Rick Lopez, an Associate Professor at Northeast Lakeview College (NLC) and former IT consultant.
Summary of the episode
Lopez explains he moved from industry to academia to “transfer skills,” using his Fortune 500 consulting background to teach students not just technical skills but also business communication and big-picture thinking.
Northeast Lakeview’s NSA Center of Academic Excellence designation drives a hands-on, workforce-ready curriculum, reinforced by labs, virtual environments, and the highly ranked NightHax competition team. Students gain experience through capture-the-flag–style competitions, conferences (like Texas Cyber Summit and BSides San Antonio), and Tech Talks with industry leaders, which also help them network and understand hiring trends.
Looking ahead, Lopez emphasizes that students should build skills in cloud computing, data analytics, and AI/automation, as these areas are increasingly central to cybersecurity careers.
Listen to the episode
Read a full transcript of the episode
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Welcome to the Cybersecurity Guide podcast where we help students and early career professionals find the right academic and career pathways in cybersecurity.
Today I’m excited to be joined by Rick Lopez, associate professor and information technology architect at Northeast Lakeview College. Rick brings a wealth of experience bridging both industry and academia.
He has worked as an IT consultant with Fortune 500 companies, engaging with executives, directors, and technical leaders, and he holds an MBA in management information systems From our Lady of the Lake University at Northeast Lakeview College, Rick is part of the team that shapes the cyber defense program, which has been recognized by the NSA as a center of academic excellence in cyber defense education.
The program prepares students for the workforce with a strong emphasis on hands-on practical learning, helping them transition from simply knowing about cybersecurity, to demonstrating how to perform critical tasks.
In our conversation today will explore the unique strengths of Northeast Lakeview College’s cyber defense program, its competitive successes, the role of community and industry partnerships, and what trends in cybersecurity students should be preparing for as they launch their careers.
With that, welcome Rick. Thank you for joining me today.
Rick Lopez:
Hello, Steven. Thank you for having me.
Steve Bowcut:
Okay, this is going to be fun and informative. So let’s kind of get started now as we like to do on this show. Let’s learn a little bit more about you. So I was intrigued with the idea that you’ve spent time working with Fortune 500 companies and you’ve since then moved into academia.
So maybe a two-part question here. What kind of motivated you to do that move from industry into academia, and what impact has your prior experience had on how you approach teaching cybersecurity?
Rick Lopez:
Alright, thank you for that. And my industry background, especially when I moved into the consultant role, started to expose the need for education, not only in the corporate environment, but some of my mentees that would come and ask me specific questions about technologies, about architecture.
I was developing teaching materials to help them advance in their career. I’ll give you an example. I was the lead course developer in the industry for architects because a lot of people were doing architect role, but there was no pathway. The people just kind of fell into it and I started to develop a program that people could join if they wanted to be IT architect.
So that included not only the technical aspect of industry, it included the business aspect and also proposal development and customer relationship management. Sometimes technical people can spell technical terms, but sometimes they have struggle describing that to the customer. So those were four elements.
So I started to look at, I think I’m going to leave this industry sometime in the near future. So I went back to school and finished my MBA and my team, it was kind of interesting.
They asked me, Hey, what are you going to do with your MBA? And I said, well, I’m going to go teach. And they said, oh, you got a job? I said, no, but that’s what I’m going to do with it. So I started right there. Before I left the industry, I knew that I wanted to do skills transfer. I have some skills that had been developed over the years, which is one of the things that students ask me.
They say, how do I develop those skills? I say, well, that’s an open-ended question because the technology, the focus that we do in the classroom is only part of it. The other part of it is your toolkit, which is what am I learning about the industry and how can I improve that? That comes with experience.
So your question is really how much experience do I need to be able to move into a consultant role? That was the motivation, Steve, to do a skills transfer once I left the industry.
Steve Bowcut:
Yeah, interesting. Well, and I appreciate that answer. I think that’s a very noble way to approach academia.
You had learned a lot of things and your desire to offer that or transfer that to students and help them find their way in industry, I think is a noble pursuit. So thank you for that. And maybe you’ve covered this, but you’ve got an MBA in management information systems and experience coaching and working with executives.
So that gave you this big picture of business perspective, if you will. Is that something then that you focus on when you’re teaching your students, you try and help them see that big picture? Or do you still just maybe focus on the entry level technical skills that they’re going to need to get their first job?
Rick Lopez:
I focus on the entire picture. What I say is, I’ll give you an example. One of the courses I teach is advanced networking. And what I do in that course is I tell ’em, Hey, there’s three parts to this. Number one is operational networks, which means I’m going to get the network up and running.
The second part is optimization, which means, okay, I got it running, but I have users in group B who are struggling with availability. So now I go optimize that. The third part is, okay, I’m spending 10 hours in optimization, what can I do to automate that? So you use the tools within the networking structure to automate some of your tasks.
That is when I get into you are now developing the availability to the business part of this organization, which means the CEO is not going to call you and say, Hey, what’s wrong with the router? He’s going to call you and say, I can’t get to my email.
