Cybersecurity professional David Lipscomb is thriving in a tech space that the U.S. Bureau of Labor and Statistics indicates will grow 33% in the next 10 years.
Lipscomb builds and implements information security management systems to keep out what he calls the “bad actors” attempting to hijack company networks. He also serves as the president of the Philadelphia chapter of the BDPA (fka Black Data Processing Associates), an organization that facilitates training and mentorship of Black IT pros. He frequently looks for ways to pass on what he’s learned to anyone interested in entering the cybersecurity industry — one that can earn those working in it a median pay of more than $100,000 per year.
Lipscomb joined Technical.ly for a career-focused AMA on our public Slack channel this week. You can find the full version of it over in the #ama channel where we talked about how he got into cybersecurity, how others can follow suit and more. Below, you’ll find a condensed version of our conversation, edited for length and clarity.
How did you first enter the cybersecurity industry?
My journey into the IT field was unique in that I worked for a Pennsylvania state rep handling his database. One day, someone came in to speak to him and had literature. I brought the person back in and they discussed an IT scholarship for MCSE [Microsoft Certified Systems Engineer] certification training.
After the meeting I asked the person how I could qualify for the $5,000 scholarship and he said I would have to be unemployed. I said, “I can make that happen” and the rest is history!
What are some common misconceptions people have about the necessity of cybersecurity?
Most people don’t really understand what cybersecurity is. Secondly, [they believe] only businesses need to be concerned. The legal definition is measures taken to protect a computer or computer system (as on the internet) against unauthorized access or attack.
Also, you definitely need to put over a cover over your camera be it your cell phone, laptop, tablet, TV when not in use.
[For further reading on the topic: “Heed this cyber pro’s advice on incorporating data care into your daily life.”]
For those looking to get into cybersecurity, what are some of the best ways to start and some of the lessons about the industry you know now and wish you knew starting out? What are your thoughts on the so-called pipeline problem for jobs in cybersecurity?
Look at your local community college that has courses on computers. I wish I had known more about organizations and people who could have guided me. When I started there weren’t a lot of organizations.
My opinion on the pipeline issue is that more people [of color and women] have to be recruited, and for certain positions the degree requirement [should be] eliminated. If that happened it would bring the job numbers down dramatically.
Retraining is definitely in the equation!
What is your own educational background, and was it necessary for your career in cybersecurity?
I had an associate’s degree but I had certifications that attested to my skill in protecting a system. Next year I will have my bachelor’s degree in cybersecurity.
The greatest push in my career was the attainment of my professional certifications — CISSP, CISA, CRISC, CIPP/US. I have to a maintain a certain amount of certifications to remain active. It is testament to my commitment to my career that I constantly see where the cheese is in the industry. However, I do get my eight hours of sleep, albeit no nights out on the town.
Look out for these jobs that pay well:
- Cybersecurity analyst — $95,000
- Cybersecurity consultant — $91,000
- Cybersecurity manager/administrator — $105,000
- Software developer/engineer — $110,140
- Systems engineer — $90,920
- Network engineer/architect — $83,510
- Vulnerability analyst/penetration tester — $103,000
- Cybersecurity specialist/technician — $92,000
- Incident analyst/responder — $89,000
There’s famously a gap between the number of cyber jobs open — as many as 464,000 as of June, per CompTIA — and the number of workers with the skills to fill them. Have you seen cybersecurity pros come out of bootcamps, and if so, is there a stigma associated with such training?
Bootcamps serve their purpose but there are a lot of cheaper alternatives. However, nothing beats studying and knowing your subject. I would suggest Microsoft training, Google training and AWS training. A lot of that is free and you get a certificate.
Michael Butler is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Lenfest Institute for Journalism.