In October, Seton Hall University held its second annual “Connect-Collaborate-Careers” cybersecurity conference — a Cybersecurity Awareness Month event. The conference was held virtually.
Susan Scherreik, director of the Center of Innovation and Entrepreneurship, at Seton Hall’s Stillman School of Business, told those gathered that “what we would like everyone to become aware of today is that cybersecurity is the fastest-growing industry in the world. Cybersecurity professionals are on the front lines of keeping everything from bank accounts to top military secrets safe, but they can’t do it without our help.”
She said, “We are witnessing an explosion of highly paid jobs and new career paths in cybersecurity. Average salaries begin at more than $72,000 annually, and can exceed $200,000.” She added, “In New Jersey alone, there are more than 11,000 cyber security positions available, and more than 450,000 open nationwide.”
In her opening remarks, Seton Hall Provost Katia Passerini noted that managers are also hiring for soft skills. Cybersecurity technology is changing rapidly, so technical skills are often learned on the job, she said. However, soft skills take longer to learn and are also important for job success.
The need for applicants to demonstrate “soft skills” and “character” came out during the panel discussion titled: “Keeping New Jersey Safe from Cybersecurity Threats.” The panel featured Michael Geraghty, chief information security officer, State of New Jersey; Christopher Rein, CTO, State of New Jersey; and Enrique Bryan, assistant chief of the high-tech crime bureau of the New Jersey State Police. Cecile Coronato, project officer, strategic sector development, New Jersey Economic Development Authority (NJEDA), moderated the discussion.
To get the ball rolling, Coronato asked what skills these officials look for when they’re hiring. Continuing with the theme that the most important attributes can’t be taught, Geraghty answered, “personal integrity. You can’t work in cybersecurity and not have personal integrity. You’ve got to have accountability, responsibility, and show up for the job on time and do the work, be able to work as a team, be able to lead when you’re asked to lead. You need a lifelong passion for learning.”
He added, “Character is the foundation on which the skill, the technical skills, the cybersecurity skills are going to be built on. So, you can have all the skills in the world, but if you don’t have that character, you are not going to fit in a team and you’re not going to be successful in any type of an organization.”
Rein answered from his point of view as a CTO. He pointed out that the Garden State has a very large, secure intranet network. “We have a large managed hosting team and some 4,000 to 5,000 servers” both on premises and in the cloud. “We also have mainframe processing.” Rein looks for a diverse set of skills from a technical perspective, but he is also interested in soft skills. One trait he values is tenacity. “If you can find a person who has a reputation or a demonstrated capability of staying with a problem, bird-dogging it and being persistent, that’s super high priority for me.”
Bryan said that the State Police has a lot of Type A personalities in cybersecurity positions. “You have to be very confident, motivated and hardworking, whether you are enlisted personnel or civilians that work in this agency.”
Geraghty spoke about the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), which he directs, noting that a big part of what they do is develop their own staff and the staffs of associated agencies. “Last week we had a cloud security class for six days,” he told the audience. “We do this not only within the state government, but we also are offering it to public sector organizations, municipalities, counties. We do it for school districts, we do it for universities.”
Asked about how New Jersey has changed in relation to cybersecurity over the past five or so years, Rein credited Geraghty with improving the outlook. “There’s been a marked change in the past five years, in terms of the focus and the structure. … The cybersecurity function used to be just rolled up as one of the many, many functions that live within the OIT [Office of Information Technology]. Now that’s not the case. Now the state has very, very smartly separated the cyber function … as a separate organization under Homeland Security. Mike does not report to me. I don’t report to Mike. It’s independent authorities, which is terrific.”
He noted that in the software development industry, you never want to have the QA [quality assurance] organization reporting to the same director or to the VP who develops the software. “They have conflicting interests. The first wants to find the bugs, the latter wants to sell product.” In a similar way, “Mike and I have very different roles, and I will say, over the past five years, I can cite a number of different products that we have improved the security posture of, better than the 15 or 20 years prior to that.”