So what you want to do is say, okay, let’s take an optimization view and see how the network is laid out and why he’s having email problems or why that group is having email problems. And you’ll find that when you talk to the executives, you don’t want to talk about, well, I configured the router and I changed the ACL in that.
You want to say, alright, what I found is you had a bottleneck in that group and that was due to some configuration and I modified the configuration. So it opened up the bottleneck.
That’s the way you talked to the executives because executives really have other things to do versus why my email is slow. So when I’m describing the three tiers that I talked about, I get it into the optimization part or the automation part, you are discussing performance with the people who are experiencing either excellent performance or degraded performance, and you have to learn how to talk in business terms versus technical terms.
Steve Bowcut:
And I love that. And I’m sure in addition to that, because you had worked in industry, it’s easy for you or easier for you to convey these students why it’s important that this executive doesn’t have problems with his email.
So what are the business impacts of poor performance or it needs to be optimized or any of the problems with the system. You would have the insight then to share with those students the why behind the importance of these things working correctly.
Alright, so that’s fascinating. So let’s talk about this. NSA, as I mentioned in the kind of introductory material there, I talked about the NSA has designated Northeast Lakeview College as a center of academic excellence in cyber defense education.
Now I do this a lot. I talk to lots of people, so I know enough to know that that’s a big deal. So talk to us about what impact that has on the program and the students. Why is it a big deal, I guess, is that I’m asking
Rick Lopez:
Because NSA is such a large organization and their mission is security, but along with that is the background of the individual.
So what we’re looking at is what are the curriculum requirements that need to go into our program that will satisfy the employment requirements for NSA? So they walk alongside us and they identify, oh yeah, that’ll meet the requirement for access control. And we say, okay, then that’s what we’re going to incorporate into that.
They will also, once they designate an organization as an NSA Academic Excellence Center, they are looking at metrics for that and say, okay, in the firewalls and security part of the curriculum, what’s your pass rate? And beyond that, what is the distribution of that pass rate?
So they can see, okay, are you putting out A’s and B’s? Are you putting out C’s and what kind of drop rate do you have? So they’re looking at not only are we aligned with their requirements, their technical requirements to hire people, they’re looking at our performance requirements and then they say, oh, you guys are doing a good job.
Which if you look and see out of all the organizations who are NSA certified, we are in the top two in the state. And the reason we’re in the top two is we’ll get into that later, but we do a lot of hands-on, we do a lot of practical stuff to be able to, what do they call it, internalize the theory that we put in the classroom.
Then we do competitions and we prepare for those competitions. And once they go into competitions, we’re competing with four-year schools. So that’s what really aligned with NSA prepares the students to have requirements that the employer is looking for.
Steve Bowcut:
And on that point, so the idea there is not that all of your students are going to work for NSA. NSA hires a lot of people, but they don’t hire that many people. But because the program has that designation, all employers would then be a little more interested in talking to students who have come from or that are the product of a program that has that designation. Am I correct there? Am I looking at that right?
Rick Lopez:
Yes, absolutely correct. You will see that, hey, you graduated from Northeast Lakeview NSA approve academy. Yeah, they are. So it does out of a badge too, their career or
Steve Bowcut:
Something. Yeah, exactly. Now you mentioned some of the extracurricular things and the competition, so I’d like to go into that a little bit. So in the little research that I did, looking at your website, so I guess your program is called NightHax, so that’s your student competitive team. Is that correct?
And as I understand it, you’re ranked very, very well nationally. Can you tell us about that program, what it is and what it takes to have that kind of a national ranking?
Rick Lopez:
And going back to what I had mentioned, we do a lot of practical stuff. So when students join that NightHax, what we are doing is preparing them for competition. Now, when you’re in a classroom and you’re learning cyber defense principles, What we’re doing now is saying, okay, here’s the tool that we discussed in the classroom and some of the principles that capture data in a classroom.
Now what we’re going to do is, okay, here’s a running system, and what we’re going to have you do is figure out why group A picked up a virus and how you’re going to number one, identify it and then mitigate it.
So we do in those sessions is practice identifying, blocking and mitigating what is going on there. So we identify what the problem is, and that’s part of the competition. I’m not sure, maybe back up a little bit. I’m sure you’ve heard of capture the flag?
Steve Bowcut:
Oh, absolutely.
Rick Lopez:
Okay. That’s essentially what we’re doing, Steven. We’re
Practicing, okay, here’s a problem that’s creating some performance degradation in leg B of your system. Why is that happening and how is it propagating through the system? So they’ll start looking at symptoms with the tools and then identify, okay, is that really a problem or is that a problem with the system? So we will identify something and capture that.
Then we’ll run it through a tool that’ll say, oh, this is a known virus and I need to block that and mitigate that. So that’s what we do in the NightHax. And students, because they’re practicing, they’re able to compete at a higher level and also in the standings that we achieve puts us in the top rankings of the schools across the state.
Steve Bowcut:
So your students then compete across the state, as you just said, with other schools across the state, and I’m assuming that they all love this. What a better, I mean, I can’t think of a better way to learn if it’s something you really love to do and you’re competitive in nature and you have fun doing that and you’re kind learning along the way while you’re just having fun.
