Horiuchi 1

Jordan Horiuchi
CST 300 Writing Lab
09/20/2016
A Career as an Information Security Analyst
With an array of job titles and positions under the umbrella of the technology industry,
determining a career that is relevant, profitable, and satisfying can prove daunting. As the
technology industry is advancing, evolving, and changing more rapidly than ever, so are the
required skills and knowledge needed to become and continue to be successful in this field.
Software, hardware, applications, languages, strategies, etc. something changes every day.
With evolving technologies, however, come new risks and security threats. Vital information is
increasingly being stored on networked devices, including critical banking and healthcare
information, thus, the need for stronger security protocols is paramount. As information security
needs to adapt with evolving technologies, there is constant need for skilled security analysts to
safeguard this information, and job growth is expected to reach 25% over the next five to ten
years (InfoSecInstitute, n.d.). The duties of a security analyst include protecting all company
sensitive information, insuring adequate network security, creating reports for administrators on
efficiency, making recommendations for improvements, training employees on proper
safeguarding, ensuring current software and hardware, and documenting all security protocols
(InfoSecInstitute, n.d.). A career as a security analyst, while encompassing a wide range of
responsibilities, can, aptly, ensure high job security. This paper briefly covers the current major
corporations involved in, trends and skills/knowledge requirements of, and plans to secure a
career in the information security industry.
According to the Cybersecurity 500 List of Top Security Companies, root9b ranks first,
with companies such as the Herjavec Group, IBM Security, Palo Alto Networks, and Cisco in the

Horiuchi 2

top ten (Cybersecurity Ventures, 2015). The Herjavec Group provides information security
services. One of North Americas fastest-growing technology companies, the Herjavec Group
was founded by Dynamic IT entrepreneur Robert Herjavec in 2003. Their managed security
services are supported by state-of-the-art, PCI compliant Security Operations Centres (SOC),
operated 24/7/365 by certified security professionalscoupled with [leading] compliance, risk
management, networking & incident response (Cybersecurity Ventures, 2016). It is no surprise
that IBM, already a known leader in a variety of products in the past as well as various managed
corporate solutions currently, also has a strong security subsidiary. Focusing on Enterprise IT
security solutions, IBM Security offers the strategies, capabilities, and technologies necessary to
help agencies preemptively protect Web applications from threats and address the complexities
and growing costs of security risk management and compliance (Cybersecurity Ventures, 2016).
Palo Alto Networks offers threat detections and prevention services providing an innovative
platform that allows users to secure their networks and safely enable an increasingly complex
and rapidly growing number of applications. This platform is based on a next-generation
firewall delivering visibility and control over applications, users, and content within the firewall
via a highly optimized hardware and software architecture (Cybersecurity Ventures, 2016). As
Cisco routers and other networking products have already become an industry standard, it makes
sense that Cisco continue to grow by providing a variety of management solutions including
threat protection and network security services.
Cisco security innovations provide highly secure firewall, web, and email services while
helping to enable mobility and teleworking[and] products include: Access Control
and Policy, Advanced Malware Protection, Email Security, Firewalls, Network Security,
Next Generation Intrusion Prevention System (NGIPS), Security Management, VPN and
Endpoint Security Clients, Web Security. (Cybersecurity Ventures, 2016)

Horiuchi 3

And yet, Root9B, LLC, stands out among these formidable competitors. Headquartered
in Colorado Springs, with a branch office in San Antonio, TX, the company currently employs
less than 50 people. Root9Bs advantage is that its workforce consists of US military and law
enforcement veterans with extensive experience providing cyber security and advanced
technology training, operational support, and consulting services to federal government and
commercial customers in the United States and internationally. Founded in 2011 by Mr. Eric
Hipkins, Chairman and CEO, root9Bs services include vulnerability assessment, penetration
testing, network defense operations, computer forensics, evidence and data collection, forensic
data analysis, mobile forensics, tool development, mobile cyber protection, SCADA security
operations, and wireless technology support. Root9B also provides compliance testing, data
breach prevention and remediation, cyber policy assessment and design, curriculum
development, cyber exercise development, malware analysis, etc.
Founder, Chairman and Chief Executive Officer Eric Hipkins has 25+ years of
experience specializing in advanced cyber and technical intelligence operations. He is a military
veteran with extensive experience across the DoD, Intelligence and commercial community, and
has earned more than 12 nationally recognized certifications, including professionalization by the
NSA as an Intelligence Analyst and Adjunct Faculty. He holds a Masters Degree in Computer
Resources and Information Management graduated the prestigious Middle Enlisted Cryptologic
Career Advancement Program and received the distinguished Knowlton Award for significant
intelligence contributions to the United States of America. Mr. John Harbaugh, Chief Operating
Officer, bring 25+ year of cryptology and intelligence experience, and orchestrates all root9B
cybersecurity operations, capability development, and training services. He is a DoD-certified
Master-level technician with expert skills in cyber defense and network security operations as
well as a member of a U.S. government advisory panel, providing expert advice to senior leaders

