Capella University alum Jason Herbst has worked just about every angle of the cyber security world, from application support to web development to jobs he can’t even talk about.
Which means he’s a wealth of information about the world of IT. Take it from this industry vet—he’s got the tips and tools you need to navigate the super-hot field of information security.
Q. How did you get started in the cyber security field? What excites you about it?
A. In high school I was the nerd others paid to fix their computers, and I’m the geek my family turned to when the computer didn’t work. I decided to make a career out of it and went to Minneapolis Business College for computer science. I chose not to complete the program because the difference between a diploma and an Associate of Science (AS) was marginal. Getting a Bachelor of Science (BS) would have been worth it, but they didn’t offer one at the time.
I landed my first full time IT job in application support and later moved into infrastructure support. I first encountered the field of information security when I branched out to work with different IT divisions. That meant making sure my systems were compliant with security policies and objectives. I had found exactly what I wanted to do with my career.
I also very quickly found my knowledge to be lacking. I started looking into BS degrees and discovered Capella was a good match because I could continue working and take classes and I could see their coursework was directly applicable not only to my current job but also with the entire industry. I kept my job and enrolled at Capella. As my knowledge and experience grew, I started working with forensics, data management, and the company website. The more I dug into security, the more fascinating I found it. I became Security+ certified, and by the time I left the company, my job had become entirely security-focused.
I next joined a development shop in a web security role. This was a radically different role that I enjoyed. Working with internal teams on the security of projects, as well as assessing the security of external clients, was fun and very rewarding. In my personal time, I completed several more certifications, including: CHFI (Certified Hacking Forensics Investigator), OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), and GSEC (GIAC Security Essentials). I also graduated summa cum laude from Capella.
I’m now working as an independent contractor for a large organization to improve several facets of their security. Since non-disclosure agreements apply, I can’t talk about details. Suffice it to say, I’m continuing to dive deeper and deeper into security as my career progresses.
Q. What makes Capella a good place to get a degree in information security?
A. A few things.
- The online format allows learning at your own pace.
- The quality of the academic coursework is excellent and immediately applicable to your career.
- They’re always evolving their coursework to keep pace with the industry. I’ve spoken with several instructors about new developments and changes in the curriculum. Hearing about what they have planned makes me wish I were taking my coursework now.
Q. What’s your state-of-the-state when it comes to cyber security?
A. A common saying in the security industry is: We don’t know what we don’t know. It’s very easy to miss something that isn’t understood. An organization’s defensive tools can have holes the organization doesn’t know about. The challenge is to creatively anticipate the next breach. We have to get better at this.
A related issue is a lack of trained staff within organizations and a slim hiring pool. The security teams at many organizations simply can’t keep up with everything they need to do. Without proper staffing, alerts that could have identified attacks can go unnoticed. Some of these issues can be solved with more money for vendor support and/or tools to help fill the gaps.
The bottom line is the security industry is in dire need of trained people. There’s a negative employment rate, but that’s only part of the picture. Poaching is pretty regular. High demand for trained people means that established information security professionals can often improve their situations by switching jobs.
To solve this problem, organizations could beef up their professional development and training programs. Many leaders fear their employees will get trained and certified on the job and quickly move on to other organizations. But, I believe security people will stay at a company that pushes training because they gain more knowledge and remain challenged. Security professionals are highly motivated and seek out a challenge.
Q. You helped co-found the local International Information Systems Security Certification Consortium (ISC)2 chapter. What important roles does this organization play for security professionals and in the industry?
A. We have two major focuses: collaboration and education. Everyone who comes to our meetings is looking to stay abreast of security trends. (ISC)2 organizes meetings and presentations designed to teach the group about something new. The group serves as a kind of think tank where we can bounce security-related problems, thoughts, and ideas off of each other.
We also try to reach out to students and local colleges. Many senior security people are happy to offer up advice and mentorship to help get more talented professionals into the industry. We help colleges supplement their course material to prepare students to enter the workforce. We need these new recruits.
Q. What do you see coming down the road for the cyber security field?
A. Smartphone hacking is already becoming a problem. Smartphones are specialized computers, but, unlike home computers, phones aren’t running antivirus, anti-malware, and a firewall. There are not nearly as many protective tools for phones. Even if the tools were available, they would drain batteries faster. I see smartphone security as the next frontier for cyber security.
Q. What do you think potential or current students should know about the field and its importance?
A. Try to find a specialty. Information security has many specialties, and it’s impossible to be an expert in all of them. Narrow down to a specialty and focus. The more focused you are, the easier it will be to gain experience and learn. If you want to go into a differently specialty later, it’s generally easier to branch out with experience. Also, find a mentor who can help you navigate the field and find a niche just right for you.