How remote work is impacting federal cybersecurity careers | Cyber Work Podcast

Becky Robertson joins us from Booz Allen to discuss creating remote work situations that address modern requirements but don’t sacrifice security. We discuss the ways in which COVID-19 helped the federal sector reconsider every aspect of the workflow process and what that means for future remote roles.

0:00 - Intro
2:21 - Cybersecurity origin story
4:58 - Changes from the early days of cybersecurity
6:24 - Staying in the same organization for 25 years
8:56 - Day-to-day work as a VP
10:56 - Security and working from home
13:18 - Technical hurdles to work remotely
15:15 - Changing the nature of work post pandemic
16:58 - Employees working remotely
19:04 - Security concerns when working remotely
22:55 - How to pursue a federal cybersecurity career
25:18 - Federal cybersecurity positions in demand
27:42 - Skills needed to work in federal government
29:33 - Federal skills gaps
32:05 - Career advice
32:57 - Finding mentors

– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

  • View transcript
    • [00:00:01] CS: Today on Cyber Work, Becky Robertson joins us from Booz Allen to discuss creating remote work situations that address modern requirements, but don’t sacrifice security. We discussed the ways in which the COVID-19 pandemic help the federal sector reconsider every aspect of the workflow process and what that means for the future of federal remote work. That’s all today on Cyber Work.

      First, I want to point your attention to an all-new ebook published by Infosec. It’s titled Developing Cybersecurity Talent and Teams, and it’s free to read if you just go to infosecinstitute.com/ebook. It collects practical team development ideas for industry leaders sourced from professionals like Raytheon, KPMG Cyber, Booz Allen, NICE, JP Morgan Chase, and more. Did I mention it’s free? Well, it is. Infosecinstitute.com/ebook. And now, on with the show.

      [INTERVIEW]

      [00:00:56] CS: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week we talk with a different industry thought leader about cybersecurity trends, where those trends affect the work of infosec professionals, and offer tips for breaking in or moving up the ladder in the cybersecurity industry. Becky Robertson is a leader in Booz Allen’s cybersecurity practice. Based out of the firm’s Annapolis Junction, Maryland office, she leads an organization of about 400 digital solutions engineering, and science, and analytics professionals. Becky has worked for Booz Allen for more than 23 years. She leads highly technical teams bringing together digital and engineering technologies to drive innovative effective solutions.

      Notably, she has served as the program manager on a successful initiative, where the firm increased software development rigor and integrated teams while also converting to earned value management techniques. Although COVID restrictions are lifting for large swaths of the country, given the increase of people who are fully vaccinated, in truth, a great deal of the federal and military sector have had to work in close quarters, and work from home hasn’t been an option due to the level of security clearance required to do their job.

      In anticipation of future pullbacks, or in the event of infection flare-ups, or vectors, or inevitable future pandemics, let’s be honest, we’re going to talk about the ways that highly security cleared professionals can remain secure in a cybersecurity sense, while also being secure in regard to public health. We’ll probably talk about a lot more stuff with regard to Booz Hamilton as well.

      So Becky, welcome to Cyber Work.

      [00:02:19] BR: Thank you. It’s great to be here.

      [00:02:21] CS: So we always like to start by getting the story of our guest’s cybersecurity journey in their own words. How far back did your interest in computers and tech start? And what initially got you excited to learn more about cybersecurity?

      [00:02:33] BR: Actually, I was coming out of college. I’m going to date myself here, back in 1990. And I had gone in to college, getting a computer science and math degree. Then it turned to math. And then I realized it just wasn’t making me happy what I was doing. And I ended up adding some communications classes. And I came out with this some kind of a hybrid degree that included lots of things. And what I found was I had an advisor in college who was fabulous, Rick Dillman, if he’s still out there, who really helped me understand the importance of a diverse team, both diverse ethnically as well as skill-wise. And one of the early projects I worked on in a senior thesis class was a modeling and simulation project. And I was like, “Why I am doing this? This isn’t what I want to be doing.” And he’s like, “Becky, you’re here to help make sure everything’s done.” And I realized, “Oh, okay, I can be technically adept. I’ll do things I like.”

