Author Archives: Alexa Magdalenski

Developing Cybersecurity Specialists for the Long Haul: Rhonda Dyer of SAIC

January 10th, 2018 | Posted by Alexa Magdalenski in CyberCapital - (Comments Off)

Cybercapital Logo White BG
By Renee Brown Small, CEO, Cyber Human Capital, and Contributing Editor, CyberCapital.us Blog

“We certainly have the responsibility to bring talented, qualified, experienced personnel to our clients. We have a responsibility to our employees to grow them into that type of capability.” – Rhonda Dyer, ‎Vice President Strategy, Sales Support & Solutions, SAIC, on the need to develop cybersecurity experts

Dyer v1Cybercrime may be on the rise, but training the people necessary to combat it is rocky at present. Cybersecurity is still not a priority in most college curricula, and addressing the issue of providing would-be cybersecurity professionals the right kind of education is something that Rhonda Dyer is presently working on.

Rhonda got her break into cybersecurity around ten years ago, when she was offered an opportunity to support cyber and develop the business from a capture sales perspective. She is passionate about ensuring that all that she delivers to her clients is secure and that her clients know as much as they can about how to protect themselves and their machines from cyber attacks. Rhonda defines her job as one to ensure that her clients have a secure way to get their job done and also points out that security has to be top-of-mind at all times.

Rhonda is presently working at SAIC, and at the moment, the company is moving into three areas of cybersecurity. The first is in the realm of cyberspace operations, where SAIC works on supporting the entire cycle of planning, operations and targeting, and in this realm SAIC has won a contract with the U.S. Cyber Command. The second area is in defense technology, particularly in perimeter security, and this is an area that SAIC will be rolling out soon. The third area, that she is really passionate about, is in education. In this realm SAIC is providing opportunities for high school students to learn about cybersecurity. She also notes that, while only ten percent of the overall cyber workforce is female, the operations programs presently active in SAIC are run by women. She says, “I encourage everybody to make sure their children, especially their daughters, are engaged in STEM education and coding. Also, recognize that the cyber field is broad. You could be doing legal in cyber, policy in cyber. Even if you don’t have a technical bench and you don’t want to be a cyber engineer, there’s a role for you to play during these national assets.”

Rhonda shares that her clients are looking for people who could be up and working the day they start, which means experienced cybersecurity professionals. These cybersecurity professionals don’t necessarily have to know about all the different aspects of a company when they start out, as Rhonda remarks that SAIC can provide training to cover those aspects. That said, she notes that people who have a background in operations are in demand, and as SAIC is involved with the US military, it isn’t surprising that a sizeable number of their hires are veterans who have backgrounds in network handling or in physical security. Rhonda also notes that she also looks for people who have been cleared, security-wise, and who are certified and have been working in mission-critical environments.

Rhonda remarks that SAIC strives to be a career destination, and notes that those who choose to work for SAIC will be able to get training and keep their certifications up to date. She also notes that SAIC is striving for diversity in its talent, as different perspectives are critical in cybersecurity.


Renee Brown Small is the author of Magnetic Hiring: Your Company’s Secret Weapon to Attracting Top Cyber Security Talent and CEO of Cyber Human Capital, an HR consultancy that specializes in innovative ways companies hire and keep cybersecurity talent. Download a free copy of her book here. Brown Small is contributing editor of the CyberCapital.us blog.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Teaching the Next Generation of Cybersecurity Specialists: Scott White of GWU

January 10th, 2018 | Posted by Alexa Magdalenski in CyberCapital - (Comments Off)

Cybercapital Logo White BG

By Renee Brown Small, CEO, Cyber Human Capital, and Contributing Editor, CyberCapital.us Blog

“I think it’s a fascinating field. Jobs are plenty, they’re not going away. This is an industry that’s growing exponentially.” – Scott White, Associate Professor & Director of Cybersecurity, George Washington University, on the field of cybersecurity

Dr Scott J White v2While a lot of colleges aren’t properly creating cybersecurity specialists, the George Washington University is facing the concern head-on with a certification program in Computer Security and Information Assurance, with the possibility of applying this to a Master’s in Cybersecurity if a student decides to pursue a master’s. And Scott White is directly involved with this program.

Scott White began his career in cybersecurity in military intelligence, after which he got a doctoral degree in clinical criminology, where he worked in the fields of behavioral analysis and profiling. After working for a government intelligence security service, he then entered academia, where he taught about criminology, psychology and behavior. He then entered the cybersecurity industry around seven years ago, and while none of his degrees were technical in nature his skill set places him in the right position to analyze human factors and adversarial aspects of computing.

