Needless to say, cyber pros come from many backgrounds. While a large percentage have technology or cybersecurity degrees, others come with business majors, history degrees or (more common lately) no university degree at all. You can read more about this cyber career topic in this blog.
Which leads me to this inspiring story and the interview below.
Back in early September, I was blessed to meet Sara Snell at the StateRAMP Cyber Summit in Indianapolis. Ms. Snell is currently an information systems security officer for the state of Montana, and you can see her LinkedIn profile here.
What immediately impressed me about Sara was her passion, excitement and thirst for knowledge regarding “all things cybersecurity.” She clearly was delighted to just be at this national StateRAMP cyber event, and she spoke confidently and proudly about her team’s mission within Montana state government.
But what actually shocked me, and led to publishing this interview, was her background as an elementary school teacher. I will let you read more about that in Sara’s answers below.
Sara Snell (SS): I grew up with teachers in my family, and from age five, I had a chalkboard and old teaching manuals. Playing school was how I spent my free time in grade school. Having incredible teachers growing up and seeing their impact on me and others inspired me to want to help people. I went to college, earning a bachelor's degree in elementary education. After graduating, I taught elementary school for four years. I decided to shake things up and make a change, so I moved to Colorado and took a job in local government.
DL: What prompted you to consider a career in cybersecurity?
SS: I moved back to Montana to work in state government. During the 2021 legislative session, a topic of discussion was the demand for cybersecurity professionals exceeding the supply. The conversation sparked my interest in cybersecurity, so I began talking with employees on the security team to learn more about the profession. I learned two critical things. First, cybersecurity was not someone sitting in a dark room, wearing a hoodie, looking at a computer screen with green ones and zeros. Second, I was already using cybersecurity principles in my current job without realizing it. When I combined my interest in cyber with the job growth projections and lack of diversity, I knew I wanted to work in cybersecurity.
DL: How did you become interested in a role with Montana state government?
SS: It was a conversation with my state CISO. I sought their advice on making a career change to cybersecurity, thinking I needed to earn a degree in cybersecurity to get into the field. The CISO explained that was not the only avenue — transferring skills from prior jobs was another. The state was planning to consolidate cybersecurity and was going to be hiring people. Loving state government and working for the Department of Administration, I looked at the transferable skills I developed over the years and other professional experience and took the Security+ course to build my cybersecurity knowledge. I made joining the state’s cybersecurity team and being part of defending state and citizen data my goal.
DL: What training have you gone out to get to qualify for your role in cyber?
SS: One of the draws to joining Montana’s cybersecurity team was the training budget and the administration’s commitment to investing in employees. Over the last year, I earned the Certified in Cybersecurity (CC) and the Systems Security Certified Practitioner (SSCP) certifications. I am currently working toward the Certified in Governance, Risk and Compliance (CGRC) certification. In addition to what I have learned from the cyber certifications, I draw on my knowledge and experience in policy, contracts, procurement, business processes, and teaching from prior roles.
DL: You have an amazing passion and thirst for knowledge in the cybersecurity field. Where did that come from?
SS: Part of it is my nature. I love learning and immersing myself in everything I do. One of my favorite things to do is meet people such as yourself at conferences, like the MS-ISAC Annual Meeting and the StateRAMP Cyber Summit, who are passionate about cybersecurity and share their knowledge, fresh perspectives and ideas on how to defend our states better. Being part of something bigger and making a positive impact is not only rewarding and fulfilling but energizing to me. I will always be a teacher at heart. By learning as much as possible about cybersecurity and having a sound understanding, I can better help those around me and make a difference.
DL: Tell us about your current role and responsibilities.
SS: I am an information systems security officer. In my role, I help the business achieve its mission by advising system and business owners, the chief information security officer, and the chief information officer on all systems-related matters to help the state protect its assets and citizens’ data. That comes in the form of working with system owners on their system security plans, reviewing and documenting security controls, and creating actionable plans for system owners to address vulnerabilities and reduce risk.
DL: Where do you want to be in 10 years within the cyber field?
SS: I hope to have gained a well-rounded understanding of cybersecurity. To do that, I want to work within different areas within the cyber field. Throughout my career, mentorship has profoundly impacted my development, and I want to support and guide others. Over the past year, I served on a joint task force between the National Association of State Procurement Officials (NASPO) and StateRAMP, where we created tools to assist state and local governments in procuring secure and safe IT cloud products. Working alongside highly knowledgeable and distinguished professionals in the procurement and IT communities was an incredible learning experience. I will take advantage of every opportunity to increase my knowledge, share my expertise and collaborate with others to help advance the cyber profession.
DL: What excites you most about the coming year in Montana government — working in cybersecurity?
SS: We have several exciting projects in the coming year. Cyber hygiene and assisting agencies in implementing a zero-trust architecture will be our focus, both of which will help us mature our cyber posture. I am also looking forward to shadowing our cybersecurity operations team to learn more about what they do and to gain hands-on experience in incident response and technical security.
DL: Is there anything else you would like to add?
SS: Anyone interested in cybersecurity with no technical background or degree in cybersecurity should consider the transferable skills they bring to the table. Cybersecurity requires critical thinking, attention to detail, problem-solving and communication skills to be effective. CISOs are an incredible resource and can always help point a person in the right direction on what they can do to position themselves better to get into cybersecurity.
FINAL THOUGHTS
Another trait that jumps out at anyone who talks with Sara regarding her cybersecurity career is an off-the-charts “go-getter” attitude, which I find so refreshing. During my career, I have seen this excitement in early-career cyber pros who went on to do great things — such as Mike Monticello, who I wrote about a few years ago.
But wrapping up with Sara’s conversation, my hope is that her story will motivate others to jump into a cybersecurity career from other disciplines.
One final thought: ChatGPT often offers me several good headlines to summarize my blog interviews. Here are a few ideas that I did NOT select this time around (but are still helpful summaries nonetheless) to describe Sara’s career journey so far:
- From Chalkboards to Cybersecurity: My Journey to Defending Data
- Cybersecurity: A New Path for a Lifelong Teacher and Learner
- How I Transitioned from Education to Cybersecurity — And Why You Can Too
- Cybersecurity Career Change: Lessons from the Classroom to State Government
- The Cyber Journey: From Teaching Elementary Students to Protecting State Data
- My Road to Cybersecurity: A Teacher’s Passion for Learning and Impact (I almost picked this one, and I hope it inspires readers.)