How to Start a Career in Cybersecurity Webinar

How to Start a Career in Cybersecurity Webinar

Webinar Highlights

Check out these key moments from our recent webinar on starting a new career in cybersecurity, featuring a panel of cybersecurity speakers:

  • Pouya Ghobi, Interim Program Director and Solutions Engineer, CyberArk
  • James Donoghue, Professor and Special Agent, Department of Homeland Security
  • Sheethal Surendran, Senior Technical Recruiter, CyberArk
  • Melvin Thomas, Master’s Student and Director of Service Delivery and Special Projects, Chiron Technology Services, Inc.

Learn More

Schedule time to speak with an enrollment advisor to learn more about the online graduate cybersecurity programs at St. Bonaventure University.

 

Make an Appointment

 

Transcript

Katie Macaluso: Hello everyone. Welcome! I'm Katie and I want to thank you for joining us virtually. Today's presentation, How to Start a Career in Cybersecurity, is hosted by the online cybersecurity programs at St. Bonaventure University. We're very excited to have a speaker group today with a diverse mix of cybersecurity experience and backgrounds that they'll leverage as they talk about career pathways and their experience in this field. We have a robust discussion planned so we're going to go ahead and get started right away.

Here, before we jump in though, I do want to go over a few quick housekeeping items. You are in broadcast-only mode. That means that you can hear us, but we cannot hear you. During this event, please feel free to type in your questions into the question answer box as you think of them. We'll be sure to save time for those at the end of the presentation.

I also want to note that the presentation dashboard in front of you is very adjustable. In the media player where our live feed is displaying, you can drag that window to make us larger. You can also adjust the volume and the size of the slides. Then, finally, we are recording this event. You'll be able to come back in at any time if you want to view this again, or if you'd like to share it with a friend.

With all that out of the way, let's go ahead and take a look at our speakers for today's webinar. Our moderator today is Pouya Ghotbi, the Interim program director for the cybersecurity programs at St. Bonaventure University. A native of Australia, Pouya has focused his career on security including software security, cloud security, network security, penetration testing, identity and access management, and most recently privileged access management or PAM, primarily in large banks. In addition to his post with St. Bonaventure, he is also a solutions engineer for CyberArk.

Then next up we have Sheethal Surendran who is a senior technical recruiter at CyberArk Software, a leader in the security space. Sheethal brings more than 14 years of recruiting experience to her role, including seeking high-level roles for the government, universities, and Fortune 500 companies. Prior to recruiting, she worked in sales and marketing with an emphasis on market research.

Also joining us is Professor James Donoghue who teaches in the online cyber security programs at St. Bonaventure, and is also a special agent for the US Department of Homeland Security. In that role, he uses his cyber security skills to investigate child exploitation, human trafficking, narcotics, financial and national security investigations including transnational criminal organizations.

Last but certainly not least, Melvin Thomas, a current graduate student in the online masters of cybersecurity program, is with us to share his own experiences transitioning over to the cybersecurity field. Melvin is currently the director of service delivery and special projects for Chiron Technology Services, Incorporated. He has over 20 years experience in the field of information technology including nine years in cyber security. Melvin's technical skills are focused in the areas of programming, threat assessment and vulnerability analysis. 

Thank you so much to all of you for being here today. It's really exciting to have so much cyber security industry experience in one place and to be able to talk more about how we can transition careers into this field. With that, I'll turn it over to you, Pouya.

Pouya Ghotbi: Thank you so much, Katie. Thanks everyone for joining us today. It's really a pleasure to having you all taking time to joining us today and talking about a very interesting topic. You may ask out of all these topics in the world, why would we choose this particular topic? You know, starting a career in cybersecurity. This topic started in one of the courses that I was teaching. At the end of the course week seven, I just created an interview simulation.

A lot of students were asking about careers, how they can get a job in cybersecurity. Or if they are already working in cybersecurity, how they can progress their career in this field? We had a lot of traction, people loved it. Then following that, a lot of students in other courses were asking about it. We had students actually successful in their job interviews after that practice that we have in that course. But it's not even just that—a lot of colleagues that are working in the areas of IT, mentors that work with me and even friends and family, are asking about this. The question is how can we break into cybersecurity market? Or if it's already started, if I'm a junior position, how can I progress this?

There's a good reason for that--a couple of reasons, actually. As you know, the world around us, the businesses, they're going through massive digital transformation. What does that mean in terms of cybersecurity? That means now there's a much bigger attack surface. Attack is trying to basically get hold of our sensitive information any way that they can. What does that mean? That means it translates into more need for cybersecurity controls, skills, and obviously personnel.

As a byproduct of these, there are much more jobs. I'm sure Sheethal is going to talk about that, and how this market is transforming now. Jobs in cybersecurity are often very stable, even after this crisis of COVID that hit and a lot of the economy issues that you know were the consequence of that. What we saw is the cybersecurity jobs stayed pretty consistent and pretty stable. That's very attractive for everyone.

Everyone wants to have a job that is stable. The other thing that is very interesting is with all these new technologies being added, with AI and machine learning with cloud computing, changing the world, the way that we work, that means there are new areas of cyber security as well that are being introduced. It's a massive market. It's growing really fast. What we're trying to answer today or at least give you some ideas with the great panel that we have today is how can you get into this market.

