Name: George Romas
Title: Chief Engineer
Employer: DXC Technology
Location: Washington, D.C., U.S.A.
Education: Bachelor of Science, Computer Science and Economics, Union College, Schenectady, NY
Years in IT: 34
Years in cybersecurity: 34
Cybersecurity certifications: CISSP
How did you decide upon a career in cybersecurity?
Cybersecurity came as part of the job. I’ve spent most of my career supporting the intelligence community, where every system or solution that you develop has a cybersecurity component. As I gained more knowledge and expertise, that security frame of mind becomes a way of life.
Why did you get your CISSP®?
The main reason for earning my CISSP was to satisfy government contractual requirements; however, at the same time, I felt it was a good way to refresh my knowledge on the building blocks of cybersecurity and validate my claims of expertise.
What is a typical day like for you?
On a day-to-day basis, I can be engaged in engineering secure solutions, developing intellectual property, assisting with business development and marketing, providing thought leadership (e.g. blogging, presenting at a conference, participating on a panel on the radio, developing a white paper, managing my team, or mentoring up-and-coming cybersecurity professionals.
Can you tell us about a personal career highlight?
There are several that I can’t speak to in detail, but in general, developing solutions that directly supported the national security mission of the United States. On a more individual level, it’s being recognized as a subject matter expert in the technology arena. Some examples: developing a 5-year technology roadmap for the National CounterTerrorism Center (NCTC); architecting a Cyber Defense Situational Awareness solution for NATO; contributing to the National Cybersecurity strategy for the Presidential Transition team in 2016.
How has the CISSP certification helped you in your career?
It’s not only a confirmation of level of expertise; the CISSP also provides a quantitative method for tracking and ensuring continual improvement and education. Organizations like (ISC)² provide a wide range of resources to keep my knowledge base up-to-date. Also, the way that CPEs are structured and tracked provides an avenue to actively guide your career progression.
What is the most useful advice you have for other cybersecurity professionals?
Diversify your education and training. Cybersecurity expertise is needed across all categories of technology. We need software developers, hardware designers, architects, engineers, etc. that can focus on securing the solutions they develop. This is especially important now, when we see the vulnerabilities in IoT/consumer devices.
Anything else you would like to tell us?
Cybersecurity receives more attention, now that computing devices are widespread, connected, and always on. Yet it has always been a required practice in protecting our national security and critical infrastructure. We need to be even more vigilant in today’s world, where ease of use and social collaboration have trumped security. With more technically diverse experts entering the cybersecurity field, I think we can find a balance between both extremes.
Aspiring to be a CISSP? Download the Ultimate Guide to the CISSP.