Cyber Security/Digital Forensics
Mentor, Don Pipkin
Don is a Cyber Security and Digital Forensics Instructor at Tulsa Tech’s Riverside Campus. Before becoming an instructor in 2007, he worked in business for over twenty years, eighteen of those with Hewlett-Packard. Don is also the author of several books including “Halting the Hacker: A Practical Guide to Computer Security” and “Information Security: Protecting the Global Enterprise”. He is recognized as an international expert on cyber security and his books have been translated into several foreign languages including Chinese. Don earned his Bachelor of Science in Computer Engineering from the University of Tulsa and was a regular guest lecturer at TU and Rogers State University.
In his article, Don points out that while cyber security and digital forensics are growing fields, schools are only graduating about half of the people needed to fill available positions. Strong demand means there are scholarships available if you choose this career path. Plus, there are many job opportunities in business, government and the military you will qualify for with the cyber security certifications you can earn through Tulsa Tech’s program. Many of Don’s students with these certifications have been able to advance their careers from entry level positions after they gained practical experience in this specialty without having to go on and get an associates or four-year college degree. As an example, one of his students became an IT manager only five years after graduation from Tech. Some students do decide to later go on and earn these college degrees, particularly if they want to go into business management. Some go full time, and others pursue a degree part time while working and the tuition is often paid by employers. Tulsa Tech offers opportunities for high school students to attend classes their junior and senior years for three hours a day, in which students train much like an apprentices and experience what it is like to work in this field while earning credits for high school graduation in computer science.
Don’s article will be of interest to anyone who wants to learn more about computer security systems and the digital forensics used to track down cyber criminals. Don also talks about the wide variety of career opportunities available in IT and points out that because of the vast number of different computer career opportunities, most people end up having to specialize in a particular area. Cyber security is a computer specialty that Don recommends because you not only solve interesting problems, but you also get to interact with people across the entire organization, instead of just your own department.
Overview
I went to public school in a small town west of Wichita. I have always been good at math and science and liked learning how things worked and solving problems. When I was in junior high school, I saw a presentation on computers given by instructors from Wichita State. That presentation sparked my interest and I realized that computer engineering was what I wanted to do. I looked around for colleges and found that the University of Tulsa was one of the few colleges (at the time) that offered a degree in computer engineering and that their program was highly rated. TU is still one of the best colleges in this field with more TU graduates employed at the National Security Agency than any other university. But TU is a private university and cost about four or five times as much as a state university back then, just as it does now. I had high PSAT scores and was able to get a scholarship that paid half of my tuition. I also worked during the summer and with my parents’ help and government assistance was able to pay for my college. When I graduated in 1982, my goal was to work for Hewlett-Packard, which I considered the gold standard of the computer industry, but they were not hiring anyone without experience. So my first job was with Getty Oil, an opportunity I learned about from a college friend. This was a pattern throughout my career: All of the jobs I ever had—except my current teaching position–I learned about through people I knew.
While I was at Getty, I designed software systems used for petroleum exploration and production like well log analysis, well site management and oil reserve economics. I also put together the documentation for using and supporting these systems. After I had been there three years, Texaco acquired Getty and I was going to be relocated to Houston, so I began to look for a new job in Tulsa. Then I bumped into someone I had met from HP at the baggage claim at the Denver airport, and I told him I was looking for a new job. With his help and the experience I had gained working for Getty, I was hired by HP, just as I had hoped for when I first graduated from TU.
At that time in the mid-1980s, the computer industry was moving away from mainframes, as microprocessors allowed the development of personal computing. Even in companies where large mainframes were used, more people had access to these through computer terminals and they could also access data over dial-up connections. To keep track of who was using the computer terminals and networks, passwords and logins were developed. Before these controls were added, people could just sit down at a terminal and get into the system. As personal computing grew in popularity and things like bulletin boards were developed, vandals started getting into the systems and later, cyber criminals, as financial transactions began to be done via computers over the Internet. Because of this growing problem, I became involved in cyber security and digital forensics at HP for our own systems and to help our customers. This was interesting work, in part because I interacted horizontally across all parts of the organization talking to managers about the security of the systems they were using, designing security tools for their systems and training people how to use these tools. HP then saw this as a business opportunity and I provided input for the company’s new security product development group. I also wrote two books, “Halting the Hacker: A Practical Guide to Computer Security” and “Information Security: Protecting the Global Enterprise”. These books were translated into several languages including Polish and Chinese.
I left HP in 2003 and formed my own consulting company called “Halting the Hacker” and also worked for a year in cybersecurity at Dollar Thrifty before I took my present job as an instructor at Tulsa Tech in 2007. This was the first job I ever got by seeing it advertised rather than learning about it from someone I knew. I have enjoyed teaching and helping build the program as well as working with the Tulsa Tech students. Besides young people in high school or young people entering our program right after graduation, I have also taught adults who wanted to change careers. I have seen many people make the successful transition from a job they did not like into a career in cyber security that they really enjoyed, where they have been able to grow. One of my students was a trucker who got his certifications through our program and took an entry-level cyber security job. He did so well that in just five years he was made head of his company’s entire IT department, a position that normally requires a four-year degree.
A lot of the basic corporate software systems still used by businesses were designed in the 1980s and 1990s, before security was a big concern. Many of these systems need to be rebuilt because security patches are no longer very effective. But rewriting these systems is expensive and a lot of companies do a risk/reward assessment where they calculate the possible losses they might suffer versus the cost of rewriting their programing or taking additional security measures. Many of the problems with these old systems will not get fixed unless the companies see the potential for significant damage to their business. But that potential is increasing every year as attacks by vandals and cyber criminals are increasing. More companies recognize this threat and there are now twice as many jobs available in business for people trained in cyber security and digital forensics than all of our schools and colleges are graduating. There is also more interest on the part of the public in the security of their personal information on their computers and their personal devices like the iPhone. This has caused a conflict between the need for personal privacy and the need for law enforcement to be able to access this information. A good example is the recent lawsuit by the FBI to have Apple help them access information on a terrorist’s iPhone. All this attention on cyber security and forensics will continue to drive the growth in this career field.
How to Prepare for a Career in Cyber Security and Digital Forensics
There are three principal career paths in this area of IT and your education will be tailored to the particular path you choose. These paths require either several certifications, a two- or four-year college degree or some combination. Before you choose one of these career paths, it can be helpful for you to first get some practical experience working in cyber security and digital forensics to know if it interests you before you go into a training program. Tulsa Tech works with high schools in our area to give you the opportunity as a Junior and Senior to attend classes at Tulsa Tech for three hours per day where we give you practical experience by assigning you similar tasks you would get from an employer much like is done in an apprenticeship program. For example, instructors give you memos like you would get from an employer in which you are asked to do things like set up passwords, design firewalls and build networks. All this gives you some idea of what you would be doing each day if you choose this computer specialty.
Here are what I consider the three main career paths for cyber security and digital forensics:
- IT Security Operations focuses on system administration tasks that provide the appropriate level of security. This kind of practical training is what we teach at Tulsa Tech in our security certification programs. Because experience is important in the computer industry, many of our students grow into higher-level management positions from the entry-level jobs they get with these certifications and our training without having to get an additional management degree. But in some of the larger companies, you will reach a ceiling in their management hierarchy if you do not go on and get an associates or four-year college degree. Also understand that that everything in the computer industry is constantly changing and regardless of your position you will have to be taking some kind of continuing education classes throughout your career. Many companies will pay for your advanced training and this is something you should check when you are looking at any job in this field.
- IT Enterprise Management includes overseeing and leading information technology operations by selecting products and policies. This is a more business-focused position This generally requires a degree. These management courses are offered locally through associate’s programs from Oklahoma State at their technical school in Okmulgee and through a program taught at their Tulsa campus as well as at Tulsa Community College and Rogers State College. There is the possibility that you will receive credits for some of the training you got at Tulsa Tech by TCC and Rogers State if you decide to pursue an Associates degree at either school.
- Computer Engineering positions like those in Information Security require a four-year degree and, for research positions in engineering, you normally must have a Masters degree. The University of Tulsa has one of the best programs in the country for this kind of training for Cyber Security and Digital Forensics with many of the National Security Administration’s computer engineers coming from their program.
You can also add additional certifications to advance your career and earn a higher salary:
- Certified Information Systems Security Professional (CISSP) is an independent information security certificate given by the International Information Security Certification Consortium. It is recognized internationally as the highest level of certification for computer security.
- Certified Information Security Manager (CISM) is a certification that focuses on information risk management.
- Certified Information Systems Auditor (CISA) is a globally recognized certification in the field of audit, control and security of information systems.
The highest level of compensation in the computer industry is as a Chief Information Technology Officer where the salaries are well over one hundred thousand dollars. However, analysts and computer specialists still earn good salaries. A salary survey for a number of IT positions is provided by YPNG at the end of this article to give you a better idea of the range of salaries for different positions and the education level that is required.
