Lenovo Managing Director, Lenovo Security Advisory
University of Phoenix Master of Business Administration (M.B.A.)
Current Time 0:00
/
Duration Time -:-
Progress: NaN%

How did you get to where you are today? What is your story? What incidents and experiences shaped your career path?

Summarized By: arushi chaudhary on Mon Mar 09 2020
I started my career out in the U. S. Military where I spent almost 10 years in the U S. Air Force specifically. I always had aspirations, when I was growing up to be an architect, of all things it didn't work out so at 18 I decided to join the Air Force and I was inclined to get into security and law enforcement profession at that early stage so I spent about 10 years in the U. S. Air Force and in those 10 years I worked on everything from nuclear security to law enforcement to Executive protection for a four-star general in those 10 years. I did see changes in terms of security and law enforcement and how technology kind of evolved that was the 1993-01 time frame. I guess evolvement of technology with respect to how it sort of has evolved since 2000 and beyond when we were guarding nuclear weapons leveraging biometrics technology back in 1993-95 it was unheard of back then that's really where I started becoming interested in the technology with regard to security. It kind of evolved from there, I left the U. S military just before 9/11 and just after 9/11 I was recruited by the Department Homeland Security to help stand up that organization for the U. S. Government and in that capacity leveraging newer technology, updating technologies in terms of security screening. I got into red teaming before technological red teaming was really in existence, and that was around 2005 I helped create the first red team concept of operations for the U. S. Air Force in the Pacific region we carried out red team operations through the nine Air Force bases there in the Pacific region on our team, we had a former CIA guy, several special forces guys, a couple of leading-edge security engineers from a 90 perspective and we were able to defeat almost every priority level resource of the Air Force had in the Pacific region to varying levels of degree, in that capacity I learned a lot about technology and really saw that from a security perspective, there were these conversions of physical and logical security that came together in that in 2005-06 time frame I carry that on through my next position here in North Carolina where I was the anti-terrorism officer in the critical infrastructure program manager Foreign Air Force Base here in North Carolina. In that particular position, I evolved my experience from really a mix of anti-terrorism and physical security-related responsibilities and then looking at critical infrastructure in terms of the pipe that was coming into the military base the critical notes that were created with regard to us leveraging our connection to the outside into the normal commercial space on how we protected those vulnerabilities that we would find and for that couple of years, I was sort of at the inception of that for the U. S. Government and sort of helped shape that space that I was operating in think it was just I was always in the right place at the right time, and that and that sort of initial sort of stage of my career. Always looking for something bigger and better and more things to learn and to gain more knowledge that took me to Germany for the first time. I left North Carolina for Germany in 2007 where I oversaw anti-terrorism and critical infrastructure for all of Europe and Africa at the time for the DOD and in that particular position, I stayed in Germany for about five years and in those five years one of the things that I kind of pride myself on is I helped stand up the first cyber division at U. S. European Command in Germany and that was around 2009. You'd have thought that the U. S. Government would have had that down pat at that point but the U. S government was really just starting to realize that cyber was the war front of the next millennia in that capacity. When we started looking at things in terms of threats we were seeing they were logical in nature nation-state adversaries to join a penetrator network whether it was the unclassified networks were the varying classified networks. We saw a big uptick with regard to that. I was starting to realize that logical security and cybersecurity as a whole. I was sort of the new, the new forefront in security from that perspective and if you don't get with technology when it's evolving and as it's transforming, you get left behind so I quickly realized that I needed to start focusing my career on the logical side of security at that point. I left Germany in 2012 and I took over a directorate at the Army headquarters that I transformed from really a physical security sort of construct to a true converge security effort where we had our physical security anti-terrorism sort of efforts we also had our business continuity, continuity of operations efforts there as well and then also kind of rolling in our cyber and information security efforts as well in terms of synchronizing all those programs, there were about 15 in all from a risk-based standpoint looking at risk across all those programs and really managing it more holistically in terms of really when you're looking at the risks were physical in nature some were logical in nature. maintaining our continuity of operations and our ability to carry out our mission at the Army headquarters in the face of an all-hazards approach looking at specific physical or logical threats, but really looking at hazards. A lot of the threats that you do face are not man-made but are natural disasters. In my year and 1/2 there with Army headquarters, I think every threat that we face that caused us grief was was natural. We had a hurricane come through that hit the East Coast at that time you really realize that from the standpoint of really business resilience it should be the focus off organizations, whether it's the federal government or whether it's the private sector then I was hired at Catalysis Learning Alliance there I oversaw security from not only a physical standpoint but also the logical standpoint. I was the first security person hired into the company ao I had a lot of work to do in terms of standing up the varying programs in that aspect everything from the physical security of our campuses to implementing an information security program. I left there and I went to U.S Africa Command in Stuttgart Germany overseeing Mission Assurance, which had evolved from what I was talking about previously with my U. S. Army experience, my pursuit of lifelong learning was educating myself and gaining more knowledge and more experience in terms of the varying programs that I've overseen for not only the U. S. Government but in the private sector, which kind of led me to my current position, which I've been in for about six months here at Lenovo. It's been an interesting change for me to go from the government back to the private sector for a second time. I'm in more of an advisory capacity here and to be in a Fortune 500 company. Our product security offices across the varying business units have their daily challenges now to make sure that we're trying to use our mantra of security by design, baking security into everything we do. You've got our product security, which as the world's number one computer manufacturer. You can imagine that our product security is extremely vast and deep when you look at product security from our perspective you've got PCs and smart devices you've got our DCG or our server group. you've got other technologies in terms of IoT and AI-related technologies that we're focusing on. The technology space is changing so drastically and on a minute by minute basis, to keep up with this stuff from a security perspective is again a monumental task then, there's the customer-facing dynamics that we deal with operating here in the United States, there's always a dynamic of we are a Chinese company, we have Chinese heritage, but 70% of our business is outside of China so from that perspective there's sort of the geopolitical ramifications and challenges that you have to face and from my career perspective, I'm definitely outside of my box, I'm always living on the edge because, in this profession, you have to be at the edge of the space to really be innovative and to be a strategic thought leader. I think from that perspective everything that I've seen throughout my career has shaped where I am today in terms of where I'm at in my career, but also as a person and how I view things not only within the cybersecurity space but in the world in general. So hopefully that sheds some light into where I was and where I am now.

