Behind the scenes: A day in the life of a cybersecurity curriculum director

The Kennedy Area Middle kick-started Andee Harston’s profession in cybersecurity. This is how she labored her means as much as overseeing the cybersecurity curriculum for Infosec.


Picture: Shutterstock/kkssr

Andrea Harston (who goes by Andee) grew up in Florida, not removed from the Kennedy Area Middle. “The city that I used to be in — that was actually what the economic system was constructed off of, was the area program,” she stated. “It was a typical incidence to stroll exterior and see the area shuttle or take a area journey to the Kennedy Area Middle and see the entire cool expertise that was there.” This kick-started her personal curiosity in expertise, and her first objective was to earn a bachelor’s diploma and get a job on the Middle.

Harston’s first job was engaged on an AS/400 on the Middle, modifying launch documentation, and dealing on a wide range of contracts there. She did the whole lot from technical writing to coaching and growth to coaching administration. She did software program testing and helped develop and doc their launch operation software program. “That was my introduction to the world of data expertise,” she stated.

Now, Harston is the cybersecurity curriculum director for Infosec. However her profession in IT and safety has taken twists over the past 20 years. After the Area Middle, she labored for 11 years at Pc Sciences Company, the place she wrote launch documentation. There, one among her roles was the coaching growth. She adopted this with a few years within the personal sector, in a technical writing rol, earlier than returning to Kennedy Area Middle as a technical author. Later, she took a job at AECOM, the place she was first launched to cybersecurity. “I truly began writing safety documentation for them — issues like catastrophe restoration plans, incident response plans, continuity of operations — within the capability of the technical author,” she defined. 

The cybersecurity staff there had greater than a dozen info techniques, and it was “the occurring, popping place to be.” She rapidly earned her first certification, a CISA A, a federal auditor certification, and began coaching to develop into an assessor. She additionally labored as an assessor, ISSO (info system safety officer), for a number of contracts, and briefly as safety management professor for NDTI (New Instructions Know-how Inc.), additionally at Kennedy Area Middle. 

SEE: How one can construct a profitable profession in cybersecurity (free PDF) (TechRepublic)

“I mainly acted within the capability of an inner assessor and an exterior assessor for the majority of my cybersecurity profession for the Area Middle,” she stated.

On high of the CISA, Harston has racked up certifications in knowledgeable threat administration framework, and CERM, the licensed impartial assessor certification. Though these certifications are vital, “the fact of the job loads of occasions doesn’t align with the framework,” she stated, “and you will have people who find themselves working in numerous capacities than what is definitely written on paper or whether or not it is a testable goal.”

A lot of her studying happened on the job, since “there’s so many alternative experiences and distinctive anomalies that may happen,” she stated. “There’s simply so many issues that you simply choose up auditing a management, as a result of the way you audit the identical management for a special system could also be a very completely different expertise.” She describes actual world expertise extra like “shades of grey” –– the place there will be “loads of subjectivity in evaluation.

Harston’s bachelor’s diploma is in enterprise administration, not cybersecurity. However she recommends a foundational certification, like Safety+, for anybody within the area. “It is going to allow you to exponentially. It could actually open loads of doorways for you,” she stated. The character of the sphere implies that certifications all the time must get refreshed. “It is not only a one-and-done diploma. It is like a unbroken studying course of to maintain your information updated.”


Andee Harston

On a typical day, Harston will get up round 6:00 a.m. and logs onto her laptop. The majority of her work is to assessment content material by vetted material specialists, who’ve been subcontracted by Infosec to create content material for various studying duties. Many of the content material is available in movies and slides. Harston evaluations it for technical accuracy, in addition to content material for the web site’s sources web page. This may very well be something from “a sure certification, a technical walkthrough of particular ransomware, or a scorching matter, just like the human think about cybersecurity or one thing,” she defined.

“I am going to assessment that from a technical perspective simply to verify, ‘Hey, does this particular person know what they’re speaking about? Is the data appropriate and correct and being offered in a means that the scholars can devour simply and successfully?'” She is a de facto fact-checker, ensuring the fabric covers all the mandatory particulars and is correct, and cites correct sources (i.e.,, not Wikipedia). If it does not, she sends it again for revision. Harston additionally makes positive that the fabric covers the training targets required by the trade — that are extra particular on the subject of certifications.

Harston’s staff has two different workers beneath her, who work on hands-on abilities and the IQ product, or the safety consciousness coaching, and she or he says it is a collaborative course of. 

“They’re going to say, ‘Hey, now we have a state of affairs right here for one among our new select your personal journey modules and we need to know if utilizing a lock display on a pc on this state of affairs is safe sufficient for the training goal we’re making an attempt to show.’ So that they’ll run that by me or I am going to give enter there,” she defined. She spends about half of her time in conferences, and the opposite half reviewing content material.

SEE: Prime 3 causes cybersecurity professionals are altering jobs (TechRepublic)

She additionally listens to shoppers for suggestions about what they wish to see extra of. Shoppers who attend conferences and may report again about merchandise can add worth. Typically she’s going to collaborate with the product staff. “I am going to say, ‘Hey, now we have this request from a shopper that they need this sure performance built-in into the system.’ So there may be loads of staff collaboration as effectively, along with getting that suggestions from the shopper.”

On high of loving the analysis side of her work, one other spotlight of Harston’s job is the chance for fixed studying from folks on the high of their area.

“After I left the DOD, I particularly sought out this kind of place with this specific firm — to me, it was the wedding between that cybersecurity information, which I really like, and that academic element, which I actually like loads as effectively,” she stated. For these considering following her path, Harston recommends discovering a mentor. If there is not somebody available, she suggests becoming a member of knowledgeable group, corresponding to Restricted Cybersecurity, a nonprofit providing sources and networking alternatives, or Nationwide Institute of Requirements and Know-how, which provides public working teams. 

“The benefit of the federal government framework is that they’re all on-line, all the data you ever would need or must know is there,” Harston stated. “It could be overwhelming trying on the bulk of it, however there’s loads of nice folks you can attain out to that will be completely happy to present you sources you’ll want to take the following step in your profession.”

Learn extra articles on this sequence

Additionally see

Recent Articles


Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox