Tech Update
OPPORTUNITIES IN COMPUTER SECURITY

IT security pros: demand clearly exceeds supply

“What has been accomplished since 9/11 is significant. The IT security profession is more communicative and collaborative, and is now driving technology.” – Patricia Titus, Transportation Security Agency

“If you are diverse, you can play in all the markets of the world.” – Brenda Jimenez, Verizon Business

By Jon Boroshok
Contributing Editor

Patricia Titus is chief information security officer at the Transportation Security Admin, part of the DHS.

Mel Fulton manages a Booz Allen team that supports classified government customers.

From identity theft to cyber terrorism, an increasing number of high-tech threats are fueling the call for IT security professionals. The demand is, in fact, already exceeding the supply. When you add in the inclusion goals of private-sector companies and government agencies alike, the opportunities are tremendous for qualified diverse candidates.

Andy Zaleta is a partner/co-leader of the U.S. technology practice of Battalia Winston (Boston, MA), the U.S. member of Amrop Hever Group, an executive search firm. Zaleta has a CIA background and specializes in security recruiting. He flatly states that there are not enough qualified and experienced people, whatever their ethnicity or gender, to fill all the IT security jobs. Government and industry are competing for likely candidates, he adds.

A recent study by the Greater Washington Initiative (GWI, Washington, DC), a regional cooperative marketing organization, shows that IT recruiting ads in Capitol-region newspapers are heavily skewed to techies with security clearance. Middle managers with clearance are in particularly high demand.

Steven Pedigo, GWI’s director of research, doesn’t see race or gender as any problem. “Qualified females have just as good a chance as men,” he says. “IT is about skill sets, not what you look like.”

CIS sees the need to meet compliance concerns
“IT audit is a growing area for people with security skills,” says Dave Shackleford, VP of the Center for Internet Security (CIS, Atlanta, GA). The mission of this nonprofit enterprise is to help organizations reduce the risk of business and electronic commerce disruptions because of inadequate technical security controls.

Web application security and encryption skills are in demand right now, Shackleford says. “All of this is driven by the growth in e-commerce and regulations like PCI, FFIEC and SOX.”

He thinks that intrusion analysis is a great skill to have, along with general assessment skills like system analysis and penetration testing. “Application security and security coding skills are growing like crazy, and overall security architecture planning and design skills are more in demand than ever.”

Government or private sector?
Battalia Winston’s Zaleta notes that while government agencies don’t usually pay as well as the private sector, government jobs do offer the opportunity to work on some extremely interesting projects. “Plus they offer a psychic bonus, because you may be helping to protect the country from terrorism.”

GWI’s Pedigo thinks the government’s tenure-based GS levels may be unappealing to younger workers. The government does, however, usually offer a better work/life balance, Pedigo says.

A final thought from Shackleford of the CIS: while government agencies may not pay as well, they tend to have more entry-level jobs where aspiring security engineers and analysts can learn or polish key skills.

Booz Allen Hamilton’s Mel Fulton supports the intell community

Mel Fulton.

Mel Fulton, a principal at Booz Allen Hamilton (McLean, VA), is market lead and line of business manager for a team that works with U.S. government classified (USGC) customers. He supports the intelligence community.

Fulton’s team at Booz Allen builds solutions and helps the government pursue the global war on terrorism. The work includes building and securing data layers for sharing information across multiple levels and agencies.

Fulton leads a team of seventy people who support software development and implementation, including the use of biometrics to provide assurance and resiliency from an IT security perspective.

Fulton says his team’s primary focus is delivering software and system solutions to USGC clients in areas of info management and intel analysis. Other duties include developing and implementing strategic and tactical business plans, and overseeing daily functions like customer care, training, asset management, staffing, project management, and directing marketing and business capture activities.

Fulton grew up in inner-city Philadelphia and received a BSEE from Northeastern University (Boston, MA) in 1977. He started his career at a small consulting firm analyzing the U.S. Navy’s AEGIS weapons systems. His three years at the firm included programming, systems engineering, and serving as a consultant to the Navy. From there he went on to General Electric in Valley Forge, PA where he worked on classified projects for datacom and satcom systems.

In 1988 he went to work for TASC, Inc as a systems engineer in classified government intelligence. He completed an MSIS from George Washington University (Washington, DC). He joined Booz Allen in 2002, brought in as a senior-level manager.

Fulton says he picked IT security as a career out of loyalty to America and a desire to help protect the country. “I did not want to build weapons of destruction, so I went into intelligence systems,” he explains. He likes the technology and engaging with other techies to solve difficult problems. “Helping with the global war on terrorism makes you feel glad you’re an American.”

Fulton considers Booz Allen a great company. “People here are into looking at things from a different perspective,” he says. He is in charge of the company’s participation in the “Black Engineer of the Year” awards program, and he received the Black Engineer of the Year professional achievement in industry award in 2007. “We service a market and set of clients that are very diverse, and they look for diversity on our teams,” says Booz Allen senior associate James Woodard.

