91福利社

Let鈥檚 talk about your job at ReWa.听

I鈥檓 writing policies for governing cybersecurity across the organization or doing analyst work where you鈥檙e down in the bits and bytes, the network traffic, looking for attackers. I pretty much cover all the cybersecurity here.听

How did you become interested in cybersecurity?听

My interest in technology started from an early age. Most kids around that time were into Nintendo DS, Pokemon games and just video games in general.听

Once I got into high school, I got with a really great computer teacher and he showed me an Apple event. That was the year they unveiled the first Apple watch and that just blew my mind. So that鈥檚 what got me into technology. As far as security goes, when I was in high school I was required to do a three-day internship. I got a wonderful opportunity to go to a data center in Greenville called Immedion, which has since been renamed to Dart Points. I did a three day internship with one of their cybersecurity engineers. This person engineers all of their security tools, firewalls, that sort of stuff, so I really got to dive my head in pretty early to the field at the front end of the field鈥攖he data center was really on the cutting edge.听

From that point on, I was interested in cybersecurity, but there were no college programs that really supported that in the state of South Carolina when I first wanted to go to college.听听

Originally I was not going to go to college at all. I was going to teach myself how to do cybersecurity on my own. That鈥檚 how most people entered the field at that time. Of course, my mom begged me, 鈥淛ust look at a couple of schools. You鈥檝e got to apply to at least one.鈥�听

I said, 鈥渙kay.鈥� She actually signed me up for the All-Access event at AU, which is the overnight stay where you have the full experience of what it鈥檚 like to be an AU student, which I highly recommended during my time as a tour guide to anybody, because it鈥檚 an awesome experience. I just fell in love with the place鈥攖he people and the environment of just wanting to learn, and then obviously the Christian side of things where I would be surrounded by an environment that supported my religion.听听

I came into Anderson as a Business and Computing data analytics major. I started there and was very fortunate to be one of the first five students in the Cybersecurity program. I think it started my sophomore year. As soon as I was aware that program was available, I immediately transferred to it.听

What was it like being among the first in the Cybersecurity program?听

My experience at Anderson was pretty awesome, especially in the beginning. I had several classes where I was one of five six seven people in the class, so you got a super personal relationship with the professors, which is still the case. I recently came back to Anderson鈥攁t the beginning of this year鈥攁nd gave a presentation on my duties at ReWa鈥攄ifferent things I do鈥攊t was still very much the same experience that I had when I went there.听

The class sizes are maxing out, but I鈥檝e heard from students who say they still have that personal relationship, doors always open, that mentor kind of relationship. My experience was not any different from what you would have if you went there today. It was nothing short of awesome.听

What were some of your favorite parts of studying at Anderson鈥檚 Center for Cybersecurity?听

That鈥檚 a good question鈥攖here are so many. Some of the biggest highlights were some of the final projects we would do. Each class culminates in a large project. Typically the professors make a point where you come up with the topic you want to do. Obviously there are rules and regulations around that鈥攜ou can鈥檛 just do anything. As it applies to the class, they really put the responsibility on you to pick a topic.听听

One of my favorites we did was in network security. I was always a big networking guy. I studied all of the network protocols and that sort of thing. In that class I chose to look at vulnerable protocols across the network and try to see what was easily accessible from the public.听听

In the open source intelligence class鈥攊t鈥檚 one of the higher level classes鈥攜ou study how to use the public Internet to find vulnerable machines.听听

How has what you studied at Anderson helped you in your work?听

In the specific case at ReWa, it taught me how to list all of the assets we own at ReWa鈥攑ublic IP addresses that we use, public devices鈥攖hat sort of thing鈥攕o you want to take inventory of what you have so you can assess them and see what these open source tools are seeing on your network. An example of that is Shodan. Shodan goes out and looks at all these machines鈥攊t crawls throughout the whole Internet and then it will report 鈥淭his machine has a vulnerability.鈥� If you don鈥檛 know how to use Shodan and search through their databases, you might have a server at your corporation you don鈥檛 know about that could be vulnerable. You can鈥檛 protect against something you don鈥檛 know about. You definitely want to be able to use Google and those other tools out on the free public Internet to be able to look at your assets.听

I would say the second thing that the cyber program really taught me was how to troubleshoot. Troubleshooting is such a hard skill to develop and it takes time. Not taking no for an answer and really pushing your knowledge of how a system works is the only way to gain this skill. Being able to troubleshoot as well as having a strong ability to document security findings was a big part of why I got this position. Lastly I think that the program really teaches you how to display security information to non-security-oriented people. This especially helps in situations when I am showing directors and officers pen tests or other cyber material.听

