By Thomas Eckholm
Introduction
Have you ever wondered what it takes to make it into the cybersecurity world? In the modern world of digitalisation, cybersecurity has become one of the most crucial fields. Two alumni from SSMS, Justin Frank and Dillon Ashmore, now working for the cybersecurity company Darktrace, share their experience of their transition from students to cybersecurity professionals. In this interview, they will share how SSMS shaped their career, offer advice for those looking to enter the field, and reflect on memorable experiences like attending one of the world’s largest hacker conventions in Las Vegas.
Unexpected turns
For both Justin and Dillon, their path to cybersecurity was shaped by unexpected turns and personal discoveries. Justin had always been interested in technology but initially thought about going into international security. It was his third-year minor in Intelligence Collection & Analysis (ICA) that introduced the topic of open-source intelligence (OSINT), which ultimately redirected his course. “I realised I have been doing OSINT my whole life,” he shared. He took what he learned from his minors and successfully applied it to his field.
- OSINT: “Open-Source Intelligence (OSINT) is defined as intelligence produced by collecting, evaluating and analysing publicly available information with the purpose of answering a specific intelligence question” (Gill, 2023, p.1)
Dillon’s path was a bit more surprising. “I wanted nothing to do with cybersecurity,” he admitted. Coming from a family working in the same field, he used to not find the subject interesting at all. “I discovered my interest in cybercrime through my minor,” he explained. Dillon found that what he learned in the minor translated easily into the cybersecurity field.
Both of them recall the most memorable moment during their time in SSMS: The Oberammergau seminar where Justin and Dillon truly connected over some beers in a Bavarian tavern. “It was a odd little place, but that’s where the idea to work together was born”, Justin said. The trip that brought together students, alumni and professionals marks the point of the beginning of their cybersecurity careers.
How to get into cybersecurity
For beginners wanting to step into the world of cybersecurity, Justin recommends getting yourself familiar with foundational concepts. “Start by learning about operational security,” he advised. This includes basic tools like VPNs, antivirus software, and other tools to protect yourself online. Justin believes that when you learn to secure your personal digital footprint, you can use that knowledge to tackle larger cybersecurity challenges within organisations.
- VPN: “A virtual private network (VPN) is an encrypted tunnel that allows a client to establish an internet connection to a server without coming into contact with internet traffic. Through this VPN connection, a user’s IP address is hidden, offering online privacy as they access the internet” (Zscaler, 2023, p.1).
Dillon on the other hand emphasised that there is no single approach to enter the field. “There is no silver bullet,” he said, explaining that cybersecurity is a diverse field with multiple entry points. “Some people might suggest certain certifications or courses, but it’s important to find something that works in your best interests,” Dillon remarked. He encourages everyone to explore their path and find what works best for them, rather than feeling pressured to follow a predefined path.
Justin and Dillon also acknowledged the feeling of imposter syndrome, especially in a fast-changing field like cybersecurity. “It’s easy to feel like you don’t know enough,” Dillon shared. “A lot of my colleagues have degrees in computer science, while I come from a different background,” he explained. Instead, he realizes that the knowledge that he has sets him apart from other cybersecurity professionals and allows him a different approach. The cybersecurity field is broad and diverse and bringing a fresh approach can often be an advantage.
Their final piece of advice is to stay curious and to build connections. “Cybersecurity is a field where curiosity can take you really far,” Justin explained. “You don’t have to know everything right away,” he continued. The best way to learn is to explore the various topics and areas that actually interest you. Equally important is building connections within the field. “It’s about learning from others and expanding your understanding in the field,” Justin shared. Attending conferences, exploring online forums, or simply reaching out to professionals is highly recommended.
DEFCON: A hacker’s playground
DEFCON is one the world’s largest hacker conventions in Las Vegas, which brings professionals from the field to test the limits of technology (Defcon, n.d, p.1). “It was unlike anything I had ever experienced,” Justin shared. From the moment you step into the massive conference hall, you are warned to turn off your Wi-Fi and Bluetooth. “There were three types of networks: one secure network for everyone, one slightly more secure and one specifically for hackers to attack each other,” Justin recalled.
One of the most memorable features was the “Wall of Sheep”, a board that publicly displayed partial details of attendees whose information was compromised during the conference. DEFCON is not only about security but also a place to push the boundaries. One of the contests involved hacking into a Tesla, where the winner was allowed to drive it back home. “There were also attempts to hack into a Starlink satellite terminal with a 20$ piece of equipment,” Justin mentioned. Lastly, there was a place called “The Misinformation Village”, where hackers tried to trace misinformation to its original source. “After a full day of hacking, the conference turned into a rave,” he recalled. People shifted from hacking for the whole day to partying and enjoying themselves.
What you need to hear about your thesis
For students approaching their final stage of SSMS, both Justin and Dillon provided valuable advice:
Dillon, whose thesis focused on disinformation as a service highlighted the importance of adapting to the situation. “You might start with one idea, but your data might take you in a completely different direction. Revise your research question and let the data tell you the story it’s telling you,” he continued while comparing the thesis process to a jigsaw puzzle. “Piece by piece, you’re going to build it and what you imagine it’s going to look like might not necessarily be what the final product is going to be.”
Justin explained that managing his thesis while working part-time and doing an internship proved to be challenging. “I really didn’t give it the love and care it deserved,” he admitted. Looking back, he pointed out the importance of staying organized and properly dedicating time to the thesis. He also stressed the importance of staying in touch with your thesis supervisor. “Even showing half-finished work and saying ‘this is what I’m going towards’ will keep them in the loop.” Regular feedback prevents you from getting stuck and allows the creation of a better final product.
For their final advice, a thesis might seem like a ”monstrosity of a document” but breaking it down into smaller compartments can help immensely. “I treated it like an open-source investigation and removed the thesis side of it,” Justin said. Once you understand the information yourself it is much easier to transfer it onto the document. As they reflected on their journeys, both Justin and Dillon shared an important message. Do not be afraid to make mistakes. It is better to make them in the classroom than on an oil rig. With the right mindset and continuous learning, possibilities in our field are endless.
Reference List
Defcon. (n.d). The DEF CON story.
https://defcon.org/html/links/dc-about.html
Gill, R. (2023). What is Open Source Intelligence? SANS Institute.
https://www.sans.org/blog/what-is-open-source-intelligence/
Zscaler. (2023). What Is a VPN?. Zscaler
Home | Centuria Study Association 
Leave a comment