From the deep caverns of federal defense contracts technical support to the wide-open Internet of Things (IoT) of today’s household appliances, SecureStrux's Senior Cybersecurity Analyst Justin Sylvester applies a keen focus to monitoring trends and educating others in order to strengthen the Cyber landscape of our country. Below Justin offers some insight to his personal approach and what might lie ahead for cyber:
Justin Sylvester has always had a strong interest in computers. After graduating from Wayne State University, he obtained a job centered on providing technical support for an established defense contractor. As his professional career developed, so did his interest in cybersecurity. “Supporting IT within the defense industry provided me with exposure to key security concepts. Protection of information systems piqued my interest and eventually turned into the vision for my career path.”
Justin joined the SecureStrux team in June 2018 as a Senior Cybersecurity Analyst. He is a member of (ISC2) and holds their Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) certifications. He is also a Certified Ethical Hacker (CEH). As a Senior Cybersecurity Analyst, Justin provides assistance to SecureStrux clients in the areas of Risk Management Framework (RMF) and Command Cyber Readiness Inspections (CCRI).
Continuing his own education and sharing knowledge with other industry professionals has been important to Justin throughout his career. “Being part of such a knowledgeable team has allowed me to continuously enhance and share my knowledge in all the areas of Cybersecurity. I enjoy educating others in order to strengthen our country’s cyber landscape. Since joining SecureStrux, I have received a tremendous amount of support, education, training, and encouragement from our team of industry-leading experts, a benefit that is not available at every company.”
When asked about industry trends he is seeing out in the field, Justin identified the Internet of Things (IoT), stating, “We are entering an age where everyday devices such as lights, thermostats, refrigerators, coffee makers, and televisions possess the capacity to connect to the Internet. Many consumers do not realize these devices lack basic security functionality and protection. This lack of protection can provide adversaries with easy access into the network to which the devices are connected. There are also concerns regarding embedded technologies that have been created and released without a logical methodology to remediate newly discovered flaws.”
Justin is quick to tell businesses who are considering hiring a cybersecurity professional that protecting the privacy of personal data and company secrets should not be viewed as a cost but as an investment. “Failure to provide due care has the potential to lead to stakeholder prosecution and fines that could cost organizations millions.”
When it comes to identifying and addressing critical gaps in cyber, Justin believes that there is a tremendous gap in the area of vulnerability and patch management. “Numerous published reports have detailed that organizations are not patching critical issues in a timely manner, leaving the door open to adversarial exploitation. In addition, although the availability of global information empowers innovation and functionality, it also introduces new threats to privacy, safety, and national security. To borrow a well-known quote, ‘With great power, comes great responsibility.’ It is the mission of cyber professionals to ensure that the security of connected systems is sufficient to protect against these threats. As professionals in the tech industry, we are responsible for minimizing the time between vulnerability discovery, patch creation, patch release, and patch deployment.”
Justin says that in his experience it is always best for specific organizations to assess their existing risk, followed by the development of security strategies that assist in minimizing identified risk to an acceptable level. This can be accomplished through self-assessment, or, preferably, through an independent third-party assessor to achieve unbiased assessment results. He notes that there are a ton of best practices and guidelines out there, but every industry and organization is different.
Asked about his own advice to those pursuing a career in cybersecurity, he says, “The key is to never stop learning; whether that is participating in professional organizations, presenting at conferences, publishing articles, reading books, articles, and blogs on cyber, or listening to podcasts, it is important to stay hungry in order to keep up with technological evolutions and industry trends.”
What I’m loving right now:
Book: Learn PowerShell Toolmaking in a Month of Lunches
Podcast: SecurityNow with Steve Gibson.
App: Newsfusion, Cyber Security News & Alerts
See more about Justin and Our Team.
SecureStrux, LLC is a Women-Owned Small Business (WOSB) Cybersecurity Firm that provides specialized services in the areas of compliance, vulnerability management, cybersecurity strategies, and engineering solutions. We offer a comprehensive range of services that provide clients with proven methods and common-sense approaches to secure their data, build trust with their clients, and remain compliant with DoD, Federal, and Commercial cyber governance.