What are the responsibilities and decisions that you handle at work? Discuss weekly hours you spend in the office, for work travel, and working from home.

Based on experience at: Managing Director, Lenovo Security Advisory, Lenovo
Summarized By: arushi chaudhary on Mon Mar 09 2020
As the managing director of Lenovo Security Advisory here in North Carolina at their U. S. Headquarters my position is not new in positions but it is new in scope and responsibility. I had a predecessor who retired from Lenovo, former CEO of North Carolina functioning as a chief security officer or a chief information security officer in residence. My predecessor was basically one deep position and basically, he would support the sales functions both internally and externally but also helps stand up our product security efforts in 2014 when the novel started getting serious about security and then run to the shots of gunfire wherever those were. The company knew that that wasn't sustainable so they did is that they re-sculpt the position substantially with the vision of standing up. A security advisory service is a function within the company where we didn't have someone to be the evangelist for Lenovo's leadership and focus on security across the board in terms of security, from everything from physical security to manufacturing to information, cybersecurity to product security. From what I've done in the last six months is coming to Lenovo and I stood up the security advisory I've hired one person under me so I have only one direct report at this point but what we've done is we've handled organically to leverage our technical client Advisory service in which there are dozens of them across the U. S. my focus is only in North America not global at this point so I focus on U. S and Canada some Mexico facing efforts where we have some manufacturing down there in terms of our North American manufacturing facilities, typically on a day to day basis I am responsible for ensuring that Lenovo continue to do business from a security perspective. In terms the majority of my week is handled I spend probably 12 hours a day, five days a week on average in my day to day work, there are periods within a day that I'm not working I tend to take time off during the day. I've got a very flexible work schedule I travel about one week a month at this point on average on that entails 2 to 3 trips a month over the span of that week worth of travel time I spend about an equal amount of time working from my house as well as from my office depending on what meetings I have that day and so on and so forth but the majority of my time during a normal workweek I spent in front of customers discussing my ideas of security-related things, mostly concerns that customers may have. There's a lot of geopolitical related security information out there that I would call this fear, uncertainty, and doubt that gets spread about us as a company with Chinese heritage here in the United States and I spend about 40% of my effort dealing with those geopolitical related security concerns with are not only our current customers but within our customer base that we're trying to grow and evolve, the other probably 60% is security related questions. Everything from our supply chain risk management efforts to our product. Security-related efforts two questions or concerns that are relating to everything from ransomware to malware to even issues within our equipment or other service is what we provide our customers. At some point, my hours of work will start to wane off or decline as I build the Lenovo security advisory to greater fidelity to the point where I don't think in the private sector we can all say that we work 40 hours a week, my previous position in the private sector I could just say that any position I've had from a security perspective is almost 24/7 365 because you never know when the next hack is gonna come or when the next attack is going to occur or when the next customer is going to have an issue because you have to be in the private sector in the sales organization. You've got to be cognizant of the customer's needs and those don't always happen 9 to 5 Monday through Friday so I think from that perspective being in the security profession for as long as I've been, I've just become accustomed to working 24 hours a day technically.

What are the job titles of people you routinely work with inside and outside of your organization? What approaches do you find to be effective in working with them?

Based on experience at: Managing Director, Lenovo Security Advisory, Lenovo
Summarized By: Jeff Musk on Mon Mar 09 2020
Internally, I work with a very broad cross-functional set of team members here. Lenovo is a very flat organization If you can imagine that like most global Fortune 500 companies have this very strict hierarchy of the organization but Lenovo for all intents, is a flat organization which is extremely nice for me because I enjoy working in a more matrix collaborative and flat organizations typically on the day to day basis. Internally, I am leasing and working with our chief information security officers Team, which is fairly large. Our varying product security offices across the different business units, PC and Smart devices are called security folks, our server-side of the business and that business unit which is very large as well as our corporate products security office but I'm also working with our North American legal office continually, especially when we're dealing with a lot of geopolitical issues they're involved heavily in that I'm working with our PR and communications team very often, especially when we see new articles come out about Lenovo in a negative sense, we tend to jump on those and attack those collaboratively from a security perspective. There are constant vulnerabilities out there in this technology space that we have to be working with our competition a lot, we worked with Dell and HP very closely from a product security vulnerability mitigation perspective because typically, our customers have not only Dell, HP but Lenovo products sitting on their other networks. So one of your vulnerabilities comes up with our product security information. Our product security incident response team swings into full action collaborating with Dell and HP and Apple and others to mitigate those vulnerabilities, get the vulnerabilities released on the same day so there's some collaborative effort that goes on with those. I work with the sales teams quite often from account executives all the way up through our technical client advisors that support them to the director and VP and above levels. I am routinely about once a month in our North American president's office briefing him on the status of our security efforts that are supporting his sales organization, I work with our chief operating officer for North America as well, Probably on a monthly bi-monthly basis as well making sure that we're just all sync up on collaborative and sharing and being transparent with what we've got going on. So from a customer perspective, I deal with mostly chief information officers and chief information security officers people at the V P. Director level is depending on the nature of our engagement. I do a lot of public speaking and speaking at conferences and things as well, I'm interacting with just a wide crowd of people from the profession, but also a wide crowd of people from varying levels of understanding and degrees of understanding from an information technology perspective from information security and cybersecurity perspective as well.

What major challenges do you face in your job and how do you handle them? Can you discuss a few accomplishments?