Horiuchi 4

regarding cyber defense and emerging technologies. Rear Admiral Hank Bond, US Navy
(Retired), Senior Vice President, was active in the US Navy 31+ years with extensive experience
in building/operating/defending both Navy and joint service command & control and information
networks aboard ship and on land. He served as Director of Cyberspace Operations as well as
CIO at NORAD and USNORTHCOM focusing on homeland defense. He graduated the US
Naval Academy and holds a ME in Management from The George Washington University and a
MS in National Resource Strategy from the Industrial College of the Armed Forces. Mr. Michael
Morris, Chief Technology Officer, possesses 14+ years of experience in intelligence operations
with specializations in advanced offensive/defensive cyber operations, tactics/tool development,
and advanced training. He developed notable programs in advanced cyber tactics, refining
offensive/defensive maneuvers for the DoD, and is responsible for the company's technical
vision and technological development. He was also the chief architect behind the design and
integration of root9Bs Active Adversarial Pursuit platform, an integral member for shifting the
nations perspective on adversary pursuit operations. In addition, the Board of Advisors is
comprised of former high-ranking government military officers and politicians with an
astounding combined experience in combat, intelligence, and bureaucracy. Furthermore, with its
close ties to and vast network within the US government and other entities internationally,
root9B often successfully secure large-budget contracts.
No matter the amassed knowledge and experience of ones team, it is imperative to keep
ahead of the trends within the industry to stay relevant. As online security trends continue to
evolve, Michelle Drolet via tripwire.com expects that in 2016:
at least one consumer-grade IoT smart device failure will be lethal. Ransomware
will make further inroads, since the majority go unreportedPublic interest in
connecting devices and appliances to the Internet will increase[and] cybercrime

Horiuchi 5

legislation will take a significant step towards becoming a truly global

movement (2016).
What exactly does this mean? Online extortion, a newer area of cybercrime, involves the use of
ransomware through which an attacker can demand payment from victims after locking device
screens, stealing information, threatening them with fabricated crimes, etc. As an attacker can
target almost all personal and corporate information virtually, online extortion is a very real
threat. The Internet of Things (IoT) refers to connecting devices and appliances to the Internet
and as it is exhibiting faster growth than smartphones and tablet devices, it is an eventuality that
a failure or malfunction in consumer-grade smart devices will result in physical harm is greater,
or worse, a fatality. As the public continues to embrace mobile payment options such as Android
and Apple Pay, cybercriminals will target the new technologies emerging which enable mobile
pay in order to access valuable personal information. As a new field, mobile payment methods
are at greater risk of cyber-attacks and, therefore, securing this information must be of the
highest priority. Michele Drolet further posits that governments and authorities will continue to
grow their responses to, increase international cooperation regarding, expand their role in
protecting the Internet and its users from, and create updated legislation addressing cybercrimes
(2016). And, due to rapidly-changing and ever-evolving technologies including expanding
wireless devices and cloud-computing, information security is of utmost importance. Thus,
information security professionals are, and will continue to be, in high demand. According to
modis.com, the information security field is on the rise and is expected to grow 18% by 2024
(Tech Jobs on the Rise, n.d.).
Pursuing a career as an information security analyst, one needs to be fully prepared and
work-ready, as most companies do not spend much money on training anymore. A
comprehensive Bachelors Degree program in Computer Science is necessary to secure a job in

Horiuchi 6

the field directly after graduation. California State University at Monterey Bays completelyonline CS degree program is not only a comprehensive program which prepares you completely
for a career in the industry, but also is convenient and challenging. The CS online degree
completion program from California State University, Monterey Bay offers a unique blend of
computer science theory and hands-on information technology practice. This combination results
in graduates exclusively prepared to participate in the fast-paced information economy in jobs
such as: Mobile app developerSoftware developer[or] Project manager (California State
Monterey Bay, n.d.).
Beginning with CST 300: Major ProSeminar, students are challenged to research in-depth
the specific career they wish to pursue helping them decide a specific profession also focus their
studies towards that goal. CST classes 205: Multimedia Design and Programming, 363: Intro to
Database Systems, 336: Internet Programming, and 311: Intro to Computer Networks provide
students with a solid foundation of the languages, concepts, and tools of the various areas of
computing. CST 311 details Internet and networking protocols as well as trends and tools of the
field. CST 363 covers both usage and design of database, a popular area of focus, as well as
provides familiarity and practice using database languages. CST 336 gives students the tools and
knowledge to build dynamic web applications while CST 205 [i]ntroduces design, creation, and
manipulation of interactive applications and electronic media for communication purposes
(California State University Monterey Bay, n.d.).
CST classes 338: Software Design (OOP using Java), 438: Software Engineering, and
370: Design & Analysis of Algorithms utilize the concepts and foundations of the previous
courses. CST 370 develops the concepts of algorithms, the building blocks of program design.
CST 338 introduces students to object-oriented programming as well as the fundamentals of the

