Preparing the next generation of cybersecurity professionals

Students high school age and younger are getting fast-tracked into cybersecurity. Some are even learning concepts like packet tracing at just six years old, says Victor “Vic” Malloy, an Independent Consultant working with the CyberTexas Foundation as their General Manager. On today's episode, Vic shares his wealth of engaging stories about inspiring young people through the CyberTexas Foundation, getting people of all ages interested in cybersecurity and developing the next generation of the workforce.

Vic earned a bachelor’s degree from the University of North Texas and a master’s degree from Webster University. He had multiple assignments over 13 years working in cyberspace security at multiple network operations and security centers in the U.S. Air Force. His last position in the Air Force was overseeing daily cyber operations tasked missions within the AF Cyberspace Operations Center, which was responsible for the cyber defense of all Air Force global networks and the global employment of cyberspace capabilities to support ongoing combat operations. Previously, he served as Chief Information Officer for National Security Agency/Central Security Service in Texas.

  • View transcript
    • [00:00] Chris Sienko: It’s celebration here in the studio, because the Cyber Work with Infosec podcast is a winner. Thanks to the Cybersecurity Excellence Awards for awarding us a Best Cybersecurity Podcast Gold Medal in our category. We’re celebrating, but we’re giving all of you the gift. We’re once again giving away a free month of our Infosec Skills platform, which features targeted learning modules, cloud-hosted cyber ranges, hands-on projects, certification practice exams and skills assessments.

      To take advantage of this special offer for Cyber Work listeners, head over to infosecinstitute.com/skills or click the link in the description below. Sign up for an individual subscription as you normally would. Then in the coupon box, type the word cyberwork, c-y-b-e-r-w-o-r-k, no spaces, no capital letters, and just like magic, you can claim your free month. Thank you once again for listening to and watching our podcast. We appreciate each and every one of you coming back each week.

      Enough of that, let’s begin episode.

      [01:03] CS: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week, I sit down with a different industry thought leader and we discuss the latest cybersecurity trends, how those trends are affecting the work of infosec professionals while offering tips for those trying to break in or move up the ladder in the cybersecurity industry. Our subject today is the Cyber Texas Foundation. Cyber Texas helps high school and even younger kids get fast-tracked with cybersecurity classes and hands-on skills.

      Our guest today is Victor “Vic” Malloy. Vic is an independent consultant working with the Cyber Texas Foundation as their general manager. He is a small business owner with over 20 years of specialized experience as a senior and executive leader in information technology programs with Air Force Department of Defense major commands, commercial financial services and civilian defense contractor industry. Vic earned his bachelor’ degree from the University of North Texas and a master’s degree from Webster University. He has had multiple assignments over 13 years working in cyberspace security and operations at multiple network operations and security centers in the US Air Force. His last position in the US Air Force was to oversee daily cyber operations, cyber operation test missions within the Air Force Cyber Space Security Operations Center, which was responsible for the cyber defense of all Air Force network globally and the employment of cyberspace capabilities globally to support ongoing combat operations.

      Previously, he served as Chief Information Officer for the National Security Agency Central Security Service in Texas. Vic is happily married and the father of four children. He is a native New Yorker and a PROUD TEXAN BY CHOICE. Vic is active in church and his family and annually leads planning activities for the annual San Antonio 9/11 Memorial Site Commemoration focused on keeping awareness, vigilance against dramatic domestic and international terrorism. His passion is the development of the next-generation workforce and increasing cyber education in the global community.

      Thank you so much for joining us today, Vic.

      [03:01] Victor Malloy: Thank you. That’s a mouthful. I appreciate it.

      [03:02] CS: Yeah, I know. You’ve already have a very exciting life and we’re going to poke into it a little bit right now. We’d like to start every episode by sort of getting a sense of your sort of personal tech journey, your personal security journeys. How did you first get interested in computers and tech and where and when did you start your journey in cybersecurity?

      [03:24] VM: Thank you once again. I would have to say that when I was in high school in Dallas, Texas, 1981. At that time, I was in my senior year and my last class elective was this thing called basic programming, and they gave us a whole bunch of punch cards and said, “We want you to program this game.”

      At that time my mother was working for a big company in the Dallas-Fort Worth area and she used to have these large, magnetic disk storage arrays inside the information technology center. I always thought that was neat. Never in my mind that imagined that I would be a part of the information technology space in a meaningful way, because at that time, I wanted to go into the Air Force. That was my initial step into information technology.

      [04:22] CS: Did you sort of bring your interest in information technology and tech into the Air Force or was that something that sort of they suggested and you jumped on or did you sort of get into it and say, “I want to sort of work in the security and tech space within the Air Force.”

      [04:36] VM: I enrolled in the ROTC program reserve officer training corps at the University of North Texas, and at that time, I want to be a pilot, believe it or not, because everybody wanted to be like Tom Cruise and go off and defend the nation in fine fashion. Unfortunately, at that time I was colorblind and therefore didn’t meet the criteria for that, and then also, Tom Cruise, was Navy. I wanted to be in the Air Force area. We kind of went our separate ways.

      [05:12] CS: Your story split at that point. Yeah.

      [05:13] VM: Yeah. We went different. But they created a new career path that enabled pilots to go back into the cockpit, and they called it the operations management officer career field, whereby they took candidates who would be non-rated and they would work all of those operational assignments that would normally be delegated for the pilots.

      On my first duty assignment at Spangdahlem, Germany. I was in a fighter squadron. I got the opportunity to get my wings, so to speak, and flying in the F-16 and flying in the F-4. But part of my duties was to work with the operations desk and doing flight training and flight assessments record management, and then that brought me into information technology and making sure that all of the information was being recorded and tracked appropriately.

      I was the guy they had to go to the computer communication squadron and make sure that the information technology requirements for our operational fighter squadron were being met. So that was my military introduction to information technology.

      [06:32] CS: Okay. Now, what year would this have been when you were sort of doing this?

      [06:37] VM: That was right before Desert Storm.

      [06:40] CS: Okay. ’88.

      [06:42] VM: Yeah. 1989, 1988, and at that time we had the trash 80s, if you can remember that.

      [06:50] CS: Oh, yeah.

      [06:50] VM: So I really dig myself. Yeah, that was the extent of our information technology at that time.

      [06:56] CS: Okay. I was going to ask you about that. I mean, you’ve obviously seen a lot of sort of changes in those intervening decades. How has security and information technology sort of fundamentally changed since then for better or worse?

      [07:10] VM: Well, I would say that around the 2000 is when we started looking at information warfare on command-and-control warfare as a domain that need to be addressed from the Department of Defense. Before cyber was cyber, we called it information assurance and working in the intelligence community and working with DOD. As they were formulating a framework for what we call cyber operations today, we knew that there was operations in the space, information in the space that could be used. That would give a physical effect and make it a force multiplier. More than being in the cockpit, we found that there were ways that being on the desktop or connected to the information systems that we could generate effects in campaign operations.

      [08:16] CS: Okay. Yeah. Obviously, your early days with cybersecurity, information technology has given you a desire to sort of give back or pass on to the next generation. Today, we really want to talk specifically about your work with the organization, Cyber Texas, which aims to bring cybersecurity skills and studies into the high school and I think even middle school curriculum. Can you tell me a little about the origins of Cyber Texas, How it was founded and some more info about its mission?

      [08:46] VM: Sure thing. The Cyber Texas Foundation before it was established formally five years ago, 2015, was really a group of retired and active-duty military civilians and senior officers who said, “Hey, look. The Air Force Association had created this competition in Florida under the cyber patriot program.” So they took about 12 schools in the Florida region that were in the ROTC program and said, “Let’s generate a competition that shows how to secure an operating system.”

      I believe the first year, they only had 12 teams that has expanded exponentially to over 8,000 teams in this last year that competed globally. San Antonio had the distinction of bringing the national championship in the all service division back to San Antonio after not having it for the last decade.

      [10:04] CS: Wow! Congratulations. Let’s talk a little bit about the cybersecurity skills that students are learning through cyber Texas. Is it true they’re actually studying for and being awarded cybersecurity certs?

      [10:18] VM: Most definitely. In its infancy, the program was very much going in and doing just system administration, creating user accounts and looking at permissions, and that was just the basics, which is the introductory of how do you do identity access management. Over the years, the Cyber Patriot Program has matured and become more complex in looking at network, looking at firewalls, looking at traffic, doing PCAP analysis. In some cases, regional community colleges and industry have invested in Security+, Network+. In our most recent year, we had several students pursue and attain their Cisco Security Network Certification, their CCNA, and this is before graduating high school.

      [11:21] CS: Wow! That’s awesome. Yeah. Is this curriculum happening within the sort of school curriculum? Is this an afterschool thing?

      [11:31] VM: It varies. It all depends on what is your community’s interest in going after promoting this? The school, and particular this year, at Roosevelt high school, they had an engineering technology academy. In this engineering technology academy, they’re doing rocketry. They’re doing advanced computer security. They’re doing a lot of mathematic and engineering subjects that are preparing the students before they even go through their undergraduate courses of studies in those foundational courses and then application of the information that they’re being presented in those different courses.

      To your point, some in these cases where there is an academy inside the school, there is curriculum that is focused upon giving that practicum lecturer, but then also the actual application of applying what they’ve learned in practice.

      [12:40] CS: Okay. There’s a lot of hands-on in this as well. You’re not just lecturing.

      [12:44] VM: Exactly.

      [12:46] CS: Yeah. We talk a lot on this program about the cybersecurity skills gap and, specifically, that there’s more cybersecurity positions available and desperately needed to be filled, and there are qualified professionals to fill them at the moment. Can we talk about the ways in which Cyber Texas and similar organizations can help curb the problem over the long term? Obviously, I talked to a lot of people who are talking about recruiting issues, or not looking for unicorn candidates, or getting people with no experience sort of fast-tracked into lower-level positions where they can get experience and stuff. But sort of – I’m just curious about your sort of – Your contribution to all of this. You’re sort of raising the cybersecurity pros of the future here. What are your thoughts on the skills gap?

      [13:29] VM: Right. The way we define that is the talent pipeline management process, which begins interestingly enough, in the middle school. In some cases, even in elementary school. If you look at the Cyber Patriot program office and you go to uscyberpatriot.org, you’ll find that there is information that spans what we call K through gray.

      So beginning in the elementary school, there is an initiative program that’s free and available for download that even goes into what is packet tracing. Imagine that you are in a six-year-old and you’re playing a game, and in this game, you have networks and you have to traverse through different systems, routers, devices, firewalls and so forth, and you can watch your packet as it goes through the network. That’s the foundation of putting together a wide area network.

      Then it grows into middle school with information that’s available for Windows Operating Systems and what are whether those actions that you need to do, or system administration and looking at the server logs, system logs, prohibited files and media and all of those things that you would do as an information security professional to hard net operating system extending into the client version of Windows and then also into the Windows server environment when you’re administering a whole system of systems. Then we also include the UNIX platform with Ubuntu as the operating system so that they can understand that there are some command lines and environment in that system that you can do it some GUI, but we also try to promote the fact that Linux is a more openly available platform where you can even be more powerful and use tools like Metasploit, Kali Linux and other power tools, Powershell, all that.

      [15:44] CS: Okay. Right. Now, I want to sort of – I want to note this, because I feel like we get a lot of people who contact us and say, “The Security+, or Net+ plus just seems so unattainable. Yeah. Now, I’m in my 40s. I’ve already had a career. I want to get into cybersecurity, but it’s intimidating.” I mean, obviously not to – High schoolers can do it. I realized that high schoolers have more malleable, stretchy brains. But, this is attainable stuff. Especially if your sort of addressing it when you’re six years old and it becomes sort of instinctual like that. I mean, can you speak to that? What are your thoughts on sort of older folks trying to get these sort of entry-level certs or this this entry-level knowledge who might be sort of intimidated?

      [16:36] VM: Chris, that’s a great comment and it kind of goes back to what I was sharing with the regards to the Cyber Patriot Program. We have coaches and mentors. There are technical mentors and non-technical mentors and coaches. The way we differentiate that is, to be a coach, you just have to be a parent or a teacher with the desire to put together a team of four or five students to say, “We want you to go through the material and learn and become familiar with it. If you have an area that you need help, then you have a network of technical mentors.”

      You as a 30+, 40+ adult today, don’t feel like you have to master it all. I would implore you to go to uscyberpatriot.org, register as a coach, register as a mentor and go alongside what I call the digital natives, the youth that are born today have been gifted this digital domain. But then we as digital immigrants, you and I, we’re around, we talked about earlier, max headroom timeframe. As graybeards, it’s our responsibility to extend a hand to the digital natives to help them navigate through this space, because the same lessons that we learned growing up apply as being a digital citizen. A lot of them, they feel like they have anonymity and they are immune to the dangers of oversharing in that I space.

      As digital immigrants, we can share our lessons learned in our culture and our caution as they are expanding their wings and building the bridge between the K through gray. That’s why in the Cyber Patriot Organization, the national commissioner, Bernie Scotch, had a conversation with his mother who was about to become the victim of identity theft. So he spawned a program about three years ago called Cyber Generations, which is a downloadable that you as a child can now go to your parents and present to them information that will protect them so that they don’t become victims of phishing, smishing, vishing, identity access, loss as a result of being online as a senior today.

      It was very exciting to me in the last year, Chick-fil-A has a leader program, a leader academy program, and we took a group of young ladies to an army resident center and we used the Cyber Patriot’s program for cyber generations and we allowed them to go through the material, digested it. A lot of them were former Cyber Patriot students and participants. They had a real strong grasp and they were highly effective and highly efficient in meeting those who are senior and presenting the information to them and making dialogue and connection and increasing their awareness and their appreciation for how they can protect themselves with multifactor authentication and look at those measures that they can pick to defend themselves against data loss in this digital society that we’re in.

      [20:16] CS: Okay. Going back to certs a little bit, what are you, in your opinion, the role of certs in cybersecurity? I mean, it’s excellent that high schoolers are getting them. It’s a good place to get your foot in the door. But I also get the sense that you’re especially interested in securing the skills rather than studying toward an actual certification. Can you sort of talk to me about the pros and cons of using certs as kind of like your tool to your career development?

      [20:45] VM: Yeah. What I would call the certs is, the certs is the glove and the competency is the hand in the glove. I think, too often, people are running behind certs and not really being able to function in that space and doing yourself a disservice and then you also do your corporation or your company and your organization a disservice by just having a certification, but not having the application and the practitioner, the comfort and the competency to operate in that space.

      That’s the joy I get out of being with the Cyber Texas Foundation, is that we want to match and complement the practical competency as well as the certification so that when you are an employer and you’re doing an interview and you got this entry-level person that’s coming to your organization, hey may be doing software development or they may be looking at – I call them even the information technology help desk technician, and they’ve been a member of Cyber Patriot or they’ve been in the collegian competition that sponsored by the CIAS, the Center for Infrastructure and Assurance out of San Antonio, Texas, and they been at a national level competition. That means that they have been in the middle of an actual the DDoS attack and they’ve worked with a team of diverse talent in students who were able to overcome those challenges and obstacles and mitigate and build solutions that are industry that are based upon industry standards today, and all of the CVEs that are out there, the common vulnerability exposures that are out there. They’ve seen it before. My advice is most definitely, get the cert, but be certain with the competency that you can perform those tasks that those certs are there for.

      [22:54] CS: Right. To sort of speak to the people who are maybe in the midpoint between K and gray, if you’re studying for the cert and you want to get the cert but you want to make sure you’re not just collecting certs. What are some tips you might have do get the hands-on skills that you’re looking for?

      I mean, does Cyber Patriot have that sort of – These sort of hands-on type things that you can work with or do you have other suggestions?

      [23:17] VM: Oh, sure. I mean, make sure you join the Information Security Professional Organizations, ISSA. Make sure you’re a part of your B-size communities. Go to those. I don’t want to use the term hacker. But in San Antonio, we have the San Antonio Hacker Association. Then we have other groups that are all coalesce together. At our universities, they have a lot of student-led organizations that are under the tutelage of associate professors and deans at the University of Texas San Antonio, Dr. Nicole Beebe, is a world-renowned as a digital forensics expert and subject matter leader. She has been leading the Cybersecurity Student Association there and helping them as they are going through their undergraduate and graduate programs. In some cases, the students are so proficient. They even pursue their doctorate. It’s really about if you’re a middle-aged professional today and we are dealing with all of these uncertainties. A way to get away from uncertainty is to have some vision and the inspiration as to where you want to go and then link up with those who are already there, the digital natives and say, “Hey, look. Hey, I’ve been an office administrator and I’ve been dealing with personnel records. How can I leverage my understanding of human resources management with information security?” Then that’s a great inroad to talk about identity access management and maybe your interest in becoming a certified technician in that space.

      [25:19] CS: I want to go, again, to talk about Cyber Texas. How big of an organization is Cyber Texas. I mean, obviously, it’s as big as the state of Taxes. But how many teachers and workers are out there and how many kids does it reach throughout Texas and in like different school districts or whatever?

      [25:34] VM: Yeah. Right now, we have over 350 teams that were registered during the 2019, 2020 Cyber Patriot Competition, which makes us the largest community center of excellence in the nation. That’s due in large part to industry partners who contribute to the foundation so that we can put on events like the San Antonio’s Mayor’s Cup 10 years ago. The City of San Antonio’s mayor wanted to recognize all of the students who were competing and encourage them to pursue science, technology, engineering, and mathematics as a course of study. And we recognized the top teams that would go on to compete at the national levels.

      At that time, the Cyber Texas Foundation wasn’t official, but I was in industry with a Department of Defense contractor and I said, “Hey, we need to encourage these kids.” So what we did as a group and as a community was one company would sponsor bomber jackets, the Air Force bomber jackets, and would put the students names on it with the with the Cyber Patriot wing and they would go off to nationals in Baltimore in the latter part of winter with these bomber jackets on and compete.

      Around the same time when the iPad first came out, I said, “Let’s get the kids some iPads.” So we started awarding the top teams iPads. As we grew through the years to encourage more minorities and females to come into the space, we would recognize the top female team and start giving them scholarships We have the Armed Forces Communications and Electronic Association, AFCEA, and they’ve have been very, very generous in giving large thousands of dollars in scholarships to teams, the rookie Ricky teams to the number one team in the region to just to say, “We’re putting our money where our mouth is.”

      We’ve been very fortunate to be aligned with Booz Allen Hamilton who just recently was promoted to our foundational sponsor and that they were the first company to bring on graduates from the Cyber Patriot Program to process security clearances so that these high schools graduates could in DOD alongside me on full spectrum operations. The challenge, like I say, to those in industry is to follow that that same model of sponsoring interns and bringing them into your business model.

      Right now, I think we’ve had dozens of students go through the program and become full-time employees with Booz Allen Hamilton. We recently started a partnership under the sponsorship of the Department of Labor with the Cyber Youth Apprenticeship Initiative, and that’s CYAI. We’ve been partnered with a gentleman named Mike Lawrence. And they have been creating what are called registered apprenticeship programs. I encourage if you’re a business owner today and you want to have a better corporate responsibility footprint and being a go-giver, like Dominique Harriet from USAA in their corporate office, be become a registered apprenticeship program through the Cyber Security Youth apprenticeship initiative with Mike Lawrence and those folks. They have funding from the Department of Labor that will help you be more effective in rolling out your program.

      [30:15] CS: Cool. Now, I’m curious just personally and these competitions that your students go through. Can you sort of tell me a little bit about the types of sort of challenges, the head-to-head challenges that that they do? What are some of the most fun challenges your students were asked to perform?

      [30:32] VM: It’s amazing. They start in in April with exhibition rounds and basically that’s a safe space for them to start a team, go through the learning materials, and they have a virtual machine using VMware to where they have the operating system that they have to secure. Their challenge is given in the form of a scenario that’s a readme file and they are typically identified as being a part of a business. That business has employees that are on a network. They have a website they have policies that have to be put in place. They have to make sure that the operating system and the environment is secure so that the business can be profitable and not vulnerable to known attacks.

      If they start with that one operating system and they use that in the exhibition round and then the coaches come in and they kind of guide the students through the learning material first, then through the actual application in the virtual machine to secure the operating system, and then it gets more complicated. We say, “Now you have a server, and in this server you have to look at all of the audit logs and how they’re communicating back and forth with N-clients.” Then we say, “Oh, by the way, now you got a UNIX environment and you’ve got to secure that environment.”

      And then through the partnership with Cisco, Cisco has granted Net Academy as a license for the students that are participating in the cyber patriot competition. They grant that license to the students to go through Net Academy so they can learn the principles of networking and package pricing and PCAP analysis and so forth.

      [32:29] CS: Is it true that Texas has a state mandate requiring students to have some degree of cybersecurity literacy? I heard that somewhere. I’ve heard that they had to declare it as part of their curriculum. How does that work in your experience? Has it changed the cyber hygiene and overall safety of young people in the area?

      [32:45] VM: It’s improving. We haven’t got to there yet. Cybersecurity is a state mandate with regards to employees and in the education system as a security awareness. That’s the topical entry-level. But more and more, we’re looking to help with fundamentals of cybersecurity being included into the curriculum. We work with TEA, the Texas Education Agency to help formulate that. We’re in the process of working on a study to assess the landscape as to what are those effective clubs, competition, curriculum and capacity that will increase the competency of our youth that are in the K through 12 pipeline so that when they are applying for college or going into a vocation or starting their own business, they can be much more effective.

      [33:50] CS: There’s something we unfortunately had to talk about these several episodes recently, but with the novel coronavirus changing the way school and learning is being performed in the coming months and possibly years, how has online learning changed or modified the way you teach students about cybersecurity? Is there a summer school? Have you shifted to ensure that students are still able to keep up and keep ahead?

      [34:11] VM: Yeah. It’s been an opportunity, and I think these students have stepped up to the challenge in a major way. This year, when we had the outbreak in April, we had to cease all of our in-person meetings and transition to a virtual space. Our national competition, which is held in the Baltimore region, had to be postponed. But through diligence of the CIAS at UTSA and the home office, the Cyber Patriot in the Virginia area, we held our first ever virtual competition and it resounded large – A loud success, a large success, and we were able to via Zoom and other platforms, discord, meet so that the teams could meet from home, login and actually have a red team attack in their environment to where after they secured their system, there was an active red team that when after their information systems to make sure, check in their work. Check in their work.

      [35:37] CS: I mean, is the read team also students or is it like cybersecurity professionals that are –

      [35:43] VM: The red team is our cybersecurity professionals who are framed who are trained at knowing what those vulnerabilities are, and they pull no punches.

      [35:57] CS: That’s like having like a high school football team and it’s like, “Oh, by the way, the local freshman team is coming here to see if you’re any good or not.”

      [36:05] VM: Yeah. The pros come in and check your work.

      [36:09] CS: Aggressively.

      [36:11] VM: When they come in, no hard feelings.

      [36:13] CS: How did they hold up?

      [36:14] VM: They did very well.

      [36:17] CS: It’s going to be a great opportunity to learn too.

      [36:19] VM: Oh my goodness!

      [36:20] CS: One thing to say, “Okay, I did it.” And then you’re like, “Oh, yeah. But what about – I have a 14 point list for you now,” all the things that we got into.

      [36:30] VM: It’s really about and that’s what the Cyber Texas Foundation, you asked earlier about, our organization. It is only to main day-to-day people, myself being the general manager as a contract support. And then the founder is Joe Sanchez. He is a legend in the community here in San Antonio. As a matter of fact, he was instrumental in getting the cybersecurity programs, computer science really launched at UTSA. So that now it’s a center of academic excellence and certified by the National Security Agency in providing those courses of study and Ph.D. programs, graduate programs, actual research looking at innovation that will help protect this space that we are highly dependent upon now. Everything is online, and that’s our new reality.

      [37:40] CS: Yeah. Are there areas of Texas that Cyber Texas doesn’t cover? Are you trying to sort of like expand your reach? If there are, are there ways that students or parents in Texas that might want this program for the kids that they could request it for schools in their area?

      [37:56] VM: Sure thing. If any parent that’s listening to this podcast finds that this is interesting and there is not any kind of community activity. We are the Cyber Texas Foundation are committed to reaching out and building that roadmap for you in your community. As a matter fact, two weeks ago, we were invited by Cyber Houston, which is led by a business leader whose name is Umesh Verma, or the Blue Lance Corporation, but he took a community of business leaders and they created Cyber Houston and he joined us last year for our Cyber Texas Summit and talked about what he was doing and offering free vulnerability assessment offerings to the business community so that they can begin to assess what their vulnerabilities are, what gaps that they have, and then provide them some tools that could mitigate those gaps. Now I think that’s what it takes, is businesses, public, private, government coming together to solidify and raise those pathways so that we can secure this space that we’ve become so dependent upon.

      [39:19] CS: Yeah. You discussed earlier about bringing more women and people of color into cybersecurity. Can you give me some tips or advice for people of color coming into the world of security? What recommendations would you give to organizations also to make their corporate culture more welcoming to a diverse workforce?

      [39:40] VM: First and foremost, just meet the people where they’re at. When you find students that are in areas to where the digital divide that has been highly amplified in this new reality of economic disadvantage and so forth and you’re community leaders are making investments in those phase, reach out virtually. Get on to your social media platforms and challenge that community. Who are people of color that are having significant challenges and in working in those spaces? You see them and you know that every day. They were the essential workers, the postal workers that work in delivering your mail. They were the Uber driver that’s coming to contactless delivery and so forth. They have families. Ask them the question, “What are your kids studying?” It’s the same thing. It’s just starting a conversation and just asking the question. What are their great interests?

      When you find out what their interests are, not everyone is going to be a surgeon. Not everyone is going to be a doctor, but everyone knows that they have to practice good hygiene. So, the same thing. Everyone is not going to be a database administrator. Everyone is not going to be working in a security operations center, but we still have digital hygiene.

      [41:13] CS: Yeah, and it’s good to know that those are still options as well.

      [41:16] VM: Right. Right. But just have the conversation, and it’s just to encourage them that if this is an area of study that they want to – In San Antonio, we have the CAST Tech School. It’s a magnet school and they’re really in the Hispanic, large Hispanic community that we have in San Antonio unit targeting in a positive way, “Hey, look. We want you as a Hispanic young man, a young Latina or African-American to come and find out. The course of the study that are available for you, and we’ll get mentors for you. We’ll get tutors for you. We’ll get resources for you.”

      I’m working with another community partner, his name is management Michellea Millis, and she is wanting to start what’s called the Round STEM Academy, which is targeted for those communities of color. And we want to have this new academy stood up in the next year and a half in San Antonio. So Cyber Texas is partnering with her in Port San Antonio and the San Antonio Museum of Science and Technology, SAMSAT, to make sure that we marshal our resources together and say, “What can we do to make Round STEM Academy a new reality?”

      [42:40] CS: That’s awesome, and I’m really glad to hear that. I want to wrap up today and just get some sort of last tips from you. What advice do you have for high schoolers who are trying to get into cybersecurity even beyond just simple cyber hygiene and so forth, which obviously is not simple? But what advice do you have. If you’re on the fence or you’re thinking about it or you’ve trepidations or whatever, what would you say to them?

      [43:05] VM: Well, what I would say is – It’s interesting. We did in an internship interview, and yesterday one of the applicants was a valedictorian of his class his major is music. But he finds this cybersecurity information space intriguing. I was like, “That’s what it starts with. It starts with that spark and that desire.” Because those things that you’re doing with music and arts and in literary pursuits, all of those things are being enabled by this digital platform, this digital environment. So it’s great to be in the space, but you need to understand that there are some security responsibilities that are your requirement and ask questions and dig a little deeper and be more aware of that space and be more engaged in that space.

      As you’re on social media, LinkedIn, Instagram, Tiktoking and so forth, just be aware that space that you’re creating a digital footprint. And what is that digital footprint, that digital persona, and how do you navigate that space five years from now? It’s great that you want to be liked and a part of a community, but that community in this digital space is not temporary. It goes on and on and on and created –

      [44:45] CS: It’s only the record.

      [44:47] VM: Your persona. Yeah.

      [44:48] CS: Yeah. That’s great to hear too I mean, just about every single job profession you might wind, it also has a security component to it. Everything’s going to be online. Why not both? If you want to be a musician that knows how to secure the network of the recording studio that you’re in or something like that. It’s a really good skill to have regardless of whether you put it to a monetary profession.

      [45:15] VM: Yeah. And I would be remised not to say a special appreciation at Jack Koziol and the entire community of Infosec. You guys have created a powerful platform with over 600 modules that leads to a pathway to anyone who has the desire and interest into what is this cybersecurity thing all about. Its nonthreatening. It’s very inviting. It’s very engaging and guides you step-by-step on, “Hey, here is how you do a command line entry in Linux to understand what the present working directory is,” and then allows you to try the command and then give you tip and guide you of videos, great videos that just take you from infancy, to adulthood as to what it takes in order to become a certified, competent professional in this space.

      I challenge all of my digital immigrants to take the leap of faith and know that there’s somebody here with Infosec Institute, Cyber Texas Foundation, and then the information security profession at large to guide you and hold your hand so that you can be a success.

      [46:39] CS: Thank you very much. That means a ton to hear that from you. Thank you so much, and someone to call it right now best guest ever. Did my work for me here. No, actually, I’m going to connect what you said. As we wrap up today, if people want to know more about Vic Malloy or your doings at Cyber Texas, where can they go online?

      [46:58] VM: I employ you to go to www.cybertexas.org, or you can send an email to [email protected] and we would be happy to help you become more secure, more profitable and increase the peace.

      [47:21] CS: That sounds wonderful, Vic. Thank you so much for joining us today on cyber work, and this was a great talk.

      [47:28] VM: Thank you, Chris. Appreciate it.

      [47:30] CS: Thank you all today for listening and watching. If you enjoyed today’s video, you can find many more on our YouTube page. Just go to youtube.com and type in Cyber Work with Infosec. Check out our collection of tutorials, interviews and past webinars. If you’d rather have us in your ears during your workday, all of our videos are also available as audio podcasts. Just search Cyber Work with Infosec in your podcast capture of choice. And as always, if you wouldn’t mind leaving a five-star review, a five-star rating and review, that does help us to get more people.

      As Vic happily said, we would like to talk to you a little bit about getting a free month of our Infosec Skills platform. Vic discussed it. We discussed it at the start of the show. Go to infosecinstitute.com/skills, sign up for an account and in the coupon code you can type the code cyberwork, all one word, all small letters, no spaces, and you get a free month. Thanks once again to Vic Malloy and thank you all for watching and listening. We will speak to you next week.

Cyber Work listeners get a free month of Infosec Skills.

Use code “cyberwork” to get access to hundreds of IT and security courses today.

Get Started

About Cyber Work

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.

Get $100 for your feedback!

Take this short survey about the Cyber Work podcast and be entered for a chance to win a $100 gift card!