Based on experience at: Managing Director, Lenovo Security Advisory, Lenovo
Summarized By: arushi chaudhary on Mon Mar 09 2020
I never know what my next challenge is gonna be in terms of customer-facing engagements and in the security space, you never know what's gonna come next because as were transforming and evolving our technology and our security approaches and our security strategies the bad guys were doing the same. They're transforming and evolving their approaches as well to get around and find what the vulnerabilities are and determining new attack factors and so on and so forth. So I think it's just never-ending sort of set of challenges that we face in the security space that is never going to stop. I think in terms of addressing those challenges and machine learning to me is just starting to scratch the surface on what we can do from a cybersecurity perspective and leveraging need those two capabilities to the greatest extent, there's a lot of companies coming out of the woodwork now if you saw the landscape I've shared something on my linked.in regarding the cybersecurity company landscape it's just mind-boggling how many companies are out there, there are two or three new companies that in an article I read just recently that are coming online from a sapper securities perspective, the challenges that I face are trying to keep up with technology, trying to stay ahead of that power curve in terms of what's out there in terms of new cybersecurity technology internally, at Lenovo we're always trying to evolve and transform our approach to our product security and some other offerings that we were creating that gets after a cybersecurity-related challenge within our products that we offer are one of our brands think shield is really that just a brand that we have that really focuses on allowing people to live cyber secure while using our machines, whether it's just a normal consumer out there, a college student or a small business, a medium-sized business or even a large fortune 100 corporations, we're always looking at how we're evolving our approach is our products and the security of those products so it's a challenge, it's hard to keep up with this stuff but if this is one of your passions that's it's going to really be your passion because you're never going to have a dull moment in this in this profession. As far as accomplishments, I don't like to talk about my accomplishments, I've done a lot of things in my life, I think you know what I may say is an accomplishment someone made me think it's nothing at all or something that I don't think it's an accomplishment, someone may say that it is unbelievable that you've done that, I think I would say that I approach accomplishments or accomplishing things from a personal perspective in terms of how I did, how I evolved my knowledge in my experience and how I share my knowledge and experience with others. I think my greatest accomplishment is the fact that I really enjoy sharing my experiences with people, I would like to do more of that and eventually, I will in this particular position because I'm sort of looking like the face of Lenovo in terms of their information in cybersecurity efforts. We're posting on our website with regard to interviews and things of that nature, as well as speaking engagements, doing keynotes and things of that nature. I just I enjoy sharing with people because I tend to think outside the box and a lot of ways and having the experience that I've had in terms of my government experience, really starting out in law enforcement in physical security and kind of morphing myself into where I am today in terms of my focus really solely on cybersecurity and that is sort of my greatest accomplishment is the ability to remain resilient in this profession, the bottom line is to remain in this profession because it is not for everyone, you're not going to work 9 to 5, It's not going to happen you're going to work at very odd hours, sometimes you're going to work very long-drawn-out hours. I mean, there's been times where I have worked three months straight without having a day off, my initial three months with the Department of Homeland Security we don't get any time off, I was working 80 hour weeks for three months straight. I don't know necessarily look at those accomplishments, but I look back and sometimes you really work hard and sometimes you don't even get to see what your accomplishments are because some of these things that you work on our such long-range things that you're going to a position in three years later, you don't feel like you've accomplished anything but then four years later, you'll go back and talk to someone you used to know and they're like, Well, remember what we were working on back in 2007 Here's where it is now and you see where it evolves. So while you may not have cradle to grave, hands on to these things you do see accomplishments take to flourish in, and sometimes it may take 10 years, sometimes it may take one week, but it all depends.

How do you inspire and motivate your team members? How do you foster creative thinking? How are ideas shared and implemented?

Based on experience at: Managing Director, Lenovo Security Advisory, Lenovo
Summarized By: arushi chaudhary on Mon Mar 09 2020
I think of myself as a collaborative leader and I think there's no better way to lead then inspiring and motivating your team members. The best way to inspire and motivate team members is to empower them to do great things because what I have found especially in the security profession is you never know the skill sets or the experience of someone by looking at them or their age, I have seen some of the youngest people that you can imagine come up with the most brilliant ideas from a security technology perspective you can't do in this profession is to discount someone because they're young or they're just out of school or they just they simply have a formal education with not a lot of experience to back it up because technology changes by the minute as technology changes this is happening in real-time. There are kids that are 12-14 years old and they know how to hack to programs that are highly technical in nature, people of older generations don't necessarily understand technology as much as the younger generations do and I think that is going to do a 1 80 with the technology space, especially in terms of security technology. When you look at foster and creative thinking, I think there's no better way to foster creative thinking than doing it from across functional perspective from a collaborative and very transparent perspective because you never know where that next great idea is going to come from and in a very open environment to come up with these creative ideas to think outside the box to live on the edge of technology, I think that is where the best is done in this field in terms of implementing and sharing ideas, I think the more we can get our ideas out there into the masses and create a collaborative world-level approach on these things, where you're getting it out there and letting everyone look at things, let everyone dissect things, let everyone have a say in how things are implemented and created. I think that is half the battle in today's day and age and I think that's something if companies are not approaching it in that way I think those companies were dying in today's environment and that's one of the things that impressed me with the company I work for right now, Lenovo is innovative we just came up with the first folding laptop, we roll it out during CS in Las Vegas a couple of months ago. I've gotten hands-on that thing, I would say that it's not the most awesome thing to look at but I would love it to be as thin as my ThinkPad X one carbon that I'm talking to you on right now and it will be but to think that we now have a folding laptop screen didn't come from employing age-old sort of philosophy is to think that was getting outside the box, kind of setting a goal where when you look at Ford Motor Company and reports that I want an eight-block engine, his engineer said that's impossible, he said: "Go into the room and don't come out so you have to be eight engine." That is the approach you need to take to innovate and I think that is the way to move things forward on this earth.

What qualities do you look for while hiring? What kind of questions do you typically ask from candidates?

Based on experience at: Managing Director, Lenovo Security Advisory, Lenovo
Summarized By: arushi chaudhary on Mon Mar 09 2020
From the standpoint of hiring I think when it comes to hiring you've got to the most critical aspect of making a career, carrying out a hiring action is number one. You've got to define what it is you're looking for you need to determine what are the capabilities this organization needs in an individual that we're going to hire, in the cybersecurity space I think there is a lot of issues with this in terms of what companies are looking for, because what I found is is that a lot of companies tend to want to look for what I call the uniformity as an example, Chief Information security officer is a C suite senior executive that must have the propensity to work as an executive but what a lot of companies want is someone that that is extremely and highly technical that can also speak from tech to exact in that way. in the same context, some companies. I want that person so highly technical and focused on the technical stuff with being hands-on that they cannot be the senior executive the company needs that's just one example, another example is that, if you need someone that needs to focus on product security and create a job description that is all over the place, from product security to security engineering with a mix of a Sprinkle of analytical work and other things you're not doing that position justice, and you're more likely not going to find the appropriate person for the job so I think the first piece is to really frame internal into the company, what is the capability we need? and at that point, then you can go out and more likely find a more suitable candidate. Qualities I look for number one is fitness, every company has a different culture, a different way of doing things a different organizational construct, really a different mantra with how the employees operate in the U. S. Government, I was very typical as a hiring manager because I looked for fit, which is really not in the competencies for a U. S. Government employees there, there's a set of merit system principles as the U. S government manager, you're supposed to adhere to and I would always adhere to those but I was also looking for fit in terms of the government now is starting to get to a point where they just don't throw people at every problem there's an economy of force per se where you may have a division that used to be 50 people, and now it's 20 so you really have to figure out what capabilities you do need and to bring the right skill sets in to do those functions or to carry out those capabilities with smaller teams comes the need to make sure that any new person you're adding to the team is very much going to integrate and synchronize themselves with the entire team itself and being able to carry out themselves on a day to day basis with regard to collaborating not only internally into a new organization, but cross functionally being matrix across the organization you've got to take in all those dynamics when you're making hiring decisions. Questions I typically ask from candidates I've asked the number of questions, I don't like to take the approach that Microsoft used to take I've interviewed with Microsoft on previous occasions and some of the things that Microsoft asks employees, which they've stopped doing to me didn't make a whole lot of sense like create algorithm forex wires on the whiteboard right now in front of me, I don't look at questions like that, but what I do typically ask questions pertaining to is to get to know the person because I like to understand what kind of personality that person has, I always tell them to ask them to tell me about themselves and to explain what their background was and it always asked you to tell me something that is not in your resume, that people don't know about you to really just put them on the spot and kind of see where they what makes them tick. Outside of this profession that we are discussing in terms of position hiring action, other questions that I would simply ask for our position based really again carved out from the Pacific position description so looking at it in terms of information, cybersecurity again, really honing down on the major capabilities of the major things that you want to see in this candidate with regard to their experience or their formal education, we're even their thoughts on topics that might be outside the scope of the position like in machine learning I typically will try to add ask questions on that to see and to gauge where they're at in terms of studying the profession as a whole and seeing where it's going and try to figure out how they think through critically on things. I do like to use a more structured interview for all intents that way you get to see the person answered questions in the context of how they think through problems and how they tackle challenges and things of that nature. I typically don't like to ask people, what are your strengths and weaknesses, those types of questions to me are so redundant and people are so well-rehearsed that I typically don't even need to hear that because I'm probably not gonna hear an answer that is really from their heart. I typically try to have more of a conversational based interview although it is structured. I like to see what makes that person tick in how they communicate because when you're talking to someone over a telephone, you've really have to make a lot of critical decisions within that within that conversation in terms of whether that person is qualified for the position, I always tried to typically get the person on-site to meet them because I think that's also critical is to have members of the team converse with them and meet them, and I also like to have people that would be considered their peers or subordinates interviewed them as well. I think that's also critical to get a feel for whether that person could come in and work well of people and be a good member of the team and fit the culture of the organization.