      And so that kind of launched me on my way realizing that, “Okay, I don’t have to be an engineer to be involved in really good tech stuff.” So from there, I got out of school, I was fortunate to get a job that included getting a clearance. And I was hired by a former Navy Commander who had a very similar view that he was happy to take inexperienced people with potential. And from there, I soon ended up at Booz Allen a few years later. And it’s been a series of, I think, fortunate events for me that I’ve been able to kind of get in and what I consider to be the inception of what people call cyber today, right? We were cyber before cyber was cool. It’s a cool journey.

      [00:04:34] CS: Or even before people knew what it was. It seems like I was like talking to people who were learning cyber security when cybersecurity was – Everyone was learning it, because it was a new thing.

      [00:04:44] BR: Yeah, yeah. There have been a number of waves. And I feel really fortunate that I’ve been able to not just witness, but be part of those waves. So it was a cool time to be joining the workforce and kind of growing up in the IC.

      [00:04:58] CS: Now, can you talk a little bit about like how the practice and the study and the work of cybersecurity has changed since those early days when you were just kind of getting your hands around what it actually was? Like what are some of the things that surprised you? I mean, did you ever imagine in the 90s that you would be part of something that would require a presidential directive on cybersecurity.

      [00:05:21] BR: I sure wish I thought more about that. At the time, there’s probably a lot I could have done if I’ve done that. It’s not surprising. I think when I started, it felt more of a cowboy mentality.

      [00:05:37] CS: Right. Wild West, yeah.

      [00:05:39] BR: Yeah, there weren’t a lot of rules. And now there’re rules, and that’s for good reason. But I think at the same time, there is such incredible opportunity now that wasn’t there before. And so, it’s good, it’s challenging. Every day is a new challenge. And so it’s exciting. And it opens up opportunities for our staff too, right? It’s not just a business perspective. For me, it’s always been about the people I get to work with, and collaborate with. So to me, that’s the really exciting part, is that there is an expanding universe that our experts get to be a part of, and it’s really cool.

      [00:06:25] CS: Your career background travels through several spaces based in large part around the US Federal Government and the Department of Defense. What are some of the major projects or areas of study or promotions that that brought you to where you are in your position at VP at Booz Allen? And can you speak at all to staying with the same company for 25 years in an industry where people are often conditioned to pull up stakes every three to five years?

      [00:06:47] BR: Yeah. Yeah. So before I came to Booz Allen, I worked at two other defense contractors. And they were very different experiences. But I’m a firm believer that they made me who I am today. So they were good experiences. I’ll admit I feel like sometimes I’m the feather in Forrest Gump, right? I was just on the breeze, and riding the breeze somewhere. But I had great clients, great mentors, great leaders around me. And the key was really that people always encouraged me to find a way to say yes and pivot when things came up. And I’m kind of competitive. So that that wasn’t always hard to do. It was more of a balancing thing, right? How do you balance real life and your career? That kind of stuff.

      But a few things that come up for me, there was a particular client project I was working on soon after I joined Booz Allen. And the government project leader, unfortunately, was ill and was going to be out for three months at a really critical time of the project. Well, I was kind of a tech writer on that project. It turns out, I was the one that knew the most about everything going on. Everybody else was in their little corner. And I knew a lot about what was going on.

      [00:08:08] CS: You were the synthesizer of all the different pieces of information. Okay.

      [00:08:11] BR: Yeah. And so I stepped in to lead this project through a pretty pivotable time. Pivotable, I don’t know if that’s the word, time. And it was an eye opener to me. I think it really solidified my role with a lot of the engineers I was working with. And I think it certainly helped me in my career, right? It was something that was a big success. And I was pleased to have been a part of it. That’s always been my motivation, right? It’s just I want to make an impact and be part of a success. And so it was really cool to do that. So a few things like that, again, seizing opportunity when it comes up. That’s really been important to me.

