Digital Technology Instructor Interview: Carlos Villegas
Cybersecurity is my passion.
Architecting systems that are so hard to penetrate is what I love to do.
I’m one of those few lucky people that found, at an early age of 13, why they like to do. In my case, Computer Programming and Cybersecurity. Programming allowed me to be sort of an artist, a digital artist that created programs and made computers do complex things. I still ‘The Peg Game’, a game I programmed in a computer language called Basic on my IBM PC Jr. I was hooked on programming from that day on. Looking back, I realize that I didn’t make the best software game design at the time, but it served me as a springboard to bigger and better things that I’ve done up to the present, and continue to do.
That was programming. Now for Cybersecurity.
Ever since the age of 15, when I installed my first modem, I have been infatuated with how machines communicate. But I didn’t pursue that curiosity too much because, at the time, messing around with networking could get you into trouble if we weren’t careful. That remains true today as well. The difference today is that there is a clear distinction in society between intent: hackers with good intent vs. those with bad intent. Work went into a brief partnership with an East Coast University to create a Master’s in Cybersecurity cohort for a few of us at work. Twenty-six of us started the 3-year intense program, but only twelve of us finished it. The hardest thing I’ve done in my life is work full-time, go to school, be husband and be a father all at the same time. But I did it! In return, I got a huge sense of accomplishment.
The learning in Cybersecurity doesn’t stop with getting a degree or a certification. The cyber landscape is among the quickest moving fields; within the blink of an eye, a lot happens. Cybersecurity is a “contact-sport” with the zeros and ones (and very soon with the Quantum ‘qubit’). Aspiring cybersecurity professionals must augment their formal studies with hands-on studies and activities: participating in as many Capture-The-Flag (CTF) hacking competitions as possible, setting up a Cybersecurity test lab at home using virtualization, building your own firewall (i.e. pfSense), and trying to break into their own equipment. Lastly, try to keep up with Cybersecurity news on a daily basis. In doing all of these things, they will develop the much-needed Cybersecurity skills of today.
Is there anything you are currently working on that you would like to share with us?
At work, I using my Cybersecurity and programming background to keep military Unmanned Air Vehicles (UAVs), such as the http://www.northropgrumman.com/Capabilities/GlobalHawk, impermeable to cyber-attack. The goal of doing everything I can to prevent a 9/11 with UAVs is why I get up every morning and go to work.
I’m big on giving back to the community; so, outside of work, I use my Cybersecurity background to help young students find their passion in Cybersecurity by mentoring them. On a regular basis, I’m mentoring between 50 and 60 high school students in a year-long cyber defense youth competition called CyberPatriot (http://uscyberpatriot.org/). Additionally, when given the opportunity (now 3 years in a row), I get to spend two days with ~300 Girl Scouts and bring them Cybersecurity at a GenCyber event at one of the local university.
Could you tell us about our partnership with IBM and the benefits that our students will receive from taking your Cybersecurity Lab (Defensive Tools) course?
IBM Developed security solution that when properly tuned can detect anomalies in organization’s network and devices before they become a problem.
What advice can you give to our students trying to break into the Cybersecurity field?
Participate in as many CTFs as possible. Participate in organization Bug-Bounty programs.
Is there anything new and groundbreaking in cyber security field that students should be aware of?
All WiFi networks (as of today, 10/16/17) are vulnerable to attackers as a result of a new vulnerability found that attacks the WPA2 protocol by a “Key Reinstallation Attack forcing the reuse of nonce”.