Scott notes that the cyber industry is so wide-ranging that any discipline applicable to the non-cyber world has some bearing with the work conducted within the cyber industry. For those who are seeking a change of career and entering the cyber industry, Scott recommends taking a master’s program in either computer science or cybersecurity at a reputable institution. He also notes that learning about the software isn’t enough, given the speed at which change takes place within the industry, which means that such aspects as analysis, critical thinking and critical reasoning are more important.

Scott remarks that skill sets are more important than actual titles and degrees where cyber work is concerned and gives the example of an auditor taking up cyber auditing, as the skill sets used in both types of auditing are similar. Scott expounds on this by noting that that someone interested in cybersecurity may need to deconstruct their existing skill set to see how applicable their existing skills already are for cybersecurity. One example is of fine arts majors going into security, “One of the things I’m constantly surprised by is when I meet people in cyber security, the range of disciplines they have. I’ve met people who were in fine arts, in dance, and you say to yourself how does a fine arts major who studied dance, how is that relevant to cybersecurity? Well when you really think of how a dancer moves, how they train. The almost arithmetic quality to dance, you can understand how that thinking can apply to the cybersecurity world when we’re looking at adversaries, how they think and construct their particular attack scenario.”

Where George Washington University’s academic curriculum is concerned, Scott notes that he looked at three different forms of accreditation – National Security Agency, the industry standard CISSP and the national initiative for cybersecurity education – and made sure that the underlying pillars from all three are represented in the curriculum to make it easier for their students to receive accreditation. The classes themselves are a balance of theory and critical thinking, and laboratory and live experimentation.

When asked about people looking to transfer from another profession, Scott says this, “I think the greatest thing I would want to convey is that, look at your skills set that you possess today. See what you do in your workplace, and then take the time to find out how your skill set is applicable to this industry. Because I think a lot of people, a lot of the people will ask themselves how their job title fits. And with that job title, they will not see how that is connected to our industry. And the fact of the matter is it very well may be. So take some time, deconstruct what you do and the skills that you have. Speak to [a recruiter, career coach or someone in HR]…and see how that skill set is applicable in this industry.”


Renee Brown Small is the author of Magnetic Hiring: Your Company’s Secret Weapon to Attracting Top Cyber Security Talent and CEO of Cyber Human Capital, an HR consultancy that specializes in innovative ways companies hire and keep cybersecurity talent. Download a free copy of her book here. Brown Small is contributing editor of the CyberCapital.us blog.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Seeing Cybersecurity Threats Before Everyone Else Does: David McGill of ICF

January 10th, 2018 | Posted by Alexa Magdalenski in CyberCapital - (Comments Off)

Cybercapital Logo White BG

By Renee Brown Small, CEO, Cyber Human Capital, and Contributing Editor, CyberCapital.us Blog

“They are self-directed and can self-manage themselves. They are adaptable, they have the ability to learn and to change because it is a dynamic environment. They are passionate about security – one indication is a home lab.” – David McGill, Vice President, Strategy & Business Development, ICF, on the kind of people who will succeed in cybersecurity

McGill_David v2A recent article noted that, in the first quarter of 2017 alone, an average of 858 malware specimens were created, and David McGill is one of those on the front lines of dealing with such cybersecurity threats. He has a particularly advanced view of these, as his work with the Department of Defense enables him to see threats days or weeks before these become known in the commercial world.

David got involved in cybersecurity full-time in 2011, and at present, he is focusing on cybersecurity vulnerability in operational technology and industrial control systems, and he is also involved with a team that works on other aspects of cybersecurity. One of the things the team is presently working on is creating a synthetic network where malicious code can be inserted, to better train cyber operators to recognize these and thus become more effective. His team is also looking into virtual reality as well as working with the Army Research Laboratory, and still others are working with corporations to help with these companies’ cyber hygiene, which is all about the processes, procedures, policies, guidance, governance and risk management.

David also remarks that one of the newest groups of ICF now works with clients on enterprise resilience, which means identifying the threats to the enterprise’s mission, after which plans are created to address and respond to such threats. He shared that a client company uses gaming technology to investigate complex decision making or create very interesting exercises where the end result is open-ended, rather than predetermined. David also adds that, no matter how much one prepares, the possibility always exists that an organization will be hit with a threat in a way that wasn’t foreseen, which is why the use of gaming technology is appealing.