      [00:08:56] CS: So because a lot of our listeners are just starting their cybersecurity journey, and looking to our guests to determine what types of careers they might want to pursue, I wanted to ask you about your current position at Booz. What is your day to day work life like as a VP there? What are some of your primary tasks each week? How big is the team that work for you? And what are some of your favorite tasks you get to do? And what are other things about your job that maybe keep you awake on Sunday nights?

      [00:09:25] BR: Yeah. Well, like most people, I think I don’t wear a single hat. In my role, I have a couple different roles. They are all focused on, number one, helping clients be more impactful. And number two, helping staff be more impactful. So it’s a real joy to get to do what I do every day. I am in awe of the people who surround me. And I think you might have mentioned in the intro, there’re about 400 folks who aligned to me directly. A broader group that I help to govern with others is a little over a thousand people. So there’re lots of people involved. I have a small group that I rely on for a lot of kind of helping me understand what’s going on, get things done. But my weeks are, in some ways, there’s a framework there. There’re meetings that have to happen to keep us all in sync, which we all kind of dread. It’s been a lot of WebEx meetings for the past 15 months, right? I have my T-shirt that says, “You’re on mute,” because, inevitably, there’s somebody on mute all the time. But it’s what happens between those regular meetings that is most interesting, right? That problem solving that we fit in the joints and the things that come up. So I have a pretty good mix of routine and not routine that comes with every week.

      [00:10:55] CS: Yeah. So as we teased at the start of the show, we wanted to talk about something that’s been an issue for the past year, of course, it’s the COVID-19 pandemic, as you mentioned, and specifically the issues of safety around first-person work operations in the face of a virus that’s astonishingly easy to spread, especially with some of the new variants, or to be infected while working in close quarters with members of the public. So while some section of the workforce immediately transitioned to work from home back in March, jobs with high-security clearances can be much harder to transfer to safer, isolated spaces. So I want to kind of start by delineating the issue here. Can you give me an example of a position that falls under this exception, a job that due to high security clearance cannot currently be safely done from a remote location?

      [00:11:40] BR: Sure, sure. And it’s probably important to say up front, the IC is not like what you see in the movies, right? There’s no one person that has all the knowledge and expertise to do something and they just click some keyboard keys and it happens, right? There’re a lot of collaboration that goes on. It’s kind of like building a rocket to go to Mars. There’re lots of unknowns. There’re lots of stakeholders, and equipment in specific locations, right? Whether that’s Houston, or Florida, or wherever, right?

      [00:12:16] CS: Probably a rotating list of people coming in and out.

      [00:12:19] BR: Yeah, and no one person could ever build or test a rocket to go to Mars by themselves, right? It’s a team of people. Injecting expertise at the right time, right systems, right locations, all that. So in my corner of the world, there’s a lot of work that’s very similar to that, right? And I think of we have software developers and technology analysts, it’s very similar to building a rocket, they depend on that creative collaboration that goes on. And sometimes there’re data sources or equipment in a specific location. And so you can’t take it home and work in your basement with it, right? So that’s a lot of what we do, and a lot of unknowns that we have to prepare for. So people have to be in the right place to do their role. And so that’s why we had thousands of people, I know, from Booz Allen and plenty of other industry partners as well, who works throughout the pandemic.

      [00:13:18] CS: Right. Now, what are some of the technical or procedural hurdles that would need to be cleared to make high-clearance positions like this safe to do remotely? Or is that not even an option?

      [00:13:30] BR: Well, this is where I think we as not just industry, but government need to think differently. I think we’ve got to look at it differently and consider breaking down what we’ve done for many years into more of a modular approach. It’s a mindset change. Everybody needs differently. And it has to reflect the way the world has changed in the past, particularly the past 10 years, has been a dramatic change in the kind of people who want the talent to do this work.

      So I think there’s a lot of updating that could be done. And it’s got to come from the inside out, or from the outside in, right? That’s another thought. I think it’s a pretty insular environment. And so, trying to find ways to bring new ideas in and say, “Hey, I know you’re busy looking at your corner of the world, but this is going on in the outside. You really should adjust,” right? That’s on us as industry. We need to take that in and help our government partners understand that environment and the importance of thinking about our work differently.

      [00:14:40] CS: Right. Yeah, I was going to say that a lot of what we’ve kind of learned in the past year happened under extreme pressure and under extreme pressure to keep things moving quickly. But it’s important to sort of like take those lessons and sort of apply them. And like you say, not just in terms of like short term emergency, but like how we can completely sort of restructure the way work looks and the way that sort of like multi-step processes can be completed in different places and so forth. I mean, is this something that Booz and other places are sort of looking at actively as far as you’re concerned?

      [00:15:23] BR: You mean about doing work differently going forward?

      [00:15:25] CS: Yeah, changing the nature of it. Yeah.

      [00:15:29] BR: Absolutely. I think, absolutely. We and others are – It’s not all up to us as a company, obviously. Our clients have to say so. So there’re a lot of discussions that have to go on and agreements. But I think everybody agrees it needs to happen. The pace of it happening is never satisfactory.

      [00:15:54] CS: Right. And I was going to say, it makes me think also of that old sort of – I mean, it’s canonical at this point, but the story of the new president of Alcoa Aluminum, where he stood in front of his board and said, “My goal for next year is zero workplace injuries,” and all the stakeholders went to sell their stocks. But as the story unfolds, you realize that by sort of moving towards 100% safety, it changes like the processes of the way how efficient aluminum is made, and all these other things. I may be getting some of the details wrong. But I feel like this has sort of a knock on effect of if we start thinking about the way things are done differently in terms of like, “Well, we’ve always done it this way. And it’s inefficient, but no one wants to change it.” Now that we’ve been in the pressure cooker of having to change it, we have this chance to sort of like create these kinds of efficiencies, right?

      [00:16:46] BR: Yeah, yeah. We have an obligation to look at this work differently, right? We have to. In order to survive, we as an IC community have to look at things differently. So I agree with you.

      [00:16:59] CS: So roughly, how many people could be affected by technical or procedural changes like this? I mean, how many employees or vendors are currently having to work in – Or not less safe conditions, but concerning conditions, because of difficulties and making them more remote?

      [00:17:16] BR: Yeah. Well, I’d start by saying I don’t think they’re in unsafe conditions.

      [00:17:23] CS: Of course. Yeah.

      [00:17:23] BR: I know our top priority as a firm has been keeping people safe. And I think our clients went out of their way to do what they could to help earn the confidence of the workforce in these really trying times. And that includes we were supported by Section 3610 of the CARES Act, which was just indispensable in helping maintain our cleared workforce. We put a lot of extra checks in place for our staff. We had testing at our site. We had home COVID testing that people could do as often as they wanted to. We had extra cleaning supplies, lunches. We provide lunches, right? So I think everyone went out of their way to make it as safe as possible. But all that said, to answer your question, I think there are hundreds of thousands of professionals who could be impacted by this. And, frankly, those people recognize the gravity of their work, and still came in to support their critical client mission.

      So I just couldn’t be prouder of our company, of our industry, and just how everyone came together and recognize, “Okay, this isn’t just any old job. What I do really matters. And I need to be here. And I need to find a way to do it safely.” So, yeah, I think these disruptions, to your point earlier, could happen again. But regardless of that, our job is to be steady in the face of those disruptions. So I feel like we did the best we could, and it was appreciated by the staff who were impacted.

      [00:19:04] CS: Yeah. Are there concerns around the cybersecurity sphere about how to create these more sort of security clear, but remote work environments that are not only safe enough to not risk being hacked at the highest level of security, but also sufficiently robust that the materials needed to do the job can be accessed? Because, obviously, it’s one thing to make everything as lockdown as possible, but there always has to be that balance if the person in the safer location doesn’t have the materials they need to do their job efficiently. What is the sort of security stance in sort of making these procedural changes?

      [00:19:40] BR: Well, I think one is we’ve got to find a way to do this, right? It’s not an option. We’ve got to find a way to do it. And I think part of it is that we shouldn’t be assuming we’re just going to pick up roles we have today and transport them remotely. To my point earlier, we need to think differently and about, “Okay, well, let’s step back and slice this pie a different way and say what could be done elsewhere without needing all of the infrastructure that’s required.” And it has to be done at scale too, right? I mean, demand is increasing for these services. It’s not going down. It’s harder for us to find the talent we need, because there is this whole other universe that’s come into being. About 10 years ago, we started feeling it, where commercial cyber was becoming attractive to people that previously had been only IC resources. So I think these two universes, I think of them as coming together now. We need to treat them as a single universe. We shouldn’t be thinking it’s them in us. It’s one universe. And so, again, that is part of the imperative about why we’ve got to find a way to make more flexible remote work possible to meet that increasing demand.

      [00:21:03] CS: Yeah, to use your term of finding different ways to slice the pie here. I mean, can you give me some sort of concrete examples of like the ways that something like this could be sort of completely rethought, like in one particular role, or one particular process?

      [00:21:17] BR: Sure. I mean, I think for any development project, there’s software development project, for instance. In the frontend, there might be some research that goes on and some data analysis. And then you might get into design, and then into development, and testing. Maybe some integration has to go on after that. And then more testing and deployment. So if you look at that lifecycle, given what happens in the non-IC world these days, some of the research that gets done very easily can be done in a remote uncleared space. So to me, that’s a perfect example, right? Just thinking about it differently, and thinking about it through a 2021 lens, right? Not a 1990 lens.

      [00:22:05] CS: Yeah, there’s an aspect where you can sort of partition the workflow in such a way that you can sort of cut out certain non-clearance required things to be done in other places. And so you’re basically sort of like breaking maybe a six-step process into a 13-step process. But in doing so, you’re able to sort of save only the most security clear necessary things for this, sort of in-person thing or in different situations.

      [00:22:36] BR: Yeah. Yeah. And at the same time, you’re broadening your staffing pool, right? You’re increasing and diversifying your staffing pool, which to me is a huge benefit, not just for numbers of people, but for the experience people have, right? You’re bringing in people who have commercial experience that you would have never been able to access before.

      [00:22:55] CS: That moves nicely to my next question. Without these predictions of in-house, or out of office, or hybrid work situations for the future of security work in the coming years, what advice or tips would you have for students or early professionals, many of whom listen to our show have indicated that they, are just beginning their career trip? What advice or tips would you have for these people who are looking for work to work in a cybersecurity role in a federal or defense sphere?

      [00:23:23] BR: Yeah. So full disclosure, I have two college aged children. One actually just graduated from high school. So she’s my freshmen going into college. But I would say the same thing I tell them, which is no matter what career field you are pursuing. It always pays to be a curious, engaged, active stakeholder in what you’re doing, right? Even if you are not an owner of what you’re doing, act like an owner, right? Care about it. And be curious. I mean, that curiosity piece to me is part of it. So many people get caught up in trying to be the expert in the room, or feeling somehow that they don’t deserve to be in the room. I have learned over the many years I’ve been working that there’s just not a time for that, right? You can’t go in assuming that you know it all. You need to seek knowledge. You need to ask questions. You can’t be afraid to look stupid. You need to be collaborative, right? You need to help others grow, right? Everybody will lift each other up. It such a more effective model in the long run. So, to me, whether you’re an accountant, you’re an HVAC mechanic, or a data scientist, or a cyber professional, or whatever, you need to be ready to be curious and engaged. So I think that applies throughout the cyber ecosystem, right? You need to be curious about the technologies that are important, about opportunities, about threats, and understanding how they fit into your client challenges. And if you don’t know your client’s full picture, seek that, right? Seek people who can help you understand it. So curiosity to me is such a valuable trait.

      [00:25:18] CS: So what types of positions in the cybersecurity sphere, or especially in demand, where are in the federal defense industry, are like high-demand for pen testers, security engineers, risk analysts, all of the above? What do you see currently people are eagerly trying to fill up this moment?

      [00:25:36] BR: Yeah. As I mentioned earlier, I don’t think the federal defense industry can afford to think of themselves as a unique industry anymore. There are characteristics that are unique, but they’re not anymore. They are pulling from the same talent pool that others are pulling through across many, many sectors, right? And lots of overlapping missions, I’ll say, between both commercial, private and federal. So cyber is such a broad term. I think you really can find any kind of specialty these days existing within the broader cyber ecosystem. So I think it really transcends industry. It’s in health. It’s in transportation. It’s in finance and banking, right. It’s across every industry now.

      All that having been said, I do think while there’s opportunity just about anywhere, some of the specific things I’m seeing, particularly with the pandemic, there was a critical need for that kind of advanced, very flexible, secure technology platforms. So that’s an interesting angle that I don’t think it’s going to go away to our discussion about working remotely, right? I think that’s going to continue. But then, in general, you look at some – If you think of the general technology trends that are out there, cloud integration, which some may think most of the world has already gone through. Well, the IC hasn’t always gone through it at the same pace as the rest of the world. So implementing data science, and machine learning, and artificial intelligence solutions are very high-demand areas for us.

      And then the pure cybersecurity side of things, right? The pen testing, as you mentioned earlier, that’s a piece of it. But it’s also more thoughtful than that, right? Things like 5G, zero trust, embedded analysis, okay, cyber defense. All of that is incredibly high-demand, again, in my corner of the world.

      [00:27:43] CS: So for people who are, again, just getting started, or maybe still in college, or sort of examining their options, but they know that they want to sort of get into sort of federal roles, are there any particular – Obviously, security clearances, and things, or things they need to start thinking about and preparing for, but are there any other sort of skills? Or like what would be your sort of like your all in one starter kit for like, “I want to get working in the federal government, and I don’t know where to start.” Like where would where would you start apart from continuing your cyber training?

      [00:28:17] BR: Well, so I think there’s always a role for folks with technology experience. So whether that’s as a software developer, or a systems engineer, some kind of a data scientist, I think all those roles have a very – There’s a very strong need for those. I think I would say part of it is exposing yourself to not just what you find interesting, but listening to things like podcasts. Being out there, checking in on blogs, on things that are important to you. Kind of the networking piece, which isn’t a word I like to use, because it scares me a little bit. I’m not into networking, but I learned I had to do it. But it gets back to that curiosity piece, right? Being curious and just looking to learn. Make it less about networking, and more about looking to learn. I think that’s the best thing you can do. And, seriously, I think just about any degree could launch you into this work. I don’t think it’s about having to have an engineering degree.

      [00:29:31] CS: Right. So we talk a lot on the show about the skills gap in cybersecurity, specifically in the private sector. Where there’re more positions to be filled, and there are qualified candidates to fill them. Does the federal sector have a similar problem in your experience?

      [00:29:45] BR: Yeah, yeah. As I said, I mean, they’re a shared space now. They’re fused together, federal and private. And that’s not going to be undone. I think that’s just where we are. So it’s interesting. I’ve seen many of our industry partners treat them as two separate spaces. And I think that is mostly a risk mitigation thing for them, right? They don’t want to get in trouble by sharing something they shouldn’t share. It just makes it a lot cleaner. But in the long run, I don’t think it really helps their clients. So I know, within Booz Allen, our approach has been different that we think there is a tremendous amount to be gained by building a bridge between those two, two different sectors. I view it – I’m a Marvel fan. So I view it as kind of that rainbow bridge, Bifrost, right? It is so powerful when we can connect to those two and have information flow across, right? It’s not just about exporting from the federal sector out. It is about pulling in, and not even just pulling in information. But if you allow people to go across that rainbow bridge and come back, think of the knowledge and experience they’re bringing with them. So we see it as a huge win for our client’s mission, number one. But, number two, and it’s a close number two, is for our staff. Creating opportunity for staff who – We’ve got a pretty wide range of generations in the workforce. Some folks have spent their entire career in the federal space and are curious and want to give it a try. Others are mid-career and they’re like, “Well, if I’m ever going to make a move, now is it,” right? So we’d love being able to give them the opportunity to do some more of that private or commercial sector work. And then there’s folks coming out of school who many of whom they have lived in through this pandemic. They want to keep working remotely, but they like the intrigue of doing some of the federal work. And so to be able to provide opportunities across that group is, for us, a huge differentiator. We think it’s a win-win for everyone.

      [00:32:06] CS: So to that end, as we wrap up today, what advice would you give to listeners who are just trying to get their cybersecurity career off the ground, but are maybe a little unsure of where to start? What is the first step you’d recommend to put yourself on a good career path?

      [00:32:20] BR: I’m really going to sound like a mom now. But I would say look at the news, and find something that interests you in the news related to cyber. There is so much out there that’s happening, right? But just find something that intrigues you and interests you. And then be curious and learn more about it, right? Whether it’s gas lines being shut down, or something else that pops up in the news, right? There is a role for just about anyone in cybersecurity, and you got to explore a little bit, get curious, and then find yourself some good mentors.

      [00:32:57] CS: Oh, can you talk a little bit about that about mentors and sort of reaching out to people? I mean, you’re our 152nd guest, or something like that. But we’ve had loads of guests who say, “Oh, yeah, anyone can reach out to me on LinkedIn.” Like can you talk about where young people would look for mentors or sort of what the give and take is, because I know sometimes there’s a little too much taken and not enough give. Like what did what does a mentee sort of give back to a mentor in terms of making it not just sort of like, “I’m going to ask you all this stuff, and then that’s it.” Do you have any sort of thoughts on mentor-mentee etiquette?

      [00:33:38] BR: Oh, yes, of course. As a beneficiary of some really great mentors, I would say, number one, don’t assume that it’s a one way thing, right? Mentors I think learn as much from mentees as they do vice versa. So I would highly encourage you to find somebody who has that kind of attitude. And the way you find those people, number one, I think it doesn’t have to be somebody in your company. It doesn’t have to be somebody in your industry. I have gotten some of the best mentoring from people. I mentioned my college advisor was so influential. And the first person that hired me was so influential. I would seek those kinds of mentors. Anyone that you admire how they work and integrate with others. I would just pick their brain a little bit. I think most people, number one, are flattered. And they also are very willing to give up their time. I can’t tell you how fortunate I feel to have had so many good mentors helped me. I will say at Booz Allen, that’s an expectation. That if somebody asked for help, you’re going to give it. So I feel fortunate through my however many years here at Booz Allen, 26 years, 25 years. I’ve benefited from a culture where that is really valued.

      [00:35:02] CS: So one last question here. If our listeners want to learn more about Becky Robertson, your activities, or Booz Hamilton, where can they go online?

      [00:35:10] BR: So I’m on LinkedIn. And then you can also just go to boozallen.com, and under people, leaders, I’m listed there with an old picture that makes me look younger than I am.

      [00:35:23] CS: We’ve all done that. That’s great. Becky, thank you so much for joining us today and sharing your history with us. Really appreciate it.

      [00:35:30] BR: My pleasure. Thanks, Chris.

      [00:35:32] CS: And as always, thank you to everyone listening at home, or at work, or at work from home today. New episodes of the Cyber Work podcast are available every Monday at 1pm Central Time, both on video at our YouTube page on infosecinstitute.com/podcast, or an audio wherever find podcasts are downloaded. Thank you once again to Becky Robertson. And thank you all again for watching and listening. We will speak to you next week.

Cyber Work listeners get a free month of Infosec Skills!

Use code "cyberwork" to get 30 days of unlimited cybersecurity training.

Weekly career advice

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Carbon Black, IBM, CompTIA and others to discuss the latest cybersecurity workforce trends.

Hands-on training

Hands-on training

Get the hands-on training you need to learn new cybersecurity skills and keep them relevant. Every other week on Cyber Work Applied, expert Infosec instructors and industry practitioners teach a new skill — and show you how that skill applies to real-world scenarios.

Q&As with industry pros

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.