorado and took a job in local government.
DL: What made you consider a career in cybersecurity?
SS: I moved back to Montana to work in state government. In 2021, Congress talked about how the demand for cybersecurity professionals exceeds the supply. This conversation sparked my interest in cybersecurity and I started talking to employees on the security team to learn more about the profession. I learned two important things. First, cybersecurity is not someone sitting in a dark room wearing a hoodie looking at a computer screen with green ones and zeros. Second, without realizing it, I was already using cybersecurity principles in my current job. When I combined my interest in cyber with the projected job growth and lack of diversity, I knew I wanted to work in the cybersecurity field.
DL: What sparked your interest in a role in Montana state government?
SS: That was a conversation I had with the CISO in my state. I decided that I needed a degree in cybersecurity to get into this field, so I asked for advice on transitioning into cybersecurity. The CISO explained that it is not the only method, and transfer of skills from previous jobs is another method. The state was planning to strengthen its cybersecurity and would be hiring. Because I love state government and worked in the Department of Public Administration, I took the Security+ course to build my cybersecurity knowledge given the transferable skills and other professional experience I had developed over the years. My goal was to join the state’s cybersecurity team and participate in protecting the data of the state and its citizens.
DL: What training did you undergo to qualify for your role in the cyber field?
SS: One of the attractions of joining Montana State’s cybersecurity team was the administration’s commitment to training budgets and investing in its workforce. Last year, I earned my Certified in Cybersecurity (CC) and Systems Security Certified Practitioner (SSCP) certifications. I am currently working towards my Certified in Governance, Risk and Compliance (CGRC) certification. In addition to what I learned from my cyber certification, I leverage my knowledge and experience in policy, contracts, procurement, business processes, and education from previous jobs.
DL: You have an incredible passion and thirst for knowledge in the cybersecurity field. where did it come from?
SS: That’s partly my nature. I love learning and immerse myself in everything I do. One of my favorite things is meeting people like you at conferences like the MS-ISAC Annual Meeting and the StateRAMP Cyber Summit. They are passionate about cybersecurity and share their knowledge, fresh perspectives, and ideas on how to better protect our nation. . Being part of something bigger and making a positive impact is not only rewarding and fulfilling, but energizing for me. I will always remain a teacher at heart. The more you learn and understand cybersecurity as much as you can, the better you can help those around you and make a difference.
DL: Please tell us about your current role and responsibilities.
SS: I’m an information systems security officer. In my role, I work with companies by advising system and business owners, chief information security officers, and chief information officers on all systems-related issues to help the nation protect its assets and citizens’ data. to help achieve its mission. This involves working with system owners to develop a system security plan, reviewing and documenting security controls, and ensuring system owners have an actionable plan to address vulnerabilities and reduce risk. This is done in the form of creating.
DL: Where do you want to be in the cyber field in 10 years?
SS: I hope you can gain a broader understanding of cybersecurity. To that end, I would like to work in various areas of the cyber field. Throughout my career, mentorship has had a huge impact on my growth, so I want to support and guide others. For the past year, I served on a joint National Association of State Procurement Officials (NASPO) and StateRAMP task force to create tools to help state and local governments procure safe and secure IT cloud products. It was a great learning experience working alongside knowledgeable and renowned experts in the procurement and IT communities. I will take every opportunity to increase my knowledge, share my expertise, and collaborate with others to contribute to the advancement of the cyber profession.
DL: What are you most looking forward to about working in cybersecurity in the Montana state government next year?
SS: We have some exciting projects lined up for next year. Our focus is on assisting government agencies in implementing cyber hygiene and zero trust architectures, both of which help mature our cyber posture. I’m also looking forward to accompanying our cybersecurity operations team to learn what they do and gain hands-on experience in incident response and technical security.
DL: Is there anything else you would like to add?
SS: People who are interested in cybersecurity and don’t have a technical background or degree in cybersecurity should consider transferable skills. Effective cybersecurity requires critical thinking, attention to detail, problem solving, and communication skills. CISOs are a great resource and always help point people in the right direction on what they can do to be in a better position to address cybersecurity.
final thoughts
Another characteristic that stands out in people who talk to Sarah about careers in cybersecurity is her unconventional “go-getter” attitude, which I found very refreshing. Over the course of my career, I’ve seen this excitement from early cyber pros who went on to do great things, such as Mike Monticello, who I wrote about a few years ago.
But as Sarah concludes our conversation, we hope her story inspires you to jump into a career in cybersecurity from other fields.
One final thought. ChatGPT often provides some great headlines to summarize your blog interviews. Here are a few that I didn’t choose to help explain Sarah’s career journey so far, but can serve as a summary.
From Blackboard to Cybersecurity: My Journey to Data DefenseCybersecurity: A New Path for Lifelong Teachers and LearnersHow I Transitioned from Education to Cybersecurity—And Why You Can Too: A Career in Cybersecurity Change: Lessons from the Classroom to State Government My Path to Cybersecurity: From Teaching Elementary School Students to Protecting National Data My Path to Cybersecurity: A Teacher’s Passion for Learning and Impact )
Source link