Or if you're already working in cybersecurity, how can you progress your career? How we, in the master’s of cybersecurity program and a graduate certificate program that we talk about, can help you fast track that and achieve those goals much easier and better. All right so with that, I actually would like to ask the first question from our first panelist there, Sheethal. Sheethal, thank you so much first of all for joining us in the panel.

You've got extensive experience in recruiting, specifically cyber security. I know that you have worked across different sectors. First of all, my first question for you is how do you see the current market of cybersecurity as it compares to other areas?

Sheethal Surendran: Sure. Thank you so much for having me. Thank you to the Bonaventure University for arranging this. I have been doing this for a while and I have seen very clearly that cyber security is an absolutely important market or industry. It's not going anywhere. It's not one of those connectors that, again, get outsourced easily. It's here to stay and has to be safe, in a safe environment. They're not going to send it away. It's a growing industry just like you said. We used to save all of our information in people and things like that.

Now it's all in technology, either in our systems or in web or cloud or whatever. As long as it's in the technology or it's in some kind of an environment like that, it's prone to attack. People are trying to steal it. All of us have had experience where, in some way or the other, you would have been a part of a breach or your information was stolen. You'll get information or emails regarding that. That means that we need professionals who can keep that information safe, or protect that data.

That means jobs are going to keep happening for cybersecurity professionals. That's just like you said, gives you security. You're definitely going to have a job. Also, if you do a quick Google search you will see the unemployment rate has been 0% since 2016. What that means is that if you have a cybersecurity background, you're always going to have a job. You're always going to be secure.

You're not going to get... It's not going to be a mass layoff and you don't have something. You'll immediately find another job. The demand and supply--There's so many jobs out there. They're talking about people in five to four million jobs. Not enough people, which means if you have a background, you're going to get a job. It also means that whoever is in this industry or in this college or taking a course or doing a certification program, you're making the wisest investment into your future.

Not only just a future but a very secure future in a great industry.

Pouya Ghotbi: Absolutely. Very, very great point. Some of the stats that you mentioned, we've got on the screen as well. It's fascinating, yeah, how many jobs and the rate of unemployment. One thing that is going to add to your points is the jobs and the people for the quality of people obviously is very important. You know, the level of education that you have, the level of skills that you have are also important. The more skilled you are, the faster you can grow your career.

I have seen a lot of my students over time, I have a couple of students they started their career from zero. One of them was working at a car dealership. Then he started cybersecurity. He was very passionate and was very switched on. In a couple of years, I believe he's been in the industry for about four years now. He's a senior consultant for four years. I'm sure you have seen in the industry. The point is when you try to gain more skills and the skills that is really required, hands-on skills.

That's how education sector is changing, as well. We'll talk about our courses towards the end. That's where our focus is, trying to have better skills and things that are absolutely required to be successful in this job. That's perfect. I guess the other question I've got for you is considering that you have moved across, a I said, multiple sectors, this is quite important especially in the United States that you have the private sector.

Pouya Ghotbi: You've got obviously where you come from and government. What are the differences between these markets?

Sheethal Surendran: As a recruiter, as a technical recruiter, what I see is, again, I'm not going to talk about, I think James is an expert over here who is going to talk about maybe FBI or CIA or any of those. I'll talk about the commonwealth of Massachusetts was the private sector. The one big difference is that the private sector is creating products, creating more jobs and turns into a consumer. They're using the product.

With creating a new product also comes a whole bunch of new jobs. You don't always have to be a hacker. You don't always have to be a software developer. You could be a person who sells that product, a person who supports that product, a person who implements that product. All those functions create all those many jobs. Whereas a government is a consumer and so they're using it. The number of jobs between both private second tor and government sector, there's a big difference.

Again, private sector for a new graduate like our audience probably is, our students. It's easy to get into the private sector because of so many jobs. The rules are not as rigid. Government has a whole process. How do you get in? Maybe you need security clearance, things like that. It's easier and to get your foot in the door and then to grow from there. That's the big difference that I see between private sector and the government sector.

Pouya Ghotbi: That's perfect. That's also a good point of commission. James, maybe we continue with you on this question. I think most of your career has been in different areas of government. What are your points and your view on this? 

James Donoghue: Yeah, my entire career has been, at least professional career, has been with the US government and with the federal government specifically. I've never worked for state or local government. What I found is that the foot in the door mentality definitely goes a long way in the federal government. If you can get into a position, it's a lot easier to lateral to other positions within the government, within the agency that you're in, or to another agency.

Even just getting a job in the government gives you some more insight into what are the positions available. Some positions are only available if you already work for the government. Other positions are open to everyone or there's a lot of positions that are open maybe for veterans. If you happen to be a veteran, getting a job with the federal government is a little bit easier because there are streamlined pathways to getting hired for some of the jobs that you want.

Even if it's not necessarily the job that you want forever, sometimes taking a job gets you into the agency and then you can lateral from there. It's a lot like the private sector, I imagine, but with the federal government, once you're hired, the clock starts and all of that time counts towards benefits and eventually when you retire someday. You know, in terms of getting a job in cybersecurity with the federal government, now is a really good time.

