For a long time, it was believed you had to have a wall of certifications, technical degrees, and years of hands-on highly technical experience before you were really considered a ‘cyber’ person. We couldn’t have been more wrong.
Even though it’s a highly technical field in many aspects, cybersecurity has several elements that lend themselves toward different backgrounds. At Leidos, something we’ve told customers for years is that we can train a person in cyber tools but we cannot rewire their brain. And we hire them for their brains. Finding those brains requires an open mind, such as that of highly-respected cyber executive Rohan Amin, the Chief Information Security Officer at JPMorgan Chase, who recently tweeted this:
At Leidos, our cyber population has a myriad of degrees, with some of us even changing careers to join the discipline. This diversity of backgrounds is important as we look to build high-performing teams. The most successful cyber groups bring their own unique approaches to the challenges faced in the full spectrum of cyber roles. When diversity is harnessed in an environment that encourages creativity, such as cybersecurity, it leads to tremendous innovation. It’s this approach that has positioned Leidos as a leader in the cyber market worldwide.
In considering specifically those who transitioned to cybersecurity from other disciplines, we looked no further than Leidos Cyber Technical Core Competency Lead Paul Butterfoss, who previously worked in missile technology along with command and control.
Where did you start your career? What skills from those roles did you transfer into your current role?
I started my career at Boeing in Southern California after graduating from Penn State. From Boeing, I transferred to Lockheed Martin because they had a larger presence on the East Coast. Growing up, I always wanted to build ‘things that go zoom and things that go boom.’ It’s a little scary that those words actually now apply to cybersecurity.
One of the skills I learned early on was how to communicate across a diverse audience spanning from tactical operators to senior leadership. Being able to provide technical information in a consumable manner that allows leaders to make informed decisions has been a critical skill in every area I’ve worked throughout my career, but none more so than in cyber.
How did you make the transition into cybersecurity? What do you wish you had known then and what advice would you deliver to those considering a career transition?
At Lockheed, I got involved with tactical, on-the-move communications and secure network engineering; basically cyber before it was called cyber. From there, it was a natural transition to larger enterprise IT and cyber roles. It’s fascinating to see how IT/OT [operational technology] integration and the Internet of Things is actually converging those two worlds now.
I wish I had known how much I could have learned about cybersecurity before actually doing it. There’s so much information available (blogs, online training, webinars, etc.), you can become very familiar with the domain before making the jump. I’d recommend starting with the Cyber Kill Chain®. It’s the foundation of much of what we do.
“I have letters from my alma mater, my former company and my government, all apologizing that my personal information has been stolen as a result of a cyberattack. I’m working to help prevent that from happening again.” — Paul Butterfoss
What do you like best about working in cybersecurity? Why have you stayed?
Cybersecurity is now a part of every industry, and it’s a front-page story almost every week. It’s pretty cool to be immersed in something that is relevant to so many people.
I’ve stayed because this is personal. Like many others, I have letters from my alma mater, my former company and my government, all apologizing that my personal information has been stolen as a result of a cyberattack. I’m working to help prevent that from happening again.
Can you describe your best day/week as a lead cyber intelligence analyst? What aspects made it special?
To be honest, my best day is any day that doesn’t end with one of our customers on the front page of the Washington Post. As much as we’ve done, there’s still a lot more to do to actually make us secure and resilient against the myriad of threats we face.
What personality traits do you think make for the most successful people in cybersecurity? Are there any other job types that you have seen successfully transition into cybersecurity?
An inquisitive nature and a willingness to stay late and go the extra mile. At the end of the day, it helps if you have a passion for this, even outside of the job (coding, home networking projects, reading about it, etc.). That translates well into the actual job too; you always need to be evolving your skill sets or learning about the latest technology. And for major incidents or projects, it’s all hands on deck for as long as it takes.
As technical as cybersecurity seems and can be, I’ve seen people without technical degrees — artists, lawyers, even music teachers — all transition into successful cyber careers.
The cyber team at Leidos comes from all kinds of backgrounds. From law enforcement to law, from psychology degrees to military careers, our cyber staff represents the best of what Leidos has to offer. We’d love to learn about your challenges, your experiences and your story about how you got into cyber. Please reach out and share your journey!
For everyone else considering a career or a career change in cybersecurity, please browse the available roles throughout Leidos.
To read this series in its entirety, please click below:
- Part 1: Where we are and where we need to be
- Part 2: How we build capacity
- Part 3: Striving for cognitive diversity
- Part 4: Successful candidates aren't one-size-fits-all
- Part 5: What does success look like?