Let鈥檚 talk about what ReWa does and your role on the technology side.听

We provide wastewater treatment services for Greenville County and portions of Anderson, Laurens, Pickens and Spartanburg counties. We have nine plants. I cover such a wide area of security, such as training, network security forensics, penetration testing or hacking, programming, Python, open-source intelligence鈥攖hat sort of stuff. Because I cover such a wide area of security, it has enabled me to make a really big difference here at ReWa.听听

There is never really a dull moment for me at ReWa. I might be developing a whole tabletop exercise that takes a couple of months of planning, or defending ReWa against hackers every day as well as participating in ISAC (Information Sharing and Analysis Centers) calls. The experience I鈥檓 getting here is nothing short of amazing.听听听

At the end of the day, what gives you a real sense of accomplishment?听

Recently there have been a couple of things that, after all was said and done, it was like 鈥渨ow I was really able to handle that.鈥� I was complimented by several coworkers. I mentioned the officers earlier. I was getting direct in-person compliments from CEOs, COOs and those types of people about the tabletop exercise and a couple of other things. Recently we had a penetration test done from a third party鈥攖hat鈥檚 an assessment where essentially you hire them to hack into your stuff, see what鈥檚 broken, see what鈥檚 not patched, see what鈥檚 vulnerable, so that you can patch it yourself before actual hackers take advantage of it. That was about a two-month operation. It was pretty in-depth. They did an external assessment where they try to break in and luckily in our case they weren鈥檛 able to break in. We had a really strong defense.听听

Does cybersecurity affect all employees?听

Whether you鈥檙e in the field focused on infrastructure or the CEO, you must do at least one in-person cybersecurity training per year. I give them four opportunities鈥攐ne per quarter鈥攖o attend an in-person training. I'm helping them protect ReWa but also helping them personally as far as this is how you should do your passwords, this is how you identify a phishing email, this what to do if something happens on your computer.听 听

We have the ability for a user to report phishing emails directly to me in a secure way. Prior to those trainings, I was getting maybe 5-10 reports a month of people forwarding to me what they think is a phishing email. Then after the training it went up to 30-40 a month. That鈥檚 a massive change in people鈥檚 awareness of 鈥渢his email is phishy, now I know what to do. I鈥檒l send it to Zach鈥攈e knows about this kind of thing.鈥� Of course, presenting those metrics to your superiors is a great experience.听

ReWa has more than 200 employees. Probably about 100 percent of them interact with our machines at some point. Probably 80-90 percent interact with a computer every day, and so the technology department is actively securing all of those systems.听听

What advice would you give someone considering a career in cybersecurity?听

During my time at Anderson I was a tour guide for the Center for Cybersecurity, so I would help a lot of prospective students who would pose that question. It hasn鈥檛 really got a simple answer. I think college is a time where you should be trying things and you should be learning about yourself and really figuring out what you鈥檙e good at. I would say to anyone who has an interest in computers or programming or anything digital鈥攃ybersecurity touches every aspect of the digital spectrum. We talk about programming, networking, open source intelligence鈥攅ven nontechnical things like governance and policy, rules and regulations, philosophy and ethics鈥攁ll of this type of stuff鈥攕o I think cybersecurity is a very individualistic study as far as some other fields go. If you鈥檙e programming, you鈥檙e building an app. That鈥檚 what you do.听听

If you have the willingness to learn, you have an open mindset and you鈥檙e willing to try hard and kind of stick with it, I would highly encourage anyone who has that mindset to try cybersecurity. To anyone who is interested, as long as you鈥檙e willing to learn and put in the effort, get to know the professors and fully immerse yourself in cybersecurity, you鈥檒l be successful.听听

In conclusion, cybersecurity really touches everyone, doesn鈥檛 it?听

In its most basic form, it鈥檚 about morals and ethics and what鈥檚 right and wrong. Why do people think a certain way? Why do people want to use a simple password instead of a strong one? Why is it so easy for hackers to manipulate people instead of manipulating a computer? I have friends who are Psychology majors and I would talk to them about certain things and they would be like 鈥測ou have a really good understanding of the way people think,鈥� just because of cybersecurity. You touch a lot of domains. It definitely takes a lot of courage fully jumping head-first into this strange world of cybersecurity.听