"So, You Want to Work in Cybersecurity?" - Nadia Short of General Dynamics
Nadia Short of General Dynamics, a major government/defense contractor, discusses:
Nadia D. Short is vice president of strategy & business development at General Dynamics Advanced Information Systems. In this role, she is responsible for strategic planning, business development, international business, marketing and public relations, and customer and corporate relations.
TOM FIELD: Hello. This is Tom Field, Editorial Director with Information Security Media Group. We're talking about cyber security professional jobs today. With us is Nadia Short with General Dynamics. Nadia, thanks so much for joining me.
NADIA SHORT: It's my pleasure, Tom.
FIELD: Just to start out, tell us a little bit about yourself, your role, and the work you do in your division at General Dynamics, please.
SHORT: My current title is Vice President of Strategy and Business Development for Advanced Information Systems. Advanced Information Systems within General Dynamics has a primary focus on intelligence surveillance reconnaissance systems, as well as information security systems, which is where cyber security plays a big part of that portfolio.
FIELD: As you know, cyber security has gotten a lot of endorsement from the highest levels in government. The President spoke about it last week, and we hear a lot about the needs in government and with contractors for cyber security professionals. What are your current cyber security needs?
SHORT: Our current cyber security needs aren't new. They've been ongoing because General Dynamics Advanced Information Systems has had a long-standing portfolio of cyber programs that we've been working on. Due to the recent high profile attacks on business and government cyber networks that have been well-publicized in the media, we do see an increased need for additional analysts, and I can walk you through the kind of people we're looking at. Primarily its security operations center certification experts. And we have levels of maturity for those people where you have an entry-level, apprentice-level type person, an intermediate element to that, as well as an advanced security operations center certification expert. Those people are the ones who are able to perform and lead full-scale investigational and incident response activities. Obviously, as their maturity progresses, their responsibility progresses as well. We also have a need for what we call reverse engineering experts, and those are people who are able to perform. When they reach the expert level, they lead investigations into the incident response, as well as complete the reverse engineering associated with following the audit trail linked with different exploitations and attacks. And last but not least, we have forensic experts that we are looking for, who are people that are able to lead the investigation and incident response activities. They primarily focus on the ability to understand file systems, logs, histories, patching, and more importantly, understand chain-of-custody activities as we look to provide that kind of data to law enforcement officials as they look to "put the bad guys away." It's those three major categories that we are looking for people. But just because someone might not have all those skills today, we actually have a fairly substantial training program here so that we train people before we put them on the job with our government and commercial customers.
FIELD: Oh, that's good. Give me a sense, Nadia, in terms of requirements that somebody has to meet and in terms of education and work experience. Maybe there is even a certain personality type you are looking for.
SHORT: We are looking for people who want to be dedicated to the mission that General Dynamics has in helping protect our government and the infrastructures that we provide contract support to. We are looking for people who want to work in the security-related job profession and who understand what the threat is. People want to be part of trying to make things better. We are also looking for people who are college graduates, although that is not an absolute prerequisite. If there are enough on-the-job skills they received at another job, or a different kind of application, we do take people who aren't college graduates, but most of the people who do this work have degrees in computer information systems and some in electrical engineering. The bottom line is they are people who want to come in and want to be highly skilled, highly trained. Most importantly, because of the work and sensitivity of this work, they have to be able to obtain a security clearance by the government.
FIELD: That raises a good point, because you are in some sensitive areas. We have talked about what you are looking for. What are you not looking for?
SHORT: What are we not looking for? I'm not sure that we're not looking for anything or anyone in particular. Obviously, being able to get a security clearance, there are certain bars to enter there, right?
FIELD: Right.
SHORT: And those security clearance requirements, over the years, have become much more stringent. That's kind of the main thing. If you don't think you can qualify for security clearance, then I think there is enough on the web that identifies what is required to obtain that clearance. We're welcome to interview and screen anyone who wants to do this kind of work. It is very leading edge. It's at the core of what we are trying to get accomplished. As information security management becomes even more important, as it already is today, there will be even more in the threshold of importance here. We're looking for people dedicated to that mission.
FIELD: And Nadia, for someone who starts their career there, or maybe transitions mid career, what sort of a path do you envision for someone that gets into a cyber security position?
SHORT: People come in at entry level, we train them up, if they are able to get a clearance, we invest in their ability to obtain that clearance, and through their hard work, as there is the opportunity to move up and retain more responsibility, you would be managing a team of people who would be doing this type of analysis in forensics. if someone wants more responsibility, that's available. If they like being an analyst, that's fine. There's a lot of opportunity here to work in different areas in the cyber domain.
FIELD: It sounds like you've got a wonderful training program, as well.
SHORT: We do. This is core to our business here, and therefore, we learned very early on that we needed to invest in our own people, so that once they hit the job, they can hit the job running and provide good information to our customers. With the on-job training, we try to have most of that occur here, not when they're actually on the job, being paid by our customers.
FIELD: So, Nadia, given the economic situation we've been in, there are a lot of people that are looking to transition into security careers, or who are leaving other businesses. If you could boil it down to a single piece of advice for someone looking for a cyber security career with general dynamics, what would that advice be?
SHORT: My advice would be that it is important people should understand that there is a lot of different elements in being part of cyber security and having a cyber security career. People hear about the professionals who do the analysis and find the bad guys; that gets the most press. But, there are a lot of other elements there, and once you get into it, I think there is a better understanding of that. Those analysts and forensics people are actually trained to go and find the bad guys. But, there are also people whose day-to-day job it is to monitor and analyze the network and figure out how to make it better. My advice would be this. Don't be stuck on one thing you want to do. Understand the full complexity of what is available to you. Do some homework on computers and software. This is kind of a wide open market at this point. There's a lot of opportunity to focus on different things or be a little broader in your perspective, so that you can move from one element of what's required to another.
FIELD: Very good. Nadia, I thank you for your time and insight.
SHORT: Alright. Thank you very much, Tom.
FIELD: We've been talking with Nadia Short with General Dynamics. For Information Security Media Group, I'm Tom Field. Thank you very much.