As a matter of fact, I can speak for the Department of Homeland Security which has many component agencies in it. Right now, DHS is hiring cybersecurity professionals. Where I work within Homeland Security Investigations, I'm a special agent. That's a little more difficult position to obtain. It took me about two years to go through the entire hiring process to become a special agent. For me, I was a special agent but I was not in a technical position.

Because I was already in the federal government, because I was already an agent, I was able to ladder into computer forensic role which is what I'm in now. While I'm still a special agent, I do primarily child exploitation, digital forensics, as well as forensics for pretty much every other investigation that we're doing in the office at the time. I was able to go from a non-technical position. I did go back to college, and I obtained a master’s degree in cybersecurity with a concentration in digital forensics.

That allowed me to make that transition. When I went back to college to get my degree, I was 47. I know I don't look that old.

Pouya Ghotbi: You don't, no. I would have said 20 max, yeah.

James Donoghue: There was a little bit of a delay in there. No, I was later in life, later in a career. I've been with the federal government for 23 years now. I had already been in the government for 20 years, and even I was able to make that transition into a more technical role in the cyber security realm. Forensics definitely does fit within the cybersecurity framework. Right now within DHS, they're looking for incidence response professionals, risk assessment and risk management professionals, vulnerability detection, forensics, intelligence and investigations, software assurance, and network and systems engineering.

There's many different specialties that you can go in to that all fit within cyber security. While it's nice to be a jack of all trades, so to speak, even just focusing on one or two of those areas can open up a lot of opportunities for you within the federal government.

Not even just being an actual employee of the federal government, the federal government as Sheethal had mentioned, uses a lot of contractors. You may find yourself in a position where you can work as a contractor for a government agency or maybe you could be the contractor for the government agency providing some of those services. Not every government agency has an internal cybersecurity department but every agency needs one. For the agencies that are smaller and don't have as large a budget as the DHS has, they're still contracting those people out, so those opportunities are there.

You do need to have a security clearance for the vast majority of positions within the federal government. Don't get arrested. St. Bonaventure is a good Catholic institution so they generally have good people there. If you do go to St. Bonaventure, people will think that he or she must be a good person! We're going to hire them. You do need to have a security clearance. Also just be mindful of that.

The process does take a little bit longer. While in the private sector you might be able to get hired within a few weeks, in the government sector it might take, even with expedited hiring, several weeks, six to eight weeks, up to several months depending on the security clearance that you need and the background investigation that you have to go through.

Pouya Ghotbi: That's perfect, thank you so much for all of that insight. That was really great. I just wanted to touch on one of the points that you mentioned. It's very important, actually. Age, I get that question all the time. Is it important? It's interesting. Especially in cybersecurity space, we have seen a lot of people... It's sort of a relatively new space. It's been around for ages but as a nation with all this digital transformation, new technologies, there are new areas of cybersecurity opening up, new jobs. 

I get that question a lot. Does it really matter how old I am? When can I start? I can tell you, we’ve had in our program, as you know James, you're teaching the same program, we have a lot of people who are mature. They've already been mature in their career. They've got jobs in IT. Or sometimes not related to IT and they just want to move to IT and cybersecurity. We have students of all ages. They all have been successful. They have got jobs. A lot of students, they're already working in institution, in an organization, in a different position. They've been moving to cybersecurity positions within the same organizations.

It's definitely not a set age. We do have a lot of students in different ages. We encourage everyone at any age to join the program. Not specifically our program, to learn about cybersecurity. All right. Sheethal, probably get back to you with more questions. Some of the stuff that James covered that was really good for government, but generally speaking, if someone wants to break to cybersecurity, what is your advice?

How do you think they could do this? How they can overcome at least to get an interview to start with?

Sheethal Surendran: I'll address people who are taking classes right now. If you are enrolled in a course like this, it's the best thing that you've ever done. It could be a certification program. It could be your master’s or your bachelor’s degree. What I would say is read as much as you can, attend as many webinars as you can, do as many internships as you can. Even a small two-month experience on your resume will make you standout better than somebody who does not have that, somebody who is working in a non-cybersecurity or, again, nothing wrong with working at a coffee shop.

You will definitely stand out if you have even two months or three months experience as your internship during your college years. Try and accumulate as many years of experience as you can. I would say approach your college. Go to your college cybersecurity department and ask them if you can do something, a small project for them. Unpaid, paid, it doesn't matter. Get something, some experience on your resume. This is during your college time. Even at that point maybe even invite people, cybersecurity professionals to come to your college and talk about them.

Have a full connection with them. Connect with them on LinkedIn. LinkedIn is the place to be. Connect with as many information security professionals as you can. Ask them for 15 minutes of their time. They will, nine out of 10 times, give it to you. Unless you're somebody like James who's not on LinkedIn and it's harder to find them. Most people would, especially in the private sector. They would be happy to talk to you, give you some kind of guidance, give you pointers. Connect with all your alumni who are in cybersecurity industry, as well as your professors: make a big, vast network so by the time you are out of college, you already have these things lined up. If you are not doing a cybersecurity course but you're doing something else, maybe you're doing software development. Try to show what skills are transferable. Maybe you have attention to details. Try to show that, saying I am very keen. I can find issues very quickly.