Granted, technical know-how and, if necessary, clearances are needed to become a cybersecurity professional, but it’s not just these which are needed. David shares that, where a cybersecurity professional is concerned, people who are flexible, self-aware, self-directed, who love to learn and who can manage themselves are what are needed, as the environment is very dynamic. He cites the example of having to deal with an emergency one day and then becoming a help desk analyst the next, and noted that emotional intelligence is also a necessity, since the professional will need to deal with different kinds of people. He also notes that passion is very important, given the environment, and that one indication of this is if an applicant runs a lab from his own home.

David is always on the lookout for good people. He asks for referrals from his team members and from within the company itself for potential cybersecurity experts he could hire.


Renee Brown Small is the author of Magnetic Hiring: Your Company’s Secret Weapon to Attracting Top Cyber Security Talent and CEO of Cyber Human Capital, an HR consultancy that specializes in innovative ways companies hire and keep cybersecurity talent. Download a free copy of her book here. Brown Small is contributing editor of the CyberCapital.us blog.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Successful Cyber Growth Companies Tell All

January 2nd, 2018 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit - (Comments Off)

Listen up cyber startup companies: Greater Washington is the place to be for expansion; that’s according to top cyber CEOs building some of the biggest cyber growth companies today.

The region’s cyber leaders came together on November 15 at NVTC’s second annual Capital Cybersecurity Summit and shared their unique insights into scaling their businesses and their teams into world-class organizations in the Greater Washington region.

Panelists included John Ackerly, CEO and Co-Founder, Virtru; Rohyt Belani, Co-Founder and CEO, PhishMe; Jack Huffard, President, COO and Co-Founder, Tenable; and Tiffany Olson Jones, CEO, Distil Networks. BlueDelta Capital Partners Co-Founder Mark Frantz moderated.

Here are some of the key takeaways from the discussion:

  • In moving from startup to a growth company, panelists agreed that companies must fully engage their market segments and tighten their focus to ensure they are serving a specific customer need before expanding.
  • What sets Greater Washington apart from other regions for cyber growth companies? Employees. The region’s talented cyber workforce and its investment in the cyber mission is unmatched anywhere else. The region is retaining top cyber talent too.
  • Greater Washington must seize the opportunity to attract and retain millennial tech talent, especially in cybersecurity – and can serve as a national example in doing so.

Full video from the panel below:

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Capital Cybersecurity Summit: Grant Schneider Keynote

December 19th, 2017 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit - (Comments Off)

Schneider v2On November 14-15, 2017, NVTC hosted the second annual Capital Cybersecurity Summit at The Ritz-Carlton, Tysons Corner. Grant Schneider, Acting Federal Chief Information Security Officer and Senior Director for Cybersecurity Policy at the National Security Council, provided keynote remarks on November 15.

Schneider discussed the focus areas outlined in the May 2017 Presidential Executive Order on cybersecurity aimed at informing cybersecurity policy on a national scale and strengthening the security of federal networks and critical infrastructure. Schneider shared how building a highly-skilled cybersecurity workforce is a national priority and stressed the need for more cybersecurity education, personal responsibility and empowerment for consumers.

View full video of Schneider’s remarks below as he covers the administration’s cybersecurity focus areas, the government’s transition towards shared services and the latest news around government IT modernization:

Stay tuned for more Capital Cybersecurity Summit content here on the blog!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC Tech Talent Initiative Launches New Webinar Series

December 18th, 2017 | Posted by Alexa Magdalenski in Tech Talent Initiative - (Comments Off)

Tech Talent Initiative Logo - For WebBeginning in January 2018, the NVTC Tech Talent Initiative will host a series of webinars detailing how you can take advantage of the resources to support the relatively untapped talent pool of individuals with disabilities and Veterans. The webinar series will also address assistive technologies and disability etiquette. Members of your human resource, facilities operations, talent acquisition, diversity and inclusion, training, compliance, and legal departments are encouraged to participate.

Jan. 18: Recruiting, Hiring and Training Individuals with Disabilities
12:00 – 1:00 p.m.
Kathy West-Evans, M.P.A, CRC, Director of Business Relations for Council of State Administrators of Vocational Rehabilitation (CSAVR), will offer information on affirmative action strategies to assist businesses in recruiting, hiring and training individuals with disabilities and Veterans into their workforce. Register here.

Feb. 15: Office Ergonomics, Universal Design and Assistive Technology
12:00 – 1:00 p.m.
Paula K. Marin, OTR/L, Assistive Technology Specialist with CPID, will discuss office ergonomics, universal design and assistive technology within the IT field. Register here.