Patricia Reddic is an IT specialist at DTRA

Patricia Reddic.

Patricia Reddic is directorate administrator and Internet content manager for the security and counterintelligence directorate of the Defense Threat Reduction Agency (DTRA, Ft Belvoir, VA). She’s responsible for managing Internet content and addressing security and counterintelligence issues to keep agency personnel safe at work, at home and on the road.

Reddic is content manager for DTRA’s intranet which delivers information agency-wide. “A lot of people don’t realize how much work goes into maintaining a website,” she says. She must tailor the content to new hires as well as career civil servants; site users include military, civilian and contractor employees. “Effective communication skills are essential in this field,” she declares.

Reddic enlisted in the U.S. Army in 1975 and served in Texas and Belgium. Then she was sent to an all-white National Guard unit in Birmingham, AL. That was a difficult assignment for an African American female from New York City, but the Army was supportive and took good care of her. In 1980 she moved to Army Intelligence at the Pentagon, where her duties focused on security.

She left the Army in 1983 and was able to “realize a life-long dream” with the help of the G.I. Bill when she enrolled at Northern Virginia Community College (Annandale, VA). She got an associate degree in security administration in 1986, then a BS with honors in business from Strayer University (Newington, VA) in 1988 and an MS in business from Strayer in 1999. Reddic has been with DTRA since 1990.

She aspires to be a webmaster and designer, and continues to study new technologies. She’s taken on as many information assurance jobs as possible. “I’m very out of the box,” says Reddic.

The out-of-the-box approach is greatly valued at DTRA, says Linda Galimore, chief of the EEO and diversity programs office. Employees with IT skills are an essential part of the Defense Department’s civilian workforce, she notes.

“Diversity is important to the agency,” she says. “Successful organizations thrive on values that encourage all employees to contribute and perform at the highest level possible. At DTRA everyone has equal opportunity to contribute to a multitude of projects where effort and results are recognized.”

Galimore adds that the agency’s commitment to diversity extends into the communities it serves.

Elizabeth Dvoroznak: IT with the FBI
Elizabeth Dvoroznak is an IT specialist with the Federal Bureau of Investigation (FBI, Washington, DC). Currently she’s a security engineer in information assurance for the bureau’s security division.

Her job involves automating a number of paper-driven processes, and training other FBI employees on the bureau’s security software. She is an engineer on the bureau’s “secure network access” project, which will allow the use of a badge chip for multi-factor authentication to the network. She’s even trying to automate business protocols, she says.

Dvoroznak is also a subject matter expert for enterprise security content filtering, and serves as security engineer for the FBI’s public key infrastructure (PKI) project management office.

All these duties began this January. Before that she spent four years at the Internal Revenue Service as a lead analyst on Homeland Security Presidential Directive 12, which aims to create a common identification standard for federal employees and contractors, and the PKI project of the IRS which is designed to provide authentication and security for electronic tax transactions.

She began her government work in school, with a part-time job with the U.S. Department of the Treasury’s Bureau of Engraving and Printing. She received her BSCS from George Mason University (Fairfax, VA) in 2003.

Dvoroznak says she always seems to notice business processes that could be automated or improved by using technology. Management recognized her skills early on and assigned her to the multi-agency PKI project.

The attacks of September 11, she says, made her want to continue working for the government, inspired by pride in the country. She’s still excited about working for the FBI. “My mind will never be idle; I’m always challenged,” she says.

She’s a member of the New Carrollton Federal Building chapter of Federally Employed Women (FEW), and serves as the group’s webmaster.

The FBI actively recruits women and other diverse candidates, says Gwen Hubbard, head of the bureau’s national recruiting and marketing unit. Diversity, she says, helps break down barriers by building trust within communities. “The FBI is currently about 30 percent minorities, and I’m striving to do better, trying to fill the pipeline with diverse applicants,” she says.

Patricia Titus: CISO at the TSA

Patricia Titus.

Patricia Titus is chief information security officer (CISO) at the Transportation Security Administration (TSA, Arlington, VA), a five-year old startup security organization created as part of the U.S. Department of Homeland Security (DHS).

As CISO, Titus ensures data protection and reviews and enhances IT security for mass transit. “We take what we’ve learned to the private sector,” she says.

Besides work on creating, implementing and maintaining a robust IT security program for the TSA, she also works with the CISO at the DHS as an IS security manager.

Before joining the TSA, Titus was a technical advisor to the deputy CIO at the Treasury Department. Since going into public service she’s worked on various emerging technology and enterprise network security projects. Before she joined the government she worked in sales, marketing and IT.

She began her career with the Air Force electronic security command, “way back in the Cold War days,” she says. She went on to a dozen years living and working overseas with her family while on duty with the U.S. State Department, Department of Defense, and the government of Switzerland.