Sheethal Surendran: That's a transferable skill into this industry and try to sell that. Those would be the way I think as a recruiter I see between two resumes standing out. Whatever you can gather. Whatever you can get certified. Whatever you can gather during your college times, that might be the best way to start or get a break.

Pouya Ghotbi: That's great, Sheethal. It's actually really invaluable having that insider view. When you look at resumes, how do you see the differences? On paper, a lot of resumes look very similar. Those slight differences make or break, you know? Very good points. Thank you so much for those. I just wanted to add to that, as you mentioned courses, certification. Those are very important. I'm just going with your idea but in my eyes, as well, the formal education from a university counts a lot. 
Especially when you have an institute that has got a very high ranking and you know that the course that they're very up to date and they're hands on, it gives you an advantage because you've proven by passing those courses, by getting good grade in those courses, you can fast track that process a lot, as well. Do you agree?

Sheethal Surendran: Absolutely. I totally agree. Somebody who's got that basic foundation, strong foundation, definitely stands out more than somebody who does not.

Pouya Ghotbi: Awesome. Thank you so much for that, Sheethal. All right. I guess I'll move on to the next section. Another question that I get all the time, I'm just trying to ask everything that everyone's asking me here and discuss it with the panel is what qualities employees are looking for. Some of it Sheethal mentioned. The ones that you can see on the screen continues that. This is very important. A lot of this factors are common with any job that you get. With Cybersecurity, they become a little bit more important.

That's because of the nature of these markets. The market is evolving every single day. The new technologies, the new attacks of things that you need to learn. It's very, very hard to stay on top of this. Like someone was saying, cybersecurity, what knowledge do you have today? The whole thing. Majority of the knowledge that you have today in three years time, may not be relevant. The technology's changing so fast. Some of those qualities are very important.

Just to be a little bit more granular, to give you something tangible that you can measure yourself against, I've got my next question back to James. What skills are required for someone if you want to transition to a cybersecurity roll? Also to be successful because transitioning is one thing. Being successful, being able to shine, you know? That's very important, as well. How do you see that, James?

James Donoghue: Well, I know based on my own experience having done this very thing, when I had decided I've always been somewhat of a technical person. I've always had computers. I remember way back to my first of '64. That's how far back my computer skills go. When I had decided, hey, I think I want to try to get into this digital forensics space, this cyber security space, I had to rely on some of the skills like you had just mentioned that were on the other slide.

You do have to be willing to put in some hard work. For me, the last time I was in college was in 1994 when I graduated from St. Bonaventure. The next time I was in college was in 2015. There was quite a gap there in having to do homework and having to do research and learn, or re- learn some of the skills that I used to have. I had to have that willingness to work hard and you have to maintain that willingness because in cybersecurity and digital forensics certainly things change so frequently.

You have to have that willingness to continually learn, to continually read new articles and to continually do research. Not only to keep abreast of the current trends in forensics or cyber security, but even on a day-to-day basis. We might get a device in the office that none of us have ever seen before. We have to figure out what is this? How do I get the information off of it? What do I do with it once I've gotten the information off of it? It's a continual learning experience.

It's continually having that desire to do research and to actually like doing it. It's not a job that you can, okay, I've got the job. Now I can sit and do nothing. It's something that you have to have that willingness and that desire and that interest to continually work hard and continually learn. You have to be persistent, as well. It did take me three years to move into the position that I currently have because I did go back to school.

It took me two years to complete my master’s degree. I also did some extra collateral duties that were forensic oriented in order to position myself to be able to get the role that I currently have.

James Donoghue: That persistence certainly paid off in that I was able to transition from being, I wouldn't say a regular agent, but just from doing case work to doing case work but also doing digital forensics. One of the other reasons why I kind of wanted to make this transition is because I am looking towards the future of what I'll be doing when I'm not an agent anymore. Cybersecurity, digital forensics is a role that once you get into it, you can evolve even further into those different position.

You don't have to just stay in one specific position in cybersecurity. It gives you a lot of other opportunities if you are willing to put in a little bit of extra work and to gain that knowledge and to also have the confidence to know that you can do it. I think that's where having that education helps to back up your resume. Right? You have the skills from maybe some certifications you've gotten.

You have the knowledge from your experience. You also have that education that shows, hey, I can start something and I can finish it. Here are credentials that I have that show that. It gives you that confidence to continue looking for other avenues to be successful and to increase your success in the field.

Pouya Ghotbi: Yep, that's perfect. Thank you so much, James, for that. I think that was a good segue talking about transitioning, moving from a position that you had to another position. I guess now I'm going to transition to Melvin. He has been through this journey. He was a developer and then he moved and became a cybersecurity professional, which was a really interesting story when we were chatting.

I just wanted to ask Melvin to join us in the panel to share that experience with everyone else. Melvin, can you just walk us through how was your journey, how did you do? Where were you? Where are you now? How did you go through this transition?