March 15: Diversity at Work and Disability Etiquette
12:00 – 1:00 p.m.
LaPearl Smith, Business Development Manager with the Department for Aging and Rehabilitation Services, and Diana McBride, Business Relation Specialist with the Department for the Blind and Vision Impaired, will provide information on diversity at work and disability etiquette. Register here.

Learn more about the Tech talent Initiative’s workforce resources and participation opportunities here.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Cybersecurity Talent Recruiting Reinvented

December 15th, 2017 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit - (Comments Off)

Here on the NVTC Blog, we’re sharing original content and video from the second annual Capital Cybersecurity Summit that took place on Nov. 14-15, 2017 at The Ritz-Carlton, Tysons Corner.


Did you know that 50 percent of cyber job openings in the nation are located in the Greater Washington region? Or that there are over 44,000 cyber job openings in the region?

Organizations are getting creative in sourcing cyber talent in maintain a competitive edge. In fact, the talent shortage is becoming a strategic priority for almost every organization in the cyber sector across the country.

The Capital Cybersecurity Summit’s engaging Unique Ways to Attract Top Cyber Talent panel explored innovative ways companies have overcome the cyber talent gap challenges in their organizations. Panelists included U.S. Cyber Challenge National Director Karen Evans, Northrop Grumman Mission Systems Manager, Strategic Analysis, Initiatives & Operations, Cyber & Intelligence Mission Solutions Brian Loggins, Ishpi Information Technologies, Inc. Executive Vice President and Chief Technology Officer Girish Seshagiri and Cyber Human Capital LLC President and Founder Renee Brown Small. Monster Government Solutions Vice President of Global Strategy and Business Development Susan Fallon moderated.

Emerging from the discussion were unique ways organizations and HR professionals are sourcing – and upskilling – cyber talent. For example:

  • Ishpi Information Technologies has created a customized, “dual-model” apprenticeship program that combines specialized cybersecurity curriculum and on-the-job-training. The program also provides students assistance with security clearances before graduation, which helps to speed up the often long and tedious clearance process.
  • Northrop Grumman is partnering with the academic community, especially at the high school level with students interested in STEM, to source talent and engage students earlier in cybersecurity and computer science career paths. Northrop Grumman also offers cybersecurity scholarships at the high school and college level.
  • Cyber Human Capital’s Renee Brown Small shared that she has found success sourcing cyber talent by working with employees already in an organization who show interest in cybersecurity and upskilling them. Tapping into talent currently in an organization also helps with retention, as employees feel their skills and potential are valued, and that they are being challenged.
  • U.S. Cyber Challenge is bringing together stakeholders from the public and private sectors to host national cyber competitions to identify emerging cyber talent.

For more strategies and insights around recruiting cyber talent, view the full video from the panel below:

Check out Washington Business Journal coverage from the panel.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Event Helps Small Technology Companies Do Business with Prime Contractors

December 15th, 2017 | Posted by Alexa Magdalenski in Small Business and Entrepreneur - (Comments Off)

On Dec. 15, the NVTC Small Business and Entrepreneur Committee hosted an exciting Teaming, Partnering and Contracting event at the CIT Building in Herndon. The event focused on best practices for teaming in the government contracting space.

Sixteen companies from the region participated by talking with emerging businesses about how smaller companies can do business with established companies, what types of partners they are looking for and potential opportunities for teaming in the future. Participating companies interested in partnering, teaming and subcontracting with small businesses at the event included AMERICAN SYSTEMS, BAE Systems, Blue Canopy Jacobs, Booz Allen Hamilton, CALIBRE, CACI International, CGI Federal, CSRA, Grant Thornton, MITRE Corporation, Noblis, Northrop Grumman, NTT Data, PwC, SAIC and Serco.

The event also hosted a panel discussion featuring Aronson LLC Principal Consultant Tom Marcinko, The Bridge Host and Moderator Jim McCarthy and SAIC Senior Director, Small Business Development and Utilization Office Michael Townsend. The panel touched on various aspects of teaming in government contracting. Washington Business Journal Editor-At-Large Jennifer Nycz-Conner moderated.

Learn more about the Small Business & Entrepreneur Committee here.

008 007 006 004 003 001

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

By John Wood, CEO & Chairman, Telos Corporation


John-WoodAt the second annual NVTC Capital Cybersecurity Summit, I was privileged to moderate an amazing panel discussion on “The State of Cloud Security and Compliance: Dispelling the Myth of Cloud Insecurity.”

