NEWS + ADVICE
Cleared Cyber Career Insights, Priyanka, Northrop Grumman
Priyanka, Cyber Software Engineer at Northrop Grumman, shares her experience working as a cleared cyber security professional.
What inspired your career path?
Originally, I never really saw myself doing anything in the cyber security field, or technology in general. Throughout my childhood I always wanted to be a lawyer. But then in high school, I went to a debate competition and one of the topics they gave us was cyber security related. I was so intrigued and I found myself researching it constantly. So I focused on cyber security in college, and I joined the cyber scholars program at UMBC. The program exposes people of all different backgrounds to the field of cyber security and all the various jobs in cyber.
I was lucky enough to touch a lot of different arenas in the industry in my short four years working at Northrop Grumman. I joined a rotational program at Northrop Grumman for recent grads. They take you on three different rotations so that you can experience different kinds of cyber security jobs without having to leave the company, which is great for new hires that want different experiences. I started off on the strategy team as an intern, where we looked at policy issues surrounding cyber security. From there I became a cyber software engineer, which is my current role.
What made you consider a career that required a security clearance?
It was the mission. My dad actually has a security clearance and he could never really talk about his job when I was growing up. I always wondered what that entailed. I thought that’s quite an honor to work that kind of job, because not everyone gets to do it. You have to have a certain level of integrity to work a security-cleared job. I didn’t want to go commercial after looking at my dad’s experiences. When I came to Northrop Grumman I wanted to stick to defense, because I really wanted to work for the mission.
There are a bunch of cyber jobs in the commercial world too. I think a misconception people have is that cyber security equals defense, but that’s not necessarily the case. I looked at some cyber roles for companies like Morgan Stanley and Google. Although it was still security and I could apply a lot of my interests and skills, I wanted to work on contracts that produced government products. I think it comes down to preference at that point and where you want your skillset to be delivered.
Did anything surprise you about your security clearance investigation?
They are not looking for perfect people. At first I thought they were just looking for a cookie-cutter person to fit that persona of a TS/SCI cleared person, but everyone’s story is different and they get that. You can’t find a cookie-cutter person—that doesn’t exist. All they want to be able to do is to trust you.
They’re very open about what they expect depending on what the clearance level is. I think people get scared sometimes with this process. There is nothing to be afraid of because they’re very upfront with what they look for. And if you’re not comfortable with it, you can go for another clearance level that you are comfortable with.
Is your job truly cyber security or a different discipline that gets lumped into cyber security?
I think it’s definitely something that gets lumped into the whole of cyber security. The field itself has really expanded so much over the past two decades. Even just a few years ago people thought it was limited to just cyber analysts. Working in a cyber security operations center is not something you see across all different kinds of companies, whether that’s a commercial company or a defense company like Northrop Grumman. I’m a software engineer on a government contract, so we build mission-oriented solutions and that certainly is one aspect of cyber security.
I look a lot at the IoT for example, Internet of Things. You have to protect the safety of different Internet of Things and that is cyber security—but it’s also part of a bigger picture. I think working on a government contract automatically lumps itself into a cyber security job because you’re constantly thinking about the safety of those using it. And oftentimes you’re giving your products to cyber analysts to use themselves, to other government employees, and military personnel, so it’s certainly security-related.
How do you stay on top of all the advances in technology to keep current with your job?
Every aspect of tech keeps growing every day and I think that’s something we all struggle with. In order to keep up you really have to find your niche and stick to that niche. My niche is cyber security, and there are very many sub-niches inside of it as well. So I read different blog posts, I listen to CyberWire podcasts, and I read the CyberWire daily briefing every morning when I have my coffee. That keeps me up-to-date with the world of cyber security. Then I look at things that especially interest me and I dive deeper on those. I spend some time looking at the technical skillset but I think overall it’s really important to keep up a broad level of what’s going on in the world of cyber security.
What influences your day-to-day workflow?
It differed across different rotations. In my first cyber software engineering job, I worked on a system that had to be up 24×7. So when I was on that project, I could have expected a call at anytime of the day. It was my responsibility to make sure that the system was up, so that was a big influence on my workflow.
Currently, I’m not working on a system that has 24×7 upkeep, so it’s an eight-hour day. We follow an agile methodology, which is really common in the defense world as well as the commercial world. We have certain tasks lined up and we’re supposed to work on those tasks for our sprint. It’s very structured these days.
Are there any certifications you wish you had prior to starting with Northrop Grumman?
Yes, one big one was Security+, which I took a year after working at Northrop Grumman. They actually sponsored my certification training for that, but if I had taken it in college before I started at Northrop Grumman I feel like I would have had a better grasp of what the cyber security domain entailed. I got bits and pieces of that through the cyber scholars program, but when you study for a certification like Security+, you really get to see what specific technologies fit into every single realm. So you don’t necessarily have to talk to so many people or rotate through a bunch of jobs. You literally get that from studying for that cert. So anyone interested in learning about cyber should definitely take the Security+.
Which of your soft skills are most important to performing well in your position?
I think one is open-mindedness. When you’re working in a cyber security role, you have to look at very many aspects of the problem. You shouldn’t be narrow-minded in your research engineering or even talking to your colleagues, because everyone has something to contribute. If you’re only thinking about your opinion or your perspective, you may miss the root of the problem.
Another soft skill is constant communication. If you’re wary about something, you should completely communicate that to your team, because they can help you more than likely. And your teammates should do that too, because you can fill each other’s knowledge gaps to solve the problem. You don’t want a problem going unsolved because you’re shy or embarrassed to communicate it. No one should have to know the answer to everything, that’s the point of having a team. Those are the two soft skills that I use on a daily basis.
How do you manage your stress and avoid burnout?
I think it differs across different people. Some people always like to be online, they always want to be the person to fix all of the technical issues, and be the person responsible to keep the system up. Others like a more routine schedule. They just want their eight hours a day and that’s it.
I had to understand what burnout meant to me. I really had to understand what my stressors were and when too much work was too much for me to handle. I enjoy a more structured environment. I like my eight hours a day and afterwards I like doing other things that interest me. Although I love security I’ll admit I don’t want to do it all day like some people. There is nothing wrong with either, but I think you do have to define what burnout means to you. I definitely learned that throughout the past four years and I need little breaks.
And when you work from home you can feel kind of guilty because your work laptop is staring at you all day. You think, I do have extra work to do and I’m here anyways – I don’t have a two-hour commute anymore. You can spend those two extra hours working, but you shouldn’t.
What are you looking at as your next path in your cleared career?
I’m doing a PhD in computer science at the University of Maryland, Baltimore County. I really want to be on the research side. So far throughout my cleared career, I have been on the software engineering side. Sometimes those two can collide, but oftentimes not. In the next five years I hopefully will be graduating, and upon graduation I hope to enter a research scientist role. I really want to be on the cutting edge, working on technologies like artificial intelligence, and how we can use artificial intelligence to propel the cyber security industry. We’re far from that and I really want to be one of the scientists helping that vision.
To find out more about cleared cyber careers, listen to this special edition CyberWire podcast featuring Priyanka and two other women from Northrop Grumman.This entry was posted on Thursday, February 11, 2021 12:23 pm