Melvin Thomas: Yeah, I can definitely. I appreciate you allowing me to speak on this. This is actually pretty passionate for me because it took a long time to move from being a straight developer to doing what I do now. I think everyone on the panel has made some outstanding points about how long it can take and the things that you have to do to get there. The first thing that I personally had to figure out is what I wanted to do in cybersecurity. A lot of times you look at TV and people go, " Oh, there's hackers. Oh, this, this, and that." It's not just that.

It's a lot more. It's a very detailed, I think Sheethal put it in great perspective of saying all the different positions that are out there. James really hit home on the fact of all the skills that are needed. Looking at that and saying, " What do I want to be?" Understanding that, that was the most difficult thing at first. Once you figure it out, that's when you can now start to put your path together. I had to figure out do I want to be an exploit writer because I can write code, right? Do I want to be look at network packets?

Do I want to do that? The first way that you figure that out is being exposed to that one way or another. I think appointments made earlier on, I think you did that Pouya as well about certifications and things of that nature. Going to your local university and finding out and taking classes and things of that nature. St. Bonaventure, so far, has been really good for me in that understanding. I know how another person who doesn't have the same skillsets that I have could actually benefit from something like that. If I went to another university and I took a certification on information insurance and they expose me to taking security plus, and my CH, those are great things You have to be exposed to those things.

You need to figure out because the one thing you don't want to do is say I want to be a hacker. Okay, you get to a point and you learn all these penetration testing, tool sets and all that, and you don't like it. That's the worst feeling. That would be my first thing. When I figured out what I really wanted to be, it was an easier transition. Now, it wasn't a direct line. What I ended up doing was I was recruited by a CIC to become a developer for them at that time. I started writing applications for the analysts, which didn't seem kind of cool at the beginning because it's like, " I want to do what you guys do." It helped me because as smart as you think you are, there's a breath of knowledge that you just don't have.

It's not there unless you're working in there. I can write code all day but I've never wrote an export before, right, when I first came there. It's a totally different mindset. I wrote a bunch of what we call common object pictures, or COP tools for analysts of ingesting a bunch of data here and there and understanding what they were looking for, why they were looking for it and developing those skills alongside going to school and being in those skill sets there. I've studied and I've taken science classes. I've studied forensics, things of that nature. 
Eventually it led me to get my first job in cyber as a mobile device forensics person. What we were doing on that contract was actually pretty cool because we actually take apart cell phones and understand how they worked from a cyber perspective, vulnerability and things of that nature. You start pretty high and you start to work your way lower and lower into the weeds, which is actually pretty cool. It led to me now being a full-fledged vulnerability analyst where I can be dropped into an environment and figure out what the problem is.

If there's an attack, discover what their tack is using my forensic skills, reverse engineering anything that needs to be reverse engineered if we have to. Also, now, being able to put defensive together because I understand both offensive and defensive strategies. That's really when you start to look and say, " Are you going to be a jack of all trades?" No but you're going to gain a lot of those things by each step that you're doing. It's something as simple as learning where in the you'll find where auto run is. Right? From a forensics perspective, it will now lead you to being able to know when you go on in your internet response, which you spoke about before, what are some of the first common things that I look for?

What are the tool sets that I should start to use? Those are really important and once you develop that skillset and you talk about transition into different ones, right? Your first job may not be you running the hacker in the way that you think it would be. It may be you reviewing logs and understanding what these protocols look like when you're over the wire. Those are really important, right? When you go through your first wire sharp class and you're typing in what TCP this and all that stuff and learning what your ports and protocols are, it may seem very trivial at the beginning but it's something that you really need.

I don't even look those things up anymore. I'll just look at it and go, " Okay, I can tell." I can tell what layer three looks like on a wire short capture. I know what malware looks like when it's sent in memory and it actually starts to beacon back to a C2, right? I know what those things are. I know how to look at memory and reverse engineer how actually an EXC will be hidden inside a memory space that you would never know. Right? Those are the things that you start to develop there. For me, when I'm looking at people and hiring people at my job, I actually do the interviewing and stuff as well with my organization, we talk about the skills that you mentioned.

I think James even hit home on this, as well, of being diligent. I ask two questions to people and there's no really wrong answer unless you don't answer them. The first question is where are you going to be in five years? The next one is what do you do to stay current in the industry? You could tell me I read AR. I go and get up and read all those things. Those things are important to me for when I'm hiring. If you tell me, " I don't know. I don't do anything," then that's where you start to lose me when you sit across the table from me.

I want to help you out. I want to help you get there. If you don't have the skills, I'm happy to tell you the things that you need to do and why we should do them and lay them out. I've done this in the past. That's my story and my transition to that.

Pouya Ghotbi: That's fascinating, Melvin. It's very interesting. A couple of things that you mentioned just want to reiterate. One was the skills. First of all, sorry, different jobs that Sheethal also talked about the fact that there are different levels of jobs. Someone is going out there and just installing tools and configuring tools. Someone may be on the offensive side of things or directing me.

Someone might be on the defensive side of things or team mingle. That's the differences. There's all this spectrum of jobs that might be there. You just have to gauge your interest and see where you fit. As you mentioned, you had that tendency to go towards initially probably more around the development side of things. Then got into the attacking side of things, as well. Then, which is very important and good to understand that there is this range of jobs here.

