What motivated you to enter the cybersecurity space in the first place? 

Robert Herjavec: I’ve been in this business for over 30 years. I entered the IT space because I was waiting tables and needed a better job. My friend was passing up the opportunity for an interview with a computer company and, when I learned how much it paid, I jumped at the chance to get in there and be interviewed.

Once I started in the IT business my love for it grew almost immediately. I was blown away by how quickly things changed and by what technology was capable of. Think back to the tech of three decades ago: We’re talking the first ethernet connections. I remember the early days of Herjavec Group when our sales team’s first question on a cold call to a customer was, “Do you have an internet connection?” If yes, they’d ask more questions, if no they would say thank you and hang up. We don’t have that problem anymore.

How has the industry changed since you first became involved?

In 2003 we recognized that enterprise organizations needed to keep their data secure, but in some ways we were ahead of the curve in our offering of services. We offer consulting, delivery, managed services and remediation support to large-scale organizations with very complex environments. We really couldn’t have predicted how far our space would come in such a short period of time. If I look back 30 years—wow—entirely different.

The internet, cellular phones, the proliferation of technology, Internet of Things. It’s all about interconnectivity today and the key word is “more”—more endpoints, more connections, more data, more threats, more risks. Today when you walk through Times Square in New York, the billboards can track you via your mobile phone and you’ll receive spot advertising customized for you. That’s incredible to me.

Yes, today it’s digital marketing 101. But think of all the pieces of technology that have to integrate to make that possible. Also think of the risks; cybersecurity is mainstream today because we’ve seen the repercussions personally, professionally and financially from not keeping our corporate and customer data secure. Security isn’t an IT issue; it’s a board-level issue for organizations globally. To speak more broadly, it’s a global citizen issue. The wars of today and even tomorrow will continue to play out via cyber warfare.

How does your team at the Herjavec Group continually evolve in order to stay ahead of hackers along with the threats they pose?

One of the key ways we stay ahead is that we employ a team of ethical hackers on our consulting team. Their job is to leverage the latest hacking techniques in order to assess the security postures of our clients. We also partner with best of breed technology providers globally to ensure we’re bringing emerging technology to our customers. We have to learn from each other so it’s important we understand the latest technology, have the ability to architect and configure it and then can develop services to support it. That’s how we stay ahead of the curve and proactively defend our customers from the latest cyberattacks.

What is an emerging trend or initiative within the cybersecurity industry that really excites you? What keeps you up at night?

Proactive threat detection and investigation is becoming the norm. It’s no longer ok to just block and defend. The role of the Threat Hunter is becoming pivotal as we’re seeing the growing need to detect, investigate and analyze very sophisticated and persistent threats in large organizations. Organizations want to know where the threat originated, how they should respond and what can be done to contain the incident.

More and more, our customers are seeking answers to the risks out there in the deep dark web and we need skilled professionals, Threat Hunters, to support that level of work. What keeps me up at night? I’d say paranoia. I firmly believe only the paranoid survive. Jamie Dimon, CEO of JP Morgan Chase, said it best. He doesn’t stay up at night worrying about the markets; he’s worried about a cyberattack. You should always be worried about what you don’t know and in my line of work, you’ve got to be paranoid.

What's a realistic goal for the industry to strive for this coming decade? What's a stretch-goal we should be pushing for?

I’d love to see our industry focus on educating the youth of today about cybersecurity risks and information security in general. We have a shortage of talent and training in this sector that needs to be resolved because the risks we are facing aren’t going to decrease over the next 5 to 10 years. We need the support of post-secondary institutions to help teach a new generation of students how this technology fundamentally works so we can have a greater talent pool to pull from.

I’ve given so many speeches where I call out the 0.0 percent unemployment rate in security. It sounds insane given today’s economy, but it’s true. Cybersecurity professionals are highly sought after and we need to ensure we’re replenishing the talent and teaching the next generation.

On Careers in Cybersecurity

To get a better grip on the gap in the cybersecurity workforce, we checked in with Christopher Casale, a recent M.S. graduate fom the University of South Florida student about his path to cybersecurity and what he'd recommend aspiring professionals look for in a program.

What motivated you to pursue a major in cybersecurity or information assurance?

I started my career as a software developer almost 20 years ago, before transitioning into leading teams of developers. It’s been interesting to see how the questions have changed over that span of time. When I first started, companies were concerned with what features they would build into their software. Eventually, those concerns shifted into user experience and how customers would interact with the software.

For the last 5-plus years, the questions have been about security. How can we keep the information safe, how do we know it’s safe, and how do we balance convenience with security? I decided to pursue an M.S. in Cybersecurity with a focus on information assurance so I could better understand and answer those questions from the beginning of the Software Development Lifecycle through delivery.

What advice would you give to prospective students looking to major in this field?

This isn’t the type of field where you can read it in a book, memorize it and write it down on a test, so be prepared to work. It’s not only about understanding the concepts, but how they’re applied in real-world applications. This should be reflected in the type of program you select. The best programs include a good amount of hands-on experience and projects as part of the curriculum.

I would also recommend a basic understanding of coding. You don’t necessarily need to be a programmer, but knowing how to write basic shell scripts will come in handy.

Finally, you have to learn to be comfortable trying to hit a moving target. This field is constantly evolving and today’s best practices are replaced tomorrow. The degree will give you a foundation of knowledge, but you will be constantly learning in order to stay up with current trends.

What is important to you when choosing a school or program?

I started with a basic set of criteria that included things like an accredited institution that was well-established and respected. After that, I focused on the program details. It was important that the program be offered fully online so it could be conveniently worked into my schedule. I wanted a curriculum that offered hands-on, practical experience.

A major selling point that the University of South Florida offered was having the Florida Center for Cybersecurity right on campus. The center hosts a conference every year, as well as a series of sponsored events and guest speakers. These events create a unique opportunity to meet and speak with other members in the field.

What’s the most fascinating thing you have learned during your studies?

We reviewed a lot of case studies about the recent data breaches at Target, Home Depot, JP Morgan Chase—and the list goes on. I think what I’ve found the most fascinating is that so many of these breaches were not the result of poorly designed tech. Often, they were human error or the result of bad decisions.

It’s clear that organizations need to make just as much of an investment into training staff as they do into technology. A steel reinforced front door won’t help if someone breaks in through a side window.

How can we encourage more students to pursue a career in cybersecurity?

The industry has certainly received a lot of media coverage in recent years, but I think there’s still a lack of awareness regarding many of the cybersecurity opportunities. Security consists of many different areas including gathering forensic evidence for law enforcement, preventing cyber terrorism for the federal government and private sector opportunities, such as securing data centers and developing secure software. Sharing this information through events, hack-a-thons or any other means available may help encourage students to consider the security field.

Businesses should also consider creating internships specifically dedicated to cybersecurity. The job market may be hot, but many of the entry-level security positions require more experience than most students would have immediately after graduating. Prospective students consider job prospects after earning a degree as part of their decision making process, and if they worry the degree may not be enough to get started, it presents an obstacle. If organizations want to fill some of these talent gaps, they should make internships available so that students can acquire additional skills and experience with real exposure to the type of work they will be doing.

In terms of your professional career, where do you hope to be in five years?

There is a lot of ongoing debate about privacy laws and the responsibility of corporations to keep data safe. As more businesses try to balance convenience with security, new challenges will arise. I hope to help these companies with the strategic planning of their technology infrastructure and development efforts.