The Tulsa Tech Cyber Security and Digital Forensics Program
Ours is a certification program designed for you to earn five certificates that will allow you to get an entry level job in cyber security and digital forensics:
- Microsoft Operating Systems
- Microsoft Servers
- Microsoft Networking
- Microsoft Security
- Security Plus (For all systems)
The full time Tulsa Tech program runs for twenty months for 3 hours a day for both adults and high school students. We also have part time programs and e-learning programs so that people can take these courses and continue working at their regular job.
We offer courses for three hours a day for Junior and Senior high school students where we give them work experiences like they would get in real life similar to an apprenticeship program. High school students living in the Tulsa Tech school district are not charged tuition.
Each October, during cyber security awareness month, our students put on a trade show called Cyber Security Spook House. They select topics which are of concern to individuals. They prepare an informational brochure discussing the issue and how to protect against it; develop a presentation and a demonstration of the issue; and decorate the booths in a spook house theme. They present their topic to other students from other programs at TulsaTech and to many visitors from the community. We have over 700 visitors attend each year, and most walk away having learned something about how to protect themselves and their information. It’s a highlight of the year for both students and community members
Pictures of Our Classrooms
For more information on our cyber security / digital forensics program visit:
http://tulsatech.edu/classes/fulltime/cyber-securityforensics/
Summary
I have always liked finding out how things work or why they don’t work and solving problems. So after I was first exposed to computers in high school, I knew that being involved with developing computer systems was something I wanted to do for a career. Specializing in cyber security and forensics has been something I have particularly enjoyed because it is a specialty that has allowed me to work horizontally across the entire company helping managers develop the security systems they need for their particular operations as well training people in business, like I am now doing as an instructor at Tulsa Tech. Cyber security is a growing field with the demand for people trained in cyber security and forensics now twice as great as the number of people being graduated by the schools in cyber security. Demand is expected to continue to grow rapidly in the future to keep up with the crime that is developing as more financial transactions are being done with computers over the Internet. This strong demand means that with the proper training and certifications, you can choose between careers in business, the government and the military. There is also the opportunity for talented people to rapidly advance and to get additional training and certifications that will further increase their earning power. If you like problem solving, cyber security and forensics can be a good career choice for you, like it has been for me.
US Bureau of Labor Statistics Salary Surveys
YPNG has listed the US Bureau of Labor Statistics most recent salary survey for what they call Computer Support Specialists. This is a broad category that includes cyber security and forensic specialists who just have certifications and not associates or four-year college degrees. We have also included the salary surveys for an Information Security Analyst and Computer and Information Services Mangers (Company IT Managers). Both are positions mentioned in Don’s article that require a four-year engineering degree
US Bureau of Labor Statistics Computer Support Specialists
Computer support specialists provide help and advice to people and organizations using computer software or equipment. Some, called computer network support specialists, support information technology (IT) employees within their organization. Others, called computer user support specialists, assist non-IT users who are having computer problems.
Quick Facts: Computer Support Specialists | |
2015 Median Pay | $51,470 per year
$24.75 per hour |
Typical Entry-Level Education | See How to Become One |
Work Experience in a Related Occupation | None |
On-the-job Training | None |
Number of Jobs, 2014 | 766,900 |
Job Outlook, 2014-24 | 12% (Faster than average) |
Employment Change, 2014-24 | 88,800 |
How to Become One
Because of the wide range of skills used in different computer support jobs, there are many paths into the occupation. A bachelor’s degree or an associate’s degree may be required for some computer support specialist positions or postsecondary classes where you obtain the certifications needed for the job may be enough (Tulsa Tech’s Program).
US Bureau of Labor Statistics for Information Security Analysts
Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyber attacks increases.
Quick Facts: Information Security Analysts | |
2015 Median Pay | $90,120 per year
$43.33 per hour |
Typical Entry-Level Education | Bachelor’s degree |
Work Experience in a Related Occupation | Less than 5 years |
On-the-job Training | None |
Number of Jobs, 2014 | 82,900 |
Job Outlook, 2014-24 | 18% (Much faster than average) |
Employment Change, 2014-24 | 14,800 |
Computer and Information Systems Managers
Computer and information systems managers often called information technology (IT) managers or IT project managers, plan, coordinate, and direct computer-related activities in an organization. They help determine the information technology goals of an organization and are responsible for implementing computer systems to meet those goals.
Quick Facts: Computer and Information Systems Managers | |
2015 Median Pay | $131,600 per year
$63.27 per hour |
Typical Entry-Level Education | Bachelor’s degree |
Work Experience in a Related Occupation | 5 years or more |
On-the-job Training | None |
Number of Jobs, 2014 | 348,500 |
Job Outlook, 2014-24 | 15% (Much faster than average) |
Employment Change, 2014-24 | 53,700 |