What are different entry-level jobs and subsequent job pathways that can lead students to a position such as yours?

Based on experience at: Managing Director, Lenovo Security Advisory, Lenovo
Summarized By: Jeff Musk on Mon Mar 09 2020
In the cybersecurity profession, in today's day and age, the younger generation is in such a good position right now to really shape what they want to do in their career. When you look at it, the information in cybersecurity and you look at all the domains that sort of span the gamut of our profession there are so many varying ways to go that I don't think there's any entry-level or pathway in its own right that can get you to a point where you're a senior executive in a company working side of cybersecurity, of whatever capacity I think there are so many opportunities to carve out a niche for yourself, I think that it's good to carve out a niche for yourself but in order to get to the senior executive level positions, you have got to be very broad I think it's extremely important to master certain aspects, and again this goes back to the passion that I opened up with you've got to figure out what you're passionate about within the varying domains within an information or cybersecurity career, master those, by all means, but don't just focus on one aspect or one domain or two domains you have got to look at the broad spectrum. you've got to get a bearing degree of experience because we're looking for the senior executive level now are is someone that not only is highly technical and that can work on highly technical aspects, I would say that myself. I'm probably a mile deep on one or two domains but I am two inches deep on the other and that has been what has set me up to kind of move up through the ranks of varying organizations, that was definitely something that allowed me to rise through the ranks of the U. S. government very quickly so that's almost unheard off but I kept broadening my experience. I just wasn't sitting in DOD I was going to the DHS I was going to the private sector. I've moved around a lot in my career and I think that has helped me as well in terms of entry-level jobs in pathways I think the world is your oyster, so to speak in terms of being able to get your degree, focus on whatever your major miners are and then at that point figure out what are you passionate about within the security space and go forward and focus on that because I think it all starts with passion. If you're not passionate about something and you're just doing it for the money, that is the wrong answer you've got to do something that makes you very happy and if you're not I don't think you're going be successful in this particular career.

What were the responsibilities and decisions that you handled at work? What major challenges did you face in your job?

Based on experience at: Deputy Division Chief (Deputy CRO), Mission Assurance and Protection Division, UNITED STATES AFRICA COMMAND
Summarized By: arushi chaudhary on Mon Mar 09 2020
I was in Stuttgart Germany for three years, I was the deputy division chief or deputy chief Resilience officer in the private sector for United States Africa Command in the DOD. There are numerous ways they call combatant commands across the world and their regional DOD level organizations, United States Africa Command obviously is Africa focused so my main job as the mission Assurance of Protection Division deputy was to oversee the DOD mission insurance efforts for the continent of Africa and I guess in a from a strategic perspective, I oversaw ensuring that the DOD's missions, regardless of what those were on the continent of Africa we are able to carry on in the face of any hazard you could face from a hurricane to a sandstorm to a nation-state attack not only kinetic but also from a logical perspective and everything in between. I oversaw synchronization and integration of about 17 different programs from a risk management perspective. My particular division was the senior resilience or security consultant to the four-star general in charge of the command and the responsibilities and decisions that we would make strategic national implications some of the things that we dealt with that were more applicable. I can't really talk about from the information or cybersecurity perspective, but we dealt with everything from offensive to defensive cybersecurity efforts, information operations, efforts in terms of campaigns and too many wars that are going on in the continent of Africa. Right now, there is a lot of kinetic things going on in Africa in terms of terrorism, not only physical in terms of kinetic also logical in terms of kinetic. Terror organizations in today's day and age are highly technical, highly capable in terms of their technical expertise and you can just imagine that obviously, the DOD is one of those organizations that terror organizations would love to take down from a logical perspective, so on a day to day basis, we managed every sort of crisis that you can imagine that had strategic national inflict implications because you know each combatant command in the different areas of responsibility U. S. Africa Command, U. S. European Command, U.S Pacific Command, U.S Central Command Obviously there's injury operability that needs to occur to ensure global reach from a DOD Perspective, carrying out those specific regional responsibilities drastically affected those in other areas. We were way worked with Centcom a lot because you can imagine Central Command is literally right next to the African continent. Egypt is actually part of Central Command, so there's a lot of cross-collaboration between our command and U. S. Central Command in terms of those things that I discussed in those programs that we would manage so really strategic national implications day-to-day again, never knew what would pop up in terms of challenges you face the day-to-day things in terms of no dealing with the politics of the government, dealing with very high ranking individuals up to the Secretary of Defense. There were routine meetings that we would have with SEC def. Local people making very critical decisions during critical operations so very stressful jobs, but very rewarding in the same sense, knowing that what you're doing is protecting the United States of America so that's why a lot of the people in the government do what they do because it directly affects the livelihood of people that are living in the United States and other countries, for that matter.