What made it so amazing were the panelists who represented the “Big 3” of cloud providers: Susie Adams, Chief Technology Officer, Microsoft Federal; Matthew O’Connor, Security Program Manager for Google Cloud Platform, Google; and Doug Van Dyke, General Manager, Public Sector, Amazon Web Services.

Yes, these three companies are in fierce competition – but, they are also passionate advocates of cloud computing and how it can benefit public and private sector enterprises. That passion really showed throughout our wide-ranging conversation.

During the discussion, the panelists shared why federal agencies, which have been slower than the private sector in adopting cloud computing, despite its advantages in terms of security, cost-effectiveness and capabilities, are now finally picking up the pace on cloud adoption. Our panel noted that NIST Special Publication 800-171, with its emphasis on a common language, has increasingly helped decision-makers better understand the security standards required to operate in the cloud and thus enabled them to make more informed decisions.

Susie Adams of Microsoft stated that “The security paradigm has changed,” because “we are no longer just protecting assets that live behind our firewall…there is now a virtual edge you need to protect.” She added that “Identity is the new firewall, and devices are the new edge.” Another key point Susie made was that, “We are going to need to learn to protect data no matter where it is. If you can make that paradigm shift in your head, then you clearly see cloud providers can give you capabilities you didn’t have before.” I responded by noting that automation is key…it takes the work out of the manual security compliance process and puts it in the hands of the systems.

Currently, some 80 percent of federal IT spending is devoted to maintenance, often of outdated legacy IT systems, which is a massive information security risk. This is compared to 20-something percent for maintenance in much of the commercial sector, where businesses have much more readily adopted the cloud and other such innovative technologies. In our discussion on that issue, Doug Van Dyke of AWS observed that “There is a risk in not adopting these new technologies.” So if enterprises truly want to minimize risk, the cloud should be a means to do so. Susie Adams added that if agencies (and others) are not protecting their infrastructure, they are going to have a breach, and that is “why it’s important for the federal government to take advantage and invest in this new technology.”

Asked to identify what might impede or slow down cloud adoption, Google’s Matt O’Connor named two things – a massive breach that could lead to a more cautious posture vis-à-vis the cloud, and overly burdensome regulation, particularly by other nations. He stressed that governments around the world need to collaborate with, not dictate to, the private sector.

We had a very lively discussion on the responsibilities of customers hosting in the cloud environment. Doug Van Dyke said it is wrong for users to assume that security is someone else’s responsibility in the cloud, which he tied back to educating users.  Matt O’Connor summed it up by saying that, in a shared security model, enterprises can look at their cloud security provider as a force multiplier and they should take advantage of what cloud providers have put in place, but they should not neglect their own responsibilities.

We concluded our session with a number of excellent questions from attendees, and Doug Van Dyke summed up the entire discussion best by saying we should mark this date, because we had AWS, Microsoft and Google “all in violent agreement” over the advantages of cloud computing and the need for continued focus on state of cloud security and compliance.

I agreed with that conclusion – to have business rivals all on the same page is memorable. But cloud security and compliance should be an area where there is strong consensus because they are now so intertwined. And I also believe cloud security providers should explore additional methods to further automate security and compliance processes for their customers.

Here’s a link to the entire session (see video below also). I highly recommend it to anyone exploring a move to the cloud who may have some lingering hesitation. It will be worth your while.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

2017 Capital Cybersecurity Summit Photo Gallery Is Live!

November 28th, 2017 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit - (Comments Off)

On November 14-15, 2017, NVTC hosted the second annual Capital Cybersecurity Summit at The Ritz-Carlton, Tysons Corner. With over 350 attendees, the Summit highlighted the Greater Washington region’s unmatched set of cybersecurity assets. The Summit featured keynote remarks by Howard Marshall, Deputy Assistant Director, Cyber Intelligence, Outreach and Support Branch at the FBI, and Grant Schneider, Acting Federal Chief Information Security Officer and Senior Director for Cybersecurity Policy at the National Security Council. Engaging panel sessions were led by cybersecurity experts from the public, private and academic sectors, and the Summit’s exhibit hall showcased cybersecurity innovators and companies supporting the region’s cybersecurity industry.

Click here for a full recap of the event.

1711_Cyber Security Summit 06 1711_Cyber Security Summit 05 v2

1711_Cyber Security Summit 07 v2 1711_Cyber Security Summit 02 v2

View the full gallery here and stayed tuned on the blog for more Capital Health Tech Summit content, video and photos!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS