As a follow-up to our recent post about targeting cybersecurity work in your contracting business, I sat down with TAPE’s cybersecurity program manager Stewart Wharton to give you a glimpse behind the scenes.
Stu, what does a typical day look like for the TAPE cybersecurity team? Is there any such thing?
It’s a very high visibility, fast-paced environment, working for one of the largest federal law enforcement agencies in the U.S. The team is involved with all aspects of analyzing threats and vulnerabilities.
We do a daily assessment of risk to the systems; we do a lot of reporting using a variety of dashboards. We can suggest fixes, and make sure those fixes are acceptable. We also follow up to ensure that the systems people have implemented them.
It’s a lot of analysis work – analyzing data to see if it’s a threat, a vulnerability, or a mitigation, and also determining the likelihood of the impact of the vulnerability to a system, and the overall risk to the system.
We just wrote in this blog about how government contractors can find cybersecurity work by approaching their existing customers. How has TAPE used this strategy?
Our customer base has grown twice in the year and a half that we’ve been here. And we continue to look at other entities within the agency that could use our BPA (blanket purchase agreement) – an existing contracting vehicle that any federal customer can funnel money to, as long as the scope of the BPA is within cybersecurity.
What is the most common misconception you hear about cybersecurity?
That cybersecurity is all about tools and technology, when really a lot of breaches are socially engineered and simple, such as a user opening an email or attachment they shouldn’t have. Yes, breaches in security can be highly technical, but it can also be amazingly simple.
What do you wish everyone knew about cybersecurity in the workplace?
No matter what job you’re doing, whether you’re at work or at home, everyone should be more aware of how simple it is to give away the keys to the kingdom, just by doing the wrong thing with your email.
- Don’t open an email if you don’t recognize who it’s from or it’s not from an official account in your workplace.
- Don’t open attachments if you don’t recognize who it’s from. Attachments are the easiest way to get a bug or virus into your system.
- Don’t share your password or write it on a sticky note and keep it on your laptop. When working remotely in an airport, you’d be amazed how easy it is for someone to look over your shoulder. They can find out a lot about you, and then pretend to be you.
What do you see going on in the cybersecurity industry right now?
There is a huge demand signal for people doing this kind of work, but at the same time, the quality of people able to do this work is increasing. A lot of graduates are hitting the streets with certifications or degrees that used to take somebody five or ten years of experience to get.
These young workers have all the right credentials but not a whole lot of experience. While this means the cybersecurity market has been flooded with talented individuals, what used to be a high value work area has been somewhat watered down.
What’s the most rewarding thing about your work in cybersecurity?
That at the end of the day, our team and I have helped national security across the United States. Cybersecurity is officially recognized as a domain where the enemy can wage war against you, so we need to be prepared on that same kind of footing.