How did the school prepare you for your career? Think about faculty, resources, alumni, exposure & networking. What were the best parts?

Based on experience at: Master of Business Administration (M.B.A.), University of Phoenix
Summarized By: arushi chaudhary on Mon Mar 09 2020
I've had a non-traditional formal education path. I went into the military round of high school I spent 10 years in the U. S. Air Force I did take college courses while I was in for that 10 years but in the profession that I was in the U. S. Air Force security forces, you were working for working hour days not really easy to knock out a bachelor's degree in that time. I was rudely awakened after 10 years of having experience in the military when I got out of the military in August of 2001 I did not have a bachelor's degree finished the first question out of employer's minds were What's your degree in? Well, I don't have a degree. Okay. It's been nice talking to you, they would show me the door. I quickly realized that while I've got it, I've got to go get a formal education to codify these 10 years of experience that I have so I created my plan, I knocked out an associate's degree within only a couple of months because I had enough credits to gain that and I went right into a bachelor's program so I got my bachelor's degree in business management, I achieved that particular piece in 2007 and then I think it was 2014 when I started my NBA because when I got my position in the private sector one of the stipulations for forgetting the head of security job at the Palace Learning Alliance was that I would go get a master's degree so that's when I went and got my MBA and I think it's critical to point out that while I may have had a reverse sort of approach to my formal education and experience go hand in hand. You can have all the experience in the world and no formal education and it matters not to most because you've got to get the formal education to codify the experience but on the other side of the token, you've got to get the formal education to set yourself up for having the knowledge to go forward in, actually work in positions. I think anyone that has a formal of formal degree or a formal education that goes into the workforce is at a much higher degree of capability and in terms of success than someone that does not have a degree. I would just say that straight out of the gate, I think that's critical because in terms of my MBA, it prepared me for being a senior executive in the security profession this goes off the volition of what I said earlier with regard to getting experience and as many domains as you can just focus on what you're passionate about because that is what you're got to master you're never going to master something unless you're passionate about it if you want to get into the senior executive level in corporations or companies or even the U. S. Government, you have got to get that formal education. To me, the MBA was the right choice because I needed to understand business in the context of business I understood security I've got 28 years in the security profession I understand security. I've mastered but what I haven't mastered was how do you tie what you're doing security-wise to the business because what you look at in terms of the strategy if you don't understand strategic planning if you don't understand how to align what you're there to do for the business with the company's strategy like a strategic plan with their goals their objectives in terms of number one, security has always looked at as a drain on the bottom line so how do you create the ability for security to be a business enabler and that's what the MBA did for me. Going through the MBA, I did my MBA online so again, really not in the traditional on the ground at a university sense, but what I think helped me was as I was going through my courses I was able to immediately apply everything I was learning in the context of my current position and that helped me be successful for that three years. I look back at what I learned in my MBA and by all means, It paid huge dividends for me in terms of my annual bonuses, the things I was able to achieve because I quickly learned how to tie what I was doing from a security perspective to the needs of the business and I think that helped me immensely. I still look back at some of the resources that I had through my MBA program I am an alumnus at the University of Phoenix, I do mentor people at University of Phoenix, so I'm still actively involved in that. I'm linked in I've got close to 15,000 connections on Lincoln and a lot of my connections are people that I did go to school with, so I still keep in contact with them. We help each other out networking wise. I think it's monumental in terms of the security profession you've got a network and you've got to continue networking so you can't just network when you need a job, could start not working now. Continue networking into the foreseeable future because when you stop networking, you're starting to die in people's eyes you've got to maintain that warm sort of network with people because if you're not they're not. They're not going to want to reach out and help you when something happens and you're in a position and they downsized the organization and you end up getting laid off or something like that, always have the network there to back that up and again, whether it's your university alumni association or whether it's linked in or what have you again those things to me were the best parts in terms of not only getting my formal education to help me really do my job better but also all that stuff that goes along with getting a degree. 

