Project Manager, CACI International

My name is Curtis Smith. I'm a cyber security engineer. Cyber security engineer looks at threats and vulnerabilities, whether it be infrastructure, people, things, and you try to devise countermeasures to those threats. Many of the projects are network defense type projects, whether it be Wi-Fi, cell phone. Cell phones are predominant. They're ubiquitous, right? Everyone has a cell phone. They're used for video, they're used for photography, they're used for word processing and things of that nature, so that's the number one attack vector. So trying to allow people the flexibility to use these things while keeping them secure from themselves in most regards is very challenging. So I was more of a network infrastructure person. So I've expanded my capabilities to Wi-Fi, and understanding pen testing methodologies, 'cause that's what hackers use. They use pen testing. They assess an environment. They do different things. So there's an attack life cycle. So understanding that attack life cycle. So looking at things from their perspective. So if I can look at it from their perspective, I'm better able to secure a network. My job is to just solve problems, right? So we scan an environment for threats, for vulnerabilities to that environment, and then take steps to mitigate it. So typical project management types of things come into play. Each project, it's like a good book. It has a beginning, middle, and an end. And you try to do it as cost-effectively as possible. But in some instances, if the threat is, so you do a risk assessment, right? So if the cost of remediating the issue is less than the cost of the issue device, environment, then it's up to the employer to determine, or the customer to determine if they want to expend that money. Now if it exceeds that, then you get law of diminishing returns, right? You don't wanna spend more to insure a vehicle than it's worth. So similar methodology comes into play.