Mind the Gap: There’s More Than One Path

I grew up in a small rural town in North Georgia. When I lived there, we had two or three stop lights and one heck of a following for Sonic hamburgers. We all bled orange and black, the colors of the high school football team, and we all knew who was at the funeral home, who was bringing casseroles, who was causing trouble in town and who was hosting the next Sunday Tea. My Mom was my eighth grade English teacher and always a presence in my school either in a teaching position or as a Principal. The biggest fear I had was getting in trouble at school and her knowing about it before I even got home.

I never dreamed that we would one day live in a world where we had to fear our bank accounts getting hacked or our identities being stolen or our companies losing millions of dollars in downtime due to cyber attacks.

But we do, and a journey backwards on a timeline is not going to change that.

Now, here I am, surrounded by some of the smartest people in cybersecurity and I am amazed and thankful that I got here; however, I wonder how we are going to fill the 1.8 million open positions by 2022, as reported by the Center for Cyber Safety and Education.

For starters, getting children interested at an early age is critical.

Justin Chouinard, a Principal Software Engineer for DDoS products here at Arbor, is the perfect example. He has a really cool role as an architect and he gets to be forward thinking in terms of where the DDoS landscape is headed.

He didn’t start here. He grew here. And he started young.

When Justin was in 4th grade, he had some limited exposure through a teacher who had his class entering in lines of code in QBasic, running the program and then making changes. From there, Justin began tackling security and programming as a hobby and it became something he always knew he wanted to do. When he was in 10th grade he took a C++ programming class that was pretty easy for him. When programming, time passed really quickly for Justin and he loved the problem solving aspect of it – he felt like it was solving puzzles.

Fifteen.

While the rest of us were applying for jobs at grocery stores and restaurants, Justin was busy sending resumes out to Internet Service Providers (ISP). The funny thing is he got rejected by Taco Bell, but was hired making $6 per hour doing tech support, network administration and writing backend systems for a small ISP. Justin’s boss and his parents were a stable source of encouragement and influence for him. His parents even drove him to his first job since he didn’t even have his license yet! Today, Justin plays a key role at the world’s leading DDoS protection company. Way to go Justin!

What does one need to get started?

In short, you need a problem to solve, knowledge of open source software, Linux, and programming experience – preferably in a few languages. According to Justin, that is the minimum for getting your foot in the door (especially at Arbor Networks). But do you need a degree?

There has been a lot of discussion since the Equifax breach on the need for graduate degrees as a requirement for holding cybersecurity positions. With so many cybersecurity jobs available, and so many online programming certificates available, this may become less of a focus. There are clear arguments to both sides. For instance, according to a study done by Rasmussen College, 86% of cybersecurity job postings are looking for candidates with at least a Bachelor’s degree.

Justin falls in a group that is outside the norm. At his high school, there was an existing program for electricians that allowed them to start their career in their senior year while earning credits for graduation. Justin recognized the value of this program, but wondered why there wasn’t one for computer science. Rather than just wonder, he acted. He reached out not only to the school but to the state government, repeatedly. Through his determined effort, he came to find a Senator who was willing to support his idea. Thanks to his unconventional efforts, his school now has an apprenticeship program for computer science. Not only is he ambitious, but he is also a pioneer!

Justin started his job when he was fifteen and continued to develop his skills on his own, self taught, together with on the job training he continued to excel. He has never attended a college class.  Justin thinks there is value in degreed programs, but his experience has shown that this is not the only path. He believes you need a project and a problem to be solved, and a love for programming. Everything else is a secondary skill that you can work on in time. The way we make a dent in the open position gap is by starting to train young and employers thinking outside the box about what makes for a great candidate – they might have the skills but not the degree.

Justin suggests that if one has interest in programming, with all the resources available online, dive in. Go pick a project and start coding. To understand how exploits work, programming is the core of it. Get into chat rooms, follow conversations and learn. One suggestion he had that I loved was, “go find the nerds in the lunchroom, sit down and trade secrets”. Fantastic.

Seven Years Ago

Seven years ago, Arbor was lucky to have Justin join on our team. Justin said he was looking for a company that lived up to his high expectations and Arbor has met those time and time again. His interview for employment with Arbor was really challenging and that hooked him. Since then his continued growth and development has kept him here. He’s quick to point out that it takes everyone to make success. Cybersecurity products are not successful just because of programmers. Programmers are a big deal for sure, but all facets of a company are involved – User Experience, Quality Assurance, Program Management, Marketing, Sales Operations, Sales, and the list goes on…

In my next blog I will be touching on the importance of another role that is critical to cybersecurity success. A special thanks to Justin for allowing me to dive into his incredibly interesting start in the world of computer science and cybersecurity. Until next time…