Do you have any parting advice for students hoping to get to a position such as yours? What 3 dos and 3 don'ts would you suggest?

Based on experience at: Managing Director, Lenovo Security Advisory, Lenovo
Summarized By: Jeff Musk on Mon Mar 09 2020
Anyone that's aspiring to end up as a senior executive in a company, whether it's the chief information security officer or a CEO of a cybersecurity technology company, whatever your passion is I think you've got to follow what you're passionate about because if you're not passionate about something you are not going to be all in. It's not going to be something that on a day to day basis is fun for you and when it's not fun you have to stop doing it, you need to pivot and you need to go on to something else and I think in terms of that if you truly are passionate about being that sort of senior-level executive overseeing information or cybersecurity efforts at an organization make sure that is your passion don't go after it because you get six figures plus up to a $1,000,000 for these particular positions, don't go after the money, go after it for the passion. Three do's and don'ts, I just said one of them is don't just chase money that's the absolute wrong way, I've learned that lesson I did it on a couple of positions and the money's great but I do what I'm passionate about and I love security, I'm a security guy through and through. The other do is that do go out as you're getting ready to go out into the job for us, have someone professionally create your resume I only learned that about three years ago and I think I paid $2000 to have my resume done in my LinkedIn profile it was the best $2000 I ever spent, that resume got me interviews at Microsoft at Twitter, at Blue origin that resume got me in the door I think you need to look as you finish your degree. I won't say that grades are the most important thing in my opinion but I think to go all-in on getting your degree, go all-in on learning as much as you can, don't let it just stop there when you finish your degree you get the certifications. I know a lot of degree programs nowadays, especially in the cybersecurity field, have certifications that go along with him, go get your shirts, that helps you codify all those things you learned some of the searches. You need the experience to be able to get signed off it, to actually obtain the certifications. Yo go out there and do it, the third do is do you go out there and apply for us many jobs you can because like I said, I think they're the last article I read, by 2024 there will be 3.3 million cybersecurity jobs at the varying levels out there that are unfilled. The world is literally open for you to go calm, for you don't necessarily have to have the best job out there at the inception of entering the job market but do definitely go out there and cast a wide net. Apply for every job that you come across, I'll use an example, one of the guys that sold in my Verizon service when I got here to North Carolina, we connected the dots he actually was a younger guy probably 25 26 he knew my son's second-grade teacher in Germany because he was in Germany and was an Army brat. I've actually helped him get a job with the novel because subsequently, he's a computer engineer. It's all on who you know who you network with that's critical leverage. The three don'ts don't pigeonhole yourself into only watching this particular job with this particular company in this particular location, one of the things that I've been successful at is in moving up the different rings within my profession is I've been willing to go places that people don't want to go, I've been South Korea, I've been to Hawaii I don't want to say that that somewhere people don't want to go but Hawaii is highly sought after for people but some people don't want to go there but I've always been able to move. In 28 years, I've moved 17 times and I tribute some of that to my ability to move up through the ranks, so don't just pigeonhole yourself in the fact that if you're from Detroit, Michigan look at jobs in Detroit gets outside your box. There's so much to see in this world that's an education in its own right. Another don't limit yourself, the world is out there. If you've always had an aspiration to go to Germany or Poland or Russia and there's a job open, go take it because it's an experience, never limit yourself. I call for your false evidence appearing real that's what fear means that is your ego talking if you fear something that's your ego you need to call the ego, just cast it away, go with what's in your heart and you'll never go wrong because if you're following your heart and intuitively you think something is the right thing to do 99.99% of the time that is the right choice to make so if false evidence appearing real pops into your vernacular in your brain of that little guy in your shoulder, just fling it off and make the right decision, Use your heart.