INSIDE THE 
NEWS + ADVICE
Operational Cybersecurity Experience Sets Veterans Apart
As part of ClearedJobs.Net’s lead up to CyberTexas we are interviewing cybersecurity leaders and professionals from the San Antonio community and surrounding areas – many of whom are veterans – to share their cybersecurity stories of career transition, entrepreneurship and what makes the Southwest an exciting area for cybersecurity.
We kick off this series with Chris Gerritz, founder of Infocyte, who is a former Chief of Counter Cyber Operations for the 33rd Network Warfare Squadron at Lackland Air Force Base, part of the 24th Air Force Cyber Command.
What is cybersecurity
That is a good question. For someone who isn’t familiar with technology, or who has not been part of cybercommand, cybersecurity is the protection of our digital domain or your digital self. For example, physical security is the protection of your house and belongings that are important to you in the physical realm. Cybersecurity is the protection of your information and valuables that are on the internet and computers.
Tell us about Infocyte and its impact on cybersecurity
One of the biggest problems we see is that the attackers have completely outpaced the defenders.
Anti-virus software has been the mainstay of defense on computers. You install it hoping it will protect you from all the threats that are out there, but this has continually failed us over the last 5-10 years. There are professional hacker organizations that are out there 8-10 hours a day stealing information and private property to sell on the black market and making a lot of money on it. That kind of threat has not been stopped by antivirus or our current tactics.
The toolset that we have here at Infocyte allows us to go into an enterprise network and find out if there are any signs of these professional hacker organizations in their network getting ready to kick off a massive attack like the one at Sony earlier this year. The Infocyte toolset would be able to go in on a regular basis and scan for those kinds of negative presences, so the owners could get rid of it before it causes too much damage.
How is San Antonio uniquely qualified to be called Cyber City USA
One of the biggest things about San Antonio is that we have a startup niche community here that would be crowded out in any of the other technical communities like San Francisco or the Washington, DC, area. Other startup areas are very crowded with a lot of competition for finding a place to live. It is hard to have a lean startup in other areas that are too expensive to live.
San Antonio has a lot of untapped potential because we have so many cybersecurity assets, as we are the second largest cybersecurity concentration outside the Baltimore / Washington, DC, area. We are one of the most concentrated areas for cybersecurity talent. Most of this cybersecurity talent is currently working in the government at the cybersecurity commands. And as a companion, there is a large concentration of cybersecurity government contracts. There is an incredible amount of cybersecurity talent here, many with security clearances because they are all serving the government right now.
Infocyte is one of only a handful of commercial cyber companies in San Antonio, which is why we are not getting much fanfare. We are focused on building a product and application for the commercial market. This has its own set of challenges.
The great thing about San Antonio is that we can draw upon the great community and the talent that is here coming out of the military. When people are leaving the military from Lackland Air Force base, many want to stay in this area and look for employment here. If they can’t find anything here, they will look at the Baltimore / Washington, DC, area or San Francisco.
The difference between New York, San Francisco and San Antonio is that the person coming out of the military has operational experience. There is more operational experience in San Antonio than anywhere outside of the Baltimore / Washington, DC, area. This operational experience really sets this military professional apart from someone coming out of a university with a PhD – those are the guys that are being pulled into San Francisco.
The university graduates may have the technical knowhow, but they have not seen what these professional hacker organizations out of Eastern Europe, Russia and China are doing. These folks in the military have. We have seen their hackers, and we know what their capabilities are. We also know what our capabilities are to fight back, and knowing that sets us apart from the theoretical world. Operational experience is our number one asset here in San Antonio.
Tell us about the veteran entrepreneurship program that helped you start Infocyte
One of the big pushes coming out of San Antonio to become Cyber City USA – and there is still a long road to get there – is we have the talent and we have the cybersecurity asset concentration. However now we have to translate that to a commercial presence like what Infocyte is doing. Founders from various cybersecurity companies that used to be in the military like Denim Group and Innove’ who have commercial presence decided to get together, because there is a lot of talent coming out of the military and we need to convince them that it is possible to do entrepreneurship outside the gate.
My personal story for Infocyte is that I actually wanted to start this company in January of 2014 but ended up starting it in May. In January I went out on a march to look for funding, and for how you go about starting a business. It was not the best experience as I didn’t know what I was doing. I had ten years’ military experience and I went out to some investors to pitch them our business concept. I talked about our capability, not how this was going to make money. I was using military terms not commercial terms and they raked me over the coals. I was basically told that I should go out into the commercial world, get some experience, and then try to start a company.
But the cybersecurity world is moving so fast that this path didn’t really appeal to me. We had a product that was incredibly valuable but we didn’t know how to communicate it nor how to deliver a business case for it. So in March I went to the Cybersecurity Boot Camp and met with these previous entrepreneurs that had been in the commercial world for 10 years and they provided us with information, data and mentoring. I was able to read a lot of books, learn from the other entrepreneurs and really hone my messaging. This really convinced me that I could do the job as soon as I got out of the military and go straight into entrepreneurship. We ended up getting an investor on May 11th and started the company with my co-founder Ryan Morris.
Why do you feel veterans are uniquely qualified for careers in cybersecurity
As I said earlier the operational experience, first and foremost, is a very important asset that the veteran brings to the commercial cybersecurity world.
There is a different mentality with security people. When you take someone who is building web apps, they don’t necessarily have the additional perspective of how is someone going to hack the app and tear it apart. A lot of people code with the intention of making things work. It is a big enough challenge for a lot of people just to get something to work. When you build security software or any program with a security mindset you are constantly thinking I need this program to work, but also constantly thinking how someone would subvert it. Someone is going to ruin it or make it do something I didn’t design it to do. That is hacking – making a program do something it wasn’t supposed to do, a malicious action.
This security mentality is engrained in the military ethos, that warrior mindset. The security mindset is engrained in you from day one that there are people out there who have malicious intent and they will ruin what you are trying to create. Veterans can build something knowing that those people are out there and what their intent is.
What are your recommendations to fellow veterans who are looking at a cybersecurity career
It’s important to understand what type of company you are going after. Is it the standard government contracting company or a company that already has veterans? I have already been approached by veterans who are getting out and I am familiar with their various military units. I am able to say that particular professionals will have the keyboard and technical skills that will be a perfect fit for what we are doing or for a particular company. It is necessary to understand how you can bridge the technical descriptors from the military to commercial terminology.
I recommend that veterans coming out should be able to translate into commercial terms what their skill sets are and to be able to show that they are also very trustworthy. Veterans need to understand that they are going to have to be proactive and communicate their skills sets as most companies don’t have a veteran background and don’t understand the transferable skill sets that veterans have.
Many commercial companies don’t understand that there is this world going on in secret and top secret layers where veterans have experiences that are completely nonexistent in the commercial world. They need some way to translate this without giving up the secure information that they have.
Building a resume and a story of who you are and what you can do is one of the most important things veterans can do.