Horiuchi 7

software development process, skills and knowledge used to create a working deliverable in CST
438. Programming proficiently is not sufficient to be a valuable member of a software
development team; one must understand the entire process to successfully collaborate with
coworkers and create the desired products.
Finally, unique CSUMBs unique CST courses 361S: Technology Tutors, 373: Ethics in
Comm & Tech, and 499: Directed Group Capstone allow students to take a more hands-on, reallife, and practical experience in the field. CST 361S is a service learning class through which
students design a project for, write a proposal about, and carry out a project in order to aid a
school, non-profit, or community applying their technological expertise. CST 373 exposes
students to current issues of ethics as they apply to the field of technology and information
science such as privacy, intellectual property, etc. Finally, CST 499 is a final group project in
which teams of students work from requirements to deliverables with faculty acting as Project
Managers. These classes, and the order in which they are sequenced, fully prepare a student to
be work-ready for several jobs in the technology industry. Additionally, for a security analyst,
the InfoSecInstitute recommends courses such as ethical hacking, penetration testing, incident
response, computer forensics and reverse engineering and lists among common certifications
Certified Ethical Hacker (CEH), CompTIA Network+, Certified Penetration Tester (CPT),
CWAPT, and Certified Reverse Engineering Analyst (CREA) (n.d.).
Of course, a strong and thorough education is only a solid foundation on which to build your
professional assets. Tom Farley, President of the NYSE, relates a story of how two executives
meet up at a conference and put aside differences to chat, which he says is the type of
networking [that] is crucial to succeeding as an individual, thrive in your industry, and have fun
in your career (Farley, 2016). Furthermore, Farley goes on to say that he owes almost every job

Horiuchi 8

to networking, including his current position (2016). One of the best ways to meet and network
with industry professionals is attending one of the many information security conferences in the
US and around the world. According to David Bisson from tripwire.com, among the top 11
information security conferences of 2016, RSA rates third (2016). This conference has grown so
to include 4 conferences in three different regions of the US, and as Lamar Bailey states in the
Bisson article, Every security company showcases what they are doing and what is new in the
industry (2016). This conference, therefore, is a great way to get insight into new trends,
technologies, and strategies in this field. Not only is the RSA conference series a great source of
information, it also provides the best opportunity to network with friends, foes, partners,
customers and the security connections it has to off (Bisson, 2016). Therefore, attending this
and similar conferences can be quite useful.
LinkedIn, a powerful social networking site for professionals where you can post your
resume, list skills, link with/endorse other people, and search for jobs is another great networking
tool. Keeping your skills and resume updated as well as connecting with others are integral to
making your profile noticeable. While it is certainly helpful to get an internship while
completing a degree, it is also understandably difficult and competitive in this field, though at
least most are paid now. Nevertheless, it is always advisable to have several specific saved
searches for entry-level jobs or internships.
There is no singular or right path to any career, and this paper merely attempts to outline
the current trends in and requirement of security analysis. But who knows what new trends,
skills, or technology next year will bring.

Horiuchi 9

References
Bisson, D. (2016, January 05). The Top 11 Information Security Conferences of 2016. Retrieved
from http://www.tripwire.com/state-of-security/off-topic/the-top-10-information-securityconferences-of-2016/
Bloomberg. (n.d.) Root9B LLC: Private Company Information. Retrieved from
http://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=251856208
California State University Monterey Bay. (n.d.). Learning Pathways (24 Months). Retrieved
from https://csumb.edu/scd/learning-pathways-24-months
Cybersecurity Ventures. (2015). 500 List of Top Cybersecurity Companies. Retrieved from
http://cybersecurityventures.com/cybersecurity-500/
Drolet, M. (2016, January 20). 5 InfoSec Trends for This Year. Retrieved from
http://www.tripwire.com/state-of-security/security-awareness/5-infosec-trends-for-thisyear/
Farley, T. (2015, July 07). NYSE President: I owe every job Ive ever had to networking.
Retrieved from http://fortune.com/2015/07/07/tom-farley-networking-tips/
InfoSecInstitute. (n.d.). Become a Security Analyst. Retrieved from
https://www.infosecinstitute.com/careers/security-analyst
Tech Jobs on the Rise - 18 High Tech Jobs in High Demand for 2017. (n.d.). Retrieved from
http://www.modis.com/it-insights/infographics/top-it-jobs-of-2017/