We have to settle on one, then you can change. Well, as you mentioned, you can change from the defensive to the offensive or whatever. The other thing that you mentioned, you were talking about workshops and others, the basic things, one thing that is very important and in my experience in the field of coming across different professionals in cybersecurity is when you're dealing with people, the more fun the mental and skills they have, the more confident and bigger they are.

Coming through ranks, they've done it all. They know all the levels. Then eventually get to the point like yourself, you look at it and you know. You don't really have to do a lot of... Or you look at it packet capture and you just immediately hit the spot. For someone that's probably not there yet, it may take more time but what's important is learning all those fundamental skills. When the master of cybersecurity program in St. Bonaventure, when Dr. Hossein was creating this program or generally we were talking about it, one of the intentions, original intentions, of the program was making sure all of those foundations are covered properly so students learn, and you have been in the program and you know what I'm talking about exactly.

Now we're going to go to Marcos and talk about the program in detail. Every single course, the courses that James is teaching, the courses that I teach and other professors at the university, every single one of us we try to make sure that those foundations are covered and you've got enough good hands-on experience so when you go to work, you can actually put them into practice. That brings me to the next question for you which is, obviously going through the program.

You're not amateur. You're not trying to get into cybersecurity. You already worked in this space. How is this program helping you? It's interesting.

Pouya Ghotbi: We talked a lot about how someone entering this market, how can we help. Well, what about someone accomplished like yourself. How does it help you?

Melvin Thomas: For me, I'm really big on planning and goals and things of that nature. When I mentor someone, we actually establish what that plan is. Then I do something called reverse engineering or goals to actually set a pathway to what you want to do. When I did that for my myself, it was what do I want to do to now become... I want to do more leadership. I want to be in a C-suite type of role. I want to be CTO, CSO, things of that nature. What are the things that I need to accomplish? One, I knew I needed to develop more of my soft skills. I think formal education actually does help in that area.

A lot of times when you're really technical, and I've caught myself, you'll be just full-fledged just right in the middle of it, everything is technical. Everything is technical. You have to understand that someone probably doesn't understand what the heck you're talking about, right? There are times when I'm speaking and you start talking and you're like, " Oh my God. What is this? I don't know what you're talking about." You need to learn how to take those skills and be able to converse it from now to your low-level analysts to your CTO. Right? That's some of the things that we're starting to learn how to do in that aspect.

Also, I need the master’s to compete in that area. You're not going to get calls for a job that these C level type organizations without the experience and the degree that show that you have the discipline to complete things. That's really what it is for me. I want to learn things. Right? You're always learning. The one thing you can never stop doing, and I think James really hit that on the head, was you can't stop learning in this industry. Things change every day. I mean, I learned something new today when I was actually working.

I didn't think you could do something today. Some hacker taught me that you can do something today. I now have to go back and understand it, like why did this person do this? What else can I learn from this? Now that person has given me a blueprint to learn something new. What else could be done with this type of knowledge that I know?

Pouya Ghotbi: That's perfect. Thank you so much for that feedback. Yeah, two points that you raised are really important. One, I'll start with the last one that you mentioned. We talked throughout the session about the fact that technology is always changing. It's changing, sorry, so fast that when we develop courses, every single semester we have to go back and we have to refresh courses. That's how fast it's changing. Katie's from KeyPath. We work the KeyPath education to develop courses.

Every single semester and every single release of the course, we have to go back and change it. That's how fast it's changing. That's one aspect. The other thing that you touched on is very, very important. Soft skills, very important. I, myself, had to learn this. I was very technical as well. I had my technical blinkers on. I had to learn.

One thing that we do in our courses, which is interesting, we've got a lot of collaboration. This is an online program so you don't have the chance of hanging out with people like on campus and talk to people and share that experience. That collaboration becomes very important. How we do that, you know that because you're doing the courses, is through our discussion boards like the discussions that we have every week. Different points of view and learning how to deal with them, with that, learning how to respond. Sometimes we have to record videos. For some people, it's challenging. They've never been recorded before. We're developing those skills.

It's not only purely technical. We also care about that soft skills part, being confident to be able to present. Sheethal can tell you, we've been working it in. It's extremely important. Not only that, in any sort of industry that you work, it's very important. Thank you so much for that view. With that, I just wanted to talk about... Give two references for everyone to go and have a look. We talked a lot about the career, about the skills. Two links that maybe in the recording you can go to those pages.

One is basically from USCerts.gov. This is an interactive tool. You can go and see all of these different positions. You can choose one and then it can tell you from what position it can transition to this. Obviously, particularly to this role and where you can go from there. It's been categorized in different areas. That's a really interesting one. I encourage everyone to go and have a look. The other one is from CyberSeek.org.

These are all publicly available websites. This one is also very interesting. You select any of those jobs at different levels and it tells you what skills you need, from networking, from software development, engineering, forensics, any of those skills. Then you will see what combination of those skills you need to have for those jobs. At the top, I don't have a screenshot but there's an interactive map. That interactive map can show different states of the United States.

Then you can see what jobs are there, what are the average salaries of those cybersecurity jobs there in those states, which I find it very interesting to have a look. It's very hard to find those information online.

Pouya Ghotbi: All right, so with that, we talked a lot about our program. Obviously, I'm focused on the master’s program and the graduate certificate program that we have. We do have a bachelor’s program, as well. Just to give you a good overview of the whole program and what do we offer, I just wanted to ask Marcos who is from our admissions team and is an expert in this area, I'll hand it over to you, Marcos, to talk about the university itself and also the programs. Then after that, we're going to go to the Q&A if there are a bunch of questions. We'll talk about them.

Over to you, Marcos

Marcos Baez: Excellent. Thank you, Pouya. Yeah, I think talking about the university itself is very important. Obviously, this is an online program. I think having a physical institution behind it is highly important. As you can see here, just recently we were ranked number six in the north in best value schools by the US News and World Report. I think that speaks highly of our combination of tuition and also our curriculum. Especially with a program like this, it's important you understand what you're signing up for.

A lot of degrees carry the same designation, right? Master of Science in Cybersecurity. Their goals could be different in terms of what they're looking to focus on. As Pouya mentioned, we're very much focused on technology, on the technical aspects, improving your hands-on ability. Other programs might focus more on governance, compliance. That's definitely something you want to make sure that the program that you're looking for has what you want in it.

Our faculty, as you can see, very diverse. All of them are active professionals in the field. I think that's important. As they mentioned, networking opportunities and things of that nature stand out very highly in this field. Make sure when you enroll in our program, you're establishing those connections with your professors, with the faculty. They also brought up certifications. Absolutely. Staying current in this field is key. That's not something we overlooked as a program, as well.

I highly advise any student who enrolls in our program to take advantage of discounts and benefits we offer through a few different entities, whether it's the Cisco Academy, the electronic commerce council, or COMPTIA, as well. We also have a research center here on campus dedicated to cyber security. It's the Western New York Cybersecurity Research Center. It's where our faculty work on active projects. We also have a student-run security operations center there that works directly with the state of New York to provide 24/ 7 monitoring in defense to some of their networks.

James Donoghue: One thing I'd actually like to add to that is, it's not on your slide, but before COVID disrupted everything, I'd also been working on a regional forensic lab that the local law enforcement agencies are partnering together to provide forensic services to the local agencies but also these slots for St. Bonaventure students within that forensic lab, as well.

Marcos Baez: Excellent, excellent.

Pouya Ghotbi: That's great.

Marcos Baez: Now, we offer a Master of Science in Cybersecurity. It could be completed in as little as 30 credit hours. Now what makes our program, I think, very unique is the sense that we have the graduate certificate option, as well. For someone who maybe is intimidated in getting into the field and looking at master’s programs maybe is a little too daunting based on their lack of skills in the area, we have this graduate certificate option to really bring you up to speed.

I think it's one of the things that makes our offerings very much standout. In terms of the master’s program, it can be completed in as little as 18 months time. For the graduate certificate, about eight months. Both very much can help you break into the industry. Obviously a master’s degree can help you in a few other key areas like prepping for senior roles, executive level roles as Melvin mentioned. They both serve a purpose, whether you're looking to break into the field or really hone your skills for potential promotions. 
You know, we have an avenue for you as a student looking to get into cybersecurity.

Pouya Ghotbi: Awesome. Thank you so much for that, Marcos. Do you want to talk about the mission process, as well, if anyone was interested?

Marcos Baez: Absolutely. First and foremost, for any student who is interested in our programs, your next step is to complete an admissions interview with either myself, one of my colleagues as well, whether it's me, Munaf or Elizabeth. We're all very knowledgeable in what our program has to offer. In terms of admission requirements, first and foremost, you'll need to submit an application. You would also need to ensure you have a bachelor’s degree from a regionally accredited institution. Or, likewise, depending on which program you're looking to target, computer science experience, as well, whether that's through a previous degree or work experience.

Police clearance is also required. As Professor Donoghue mentioned, in this field, we want to ensure we're teaching these skills to the right people. People who are honest, ethically sound, morals are correct, obviously. With that being said, we do require that police clearance. Then there's no GRE or GMAT exam required for admissions. If you're not familiar, that's a business exam you would have to take that can be required by some schools. It's not for this program in particular.

Pouya Ghotbi: Awesome, perfect. Thank you so much, Marcus, on that.

Marcos Baez: Absolutely.

Pouya Ghotbi: All right. I guess, we covered everything that we wanted to talk about. Katie, do you want to go through the questions, Q& A section for us? Thank you.

Katie Macaluso: Absolutely. We already received a number of great questions. We'll try to get through at least a few of these here. I know we're running close to the end of the hour. If we don't get to your question today, we'll certainly follow up after the webinar. Then if you have any questions that you haven't sent in, still feel free to continue to use the Q& A box below on your screen. First question here, this question asks, "How is the job market for entry level positions for career changes? I would be coming specifically from marketing and looking to enter the industry."

Pouya Ghotbi: Absolutely. I think Sheethal talked about it extensively about the entry level. Obviously the skills that are required, first of all, someone may be interested in cybersecurity marketing. There are plenty of positions there. As Sheethal mentioned, it's a growing industry. You may be interested to focus on that space because then you need to be able to understand cybersecurity to be able to do marketing for cybersecurity. Then there are avenues into sales. 
Actually, Sheethal, maybe do you want to talk about that shortly?

Sheethal Surendran: Yeah, sure. When we look at entry-level positions, maybe no experience at all, we have internships. If you have availability to do an internship, do it. Within CyberArk, too, we have internships. I'm sure there are many other companies that offer it. Like Pouya said, marketing plus security marketing is a great option. Sales is a great option. You can definitely try that. You might have to start at the very entry level and then work your way up.

That's always an option. I think in the beginning when I said getting your foot in the door. Get it in there, especially a private sector, will let you explore. Within a year and a half of doing your role, working in a current position, they will let you explore and go into a different department or a different function and try your hand there, as well.

Pouya Ghotbi: Awesome. Thank you. Katie, what's the next question?

Katie Macaluso: The next question is how soon can we qualify for cybersecurity job? This person is currently a graduate student in the program and has successfully completed the first three foundation courses already.

Pouya Ghotbi: Awesome. Yeah, look, there's so many variables here. You know, when you finish your program. Obviously when you finish your program, it's much easier to go through a job interview. Nothing stops you from applying, nothing stops you from applying that knowledge in the interview. We had a couple of semesters, actually the last couple of semesters, we had students that they were already studying with us. They already had jobs.

They went to the job interviews. It was actually interesting, that interesting story, one of our students in our security software design course, we were talking about security software design. Everyone who is in the same course, as well, knows. At the same time, a position opened up in their organization around software security. He could go interview and he could talk about it. He could even talked about the direction of that particular practice. He got the job. This particular example was a couple of semesters ago.

We had a couple of people in our current course that just finished that Melvin was part of, they got jobs. I think one of our students that got a job also asked a question here on the panel. Yeah, nothing's stopping you with getting jobs as you move through the program, but obviously when you finish your program, there are more chances.

Katie Macaluso: Great. Our next question asks, let's see, this one says I gained Linux experience from my ethical hacking course and interviewed very well for a technical support engineer position from secure software design course in the program. How can I navigate to a cyber security role within an organization?

Pouya Ghotbi: Yes, yeah. All right, person who was asking question is one of our students which I know. All he needs to do is essentially learning more and more about cybersecurity because these skills are all interrelated. You've got very good Linux foundation, which is great and will help you a lot. All you need to do is just add all the other skills, which is networking, cryptography, enterprise security, application security.

The courses that we offer, all of that is offered. Just adding those up and then I think Melvin was talking about the fact that you are working in a particular line of work but then you can express interest.

Then you can just go a little bit further. Then in corporate security into your day to day job. That's how you move from one position to another and eventually to cyber security. Having, as well, I mean, I started as a support engineer for an ERP system. Then gradually moved to networking, executing. It's just wherever your interest is in. The more you learn, and then you can move.

Katie Macaluso: Great. Thanks, Pouya. Our next asks, when hiring, how important are cybersecurity certifications or certificates? I’ll send this question to Sheethal.

Sheethal Surendran: They are important, especially if you are a recent grad and you've got one of these certifications. It catches my attention. Then I go back and tell the hiring manager, "Hey, look at all the certifications they've got." It just goes to show that you've taken that extra step, gone that extra mile, to learn something more than just your school work. Getting a certification also shows that you've learned or qualified a little bit more than maybe three other resumes I'm looking at which don't have certifications.

Yes, definitely work on it, learn it, and get it. It really helps take you one step in comparison to your classmates.

James Donoghue: One thing I can probably add to that also is that when you're looking for jobs, at least in the federal government, a lot of cybersecurity positions are a lot of computer-oriented positions. Require basic certifications like COMP TIA A +. If you don't know where to start, get the A + certification because there are a lot of jobs that require that as part of the position.

Katie Macaluso: Very good, thank you. Our next question is from someone who is intending to enroll in the master’s program in the fall. This person asks if you have any suggestions or recommendations for books or resources that they might look into in the meantime?

Pouya Ghotbi: Yeah, I guess the main skill that a lot of students are lacking when they come into the program is just a little bit of programming skill. Something like that is easy to learn. That's probably something that is very useful and you will see across multiple courses, those program skills are required. Eventually, I'm going to explain why, eventually everything is software. Although we talk about security, everything at the end of the day is software.

That's why we need the programming to be able to apply those security knowledge. That's the area that a lot of students need to work on before they get into the program. Everything else from the security point of view is fully covered in our courses. We typically all the courses are designed to cover all the basis in the first couple of weeks, of the foundation of knowledge. As you progress to the later weeks, we just go to those advanced topics in that space. Yep, programming, specifically python is something that is very, very useful.

Katie Macaluso: Very good. All right. I know that we are a few minutes past here. We're going to go ahead and wrap up our Q&A session. I think we were able to get to most of the questions but if we did miss your question, we I'll respond to you directly after the webinar. We want to go ahead and thank all of you for joining, especially our speaker panel. Thank you Pouya, Sheethal, James, Melvin, and Marcos, so much for being here and sharing all of your experiences. If you've registered for this webinar, you'll receive, of course, the recording tomorrow.

Please feel free to reach out directly to an enrollment advisor if you're interested in learning more about the programs. Thank you so much everyone, have a great rest of your evening.

Pouya Ghotbi: Thank you so much.