She likes the challenges of her TSA job and IT security in general. “We’re on the leading edge of risk-based decision-making,” which, she says, involves “figuring out what the bad guys will try next.” She is particularly pleased that the TSA has a full-blown risk-management program.

Sophia Corwell leads computer clusters at Sandia

Sophia Corwell.

Sophia Corwell is project leader for the high-capacity, high-performance computer clusters at Sandia National Labs in Albuquerque, NM.

Sandia is a multi-program lab operated by Sandia Corp (Livermore, CA and Albuquerque, NM), a Lockheed Martin company, for the U.S. Department of Energy’s National Nuclear Security Administration. The lab has major R&D responsibilities in national security, energy and environmental technologies and economic competitiveness.

Corwell’s job is managing clusters of Linux computers that form supercomputers. The supercomputers are used by clients in areas ranging from national security to science and physics, for research requiring mega-repetitive calculations.

The Sandia supercomputer clusters range from a mere 500 computers hooked together to a mammoth 4,480 computer grouping. This biggest cluster, nicknamed Thunderbird, is the sixth fastest supercomputer in the world, Corwell reports.

Corwell’s team of twenty employees, contractors and students helps compile, troubleshoot and run code for customers using the clusters. Managing the security embedded in the machines is a major part of the team’s responsibilities, along with procurement, integration, testing, deployment and maintenance.

Corwell joined Sandia in 1995 as a student intern in her senior year of college. She earned her BS in MIS at the University of New Mexico and became a Sandia employee. She began working with her present group in 2000 as a systems admin.

In 2002 Corwell was promoted to project leader. Then she was asked to lead Thunderbird’s production, a job she finds challenging and fulfilling. Most Thunderbird customers need assistance in using the supercomputer, and Corwell particularly enjoys helping them.

“There’s never a dull moment,” she says happily. “We’re in an area where the technology is always changing. There are always new situations and things to learn.” While balancing work, family and online studies toward an MSCS, Corwell still finds time to work with students, judge local science fairs and help with Sandia’s “bring your child to work” day.

Rochelle Lari, diversity leadership program leader, says Sandia’s workforce diversity vision is a dynamic, inclusive environment that stimulates world-class performance. “We see diversity as a prism reflecting many facets,” she declares. “We want to attract and retain the best.”

Carrie Abbiehl manages a product organization for Verizon Business

Carrie Abbiehl.

Since 2000, Carrie Abbiehl has managed security engineering services for the Colorado Springs, CO office of Verizon Business (Basking Ridge, NJ). Although she’s officially based in Colorado Springs, Abbiehl telecommutes from her home office in Ladysmith, WI.

The security engineering product management team protects against virus attacks, spyware, software vulnerabilities and mobile threats, and implements a variety of security software to keep the Verizon Business desktop environment secure.

As manager, Abbiehl is a member of the enterprise security taskforce. She works with a team to lay out security compliance standards and review guidelines for the company. She also serves on several committees, for security standards, audit, compliance and review and security awareness.

When she received her BS in business admin from Mt Senario College (Ladysmith, WI) in 1993, Abbiehl went to work for what was then MCI. She was mainframe security ops lead for four years, followed by a year as “security for open systems” technical lead.

The company then became MCI WorldCom, and Abbiehl served as midrange security team lead until 2000, when she moved into her current job as manager of the group now called security engineering product management. She completed two MBAs at Colorado Springs Technical University, in PM and healthcare management in 2003 and 2006, studying online.

She feels fortunate to manage a diverse group of professionals, some who have been with her for her entire career. Abbiehl is proud of her Colorado Springs team, and she likes the challenges of her job. There are always new threats and vulnerabilities, she notes, and her job is to “protect against the unknown.”

Sheen Patel manages security product engineering for Verizon

Sheen Patel.

Sheen Patel is manager of security product engineering for Verizon Business in Ashburn, VA. He completed his BSCS at Virginia Tech in 1995 and started with Verizon as a support engineer for operations. He moved to development, and has been in management for the past four years.

Patel’s department oversees the development of security products that Verizon Business offers as managed services. They evaluate the products, certify them and integrate them into the security management infrastructure architecture. The group manages thousands of these setups worldwide.

Patel also works directly with teams in marketing and ops to improve efficiencies.

He knows the security industry is still evolving, and is proud of his part in it. He savors the challenges of the Internet and enjoys having his work used around the world. His proudest achievement to date is the development of managed firewall services: wrapping firewall products into the architecture and managing them on a scalable basis.

“Education is a start, but the industry is changing so rapidly that you can’t really prepare yourself. You just have to take it on and learn as you do it,” Patel reflects.

Diversity helps Verizon Business stay competitive, declares diversity director Brenda Jimenez. As part of its diversity efforts the company started a mentoring program in operations and technology, and rolled it out across the company. Today employees can work with mentors in any country where Verizon Business is located. “If you are diverse, you can play in all the markets of the world,” Jimenez concludes.

D/C

Jon Boroshok is a freelance writer in Groton, MA

Back to Top