So is that a correct assumption there that the students just love being a part of this team?
Rick Lopez:
Oh yeah, absolutely. And I’m going to touch on something here. When I conduct my classes, I’ll ask them, how many of you are touch and feel you need to see and experience the technology? And I mean, 90% of the students will say, Hey, I need to touch it.
And I said, okay, well that’s what we’re going to do. So that gives ’em the touch and feel. This isn’t just okay, you graduated with AAS and cyber defense, good luck. Let’s prepare you.
Steve Bowcut:
It’s not all just theory. You’ve actually done some of this, so that’s good. Excellent. All right.
So one of the other things that I mentioned in the introduction was that the school focuses on moving students from knowing about cybersecurity, which we just kind of made a reference to knowing how to perform it. So can you maybe give us some examples of what that looks like in the classroom?
Rick Lopez:
We identify several tools within cyber defense, and when we identify those tools, what we’re telling them is, okay, you’re going to use the tool and I’m going to put a file in the system and you’re going to go find that file using the tool and identify the virus or the code that is breaking the system in that tool. Then you’re going to go back to the system. Now let me clarify that. The tool is a application within a system.
Now we normally run some Unix, not Linux, and we run the Linux on a virtual machine. Not only are the students understanding the virtualization of that system, they’re understanding that the tool is running on that virtualized system. And I can have multiple sessions open.
So when I run the tool, I can capture the file in another session so that I don’t mess up the Linux system and identify the bad file, well the bad code within the file. And then I will say that to the exercise, Hey, this is the code that’s broken that’s causing this problem.
Steve Bowcut:
Right. Okay. So kind of back to our earlier discussion. So the student comes away from that kind of an exercise not knowing that yeah, there could be a file and in theory, this is where it could be, and this might be how you find it. They’ve actually done it in a virtual environment. They’ve actually gone in and done some of these things that they’ll be asked to do once they get into their career.
Rick Lopez:
Right
Steve Bowcut:
Alright. So it seems that your college kind of focuses on preparing students in some specific career pathways, like network operations specialists, cyber defense analyst, and forensic analysts.
So is the education that you try and give them general enough that they could work in any of those roles or capacities? Or do you try and help students figure out beforehand which of those roles and capacities their best suited for and then focus their training in that specific area?
Rick Lopez:
That’s a good question. And what we do is try to figure out or do you analyzing code? Do you like hunting and identifying what is breaking the system and then resolving it? Or do you, Hey, I want to set up the system, I want to configure it.
I want to make sure that the tool I’m using is running properly. So that’s the thing that we question when they’re going through the program. And you’ll find that there’s 50/50%, there’s 50% of the students that say, Hey, I like analyzing, I like figuring out puzzles. And that’s what we say, you’re figuring out a puzzle here.
The ones will say, well, I really enjoy the setup of that system to make sure that I am giving the user what he wants when he wants it. So through the course or through the curriculum, Steve, they will identify, am I more favored to be an analyst or am I more favored to be a fixer and repairer?
So the range of skills can be specific to hardware help desk or help desk specific to security. That’s where we break ’em out and then we tell them a industry or a corporation could hire you just to be an IT specialist. Now that can be very gray, meaning I’m going to fix and repair, I’m going to install, I’m going to configure, I’m going to do some analysis.
But they hire you to build your skill if indeed you are going to be a cybersecurity analyst. Now the other thing we’re doing, Steve, which is kind of visionary for Northeast Lakeview is I’m sure you’ve heard of data analytics.
Data analytics is a very good match or progression from cyber defense because you’re kind of doing the same thing. Data analytics really doesn’t focus on, Hey, I have a breach. It focuses on bottlenecks on potential hack, and you’re looking almost threat hunting through the data analytics tool and identifying why you have a bottleneck in this specific area.
Digging further into that, using some of the cyber defense tools, you’ll identify, Hey, that’s a virus that’s trying to get into our system. So it goes hand in hand. So what we’re doing is building a spunk sock and northeast,
Steve Bowcut:
Go ahead.
Rick Lopez:
When we’ll get that SOC up and running, the people who are going to run it are the students that are graduating out of either the IT specific degree, the cloud degree, or the cyber defense degree. All we’re doing in having them run through that SOC is okay, you’re going to learn some analytic stuff. You’re going to learn some problem determination stuff.
You’re going to learn, okay, how do I address this, mitigate it. So it’s all related is what we tell ’em. So while we’re preparing you for an entry level job, when we run you through the soc, then you’re going to have a step up on the person who’s competing with you for an entry level job.
Steve Bowcut:
Right. I like that. In fact, it sounds like your vision is even more broad, if I might say that, than other institutions because you’re not just training them to be the best SOC analysts that they can be, but you’re giving them the tools and the knowledge and the experience that they may need.
If they want to move beyond cybersecurity, maybe cybersecurity is their way into the entry point, if you will, into their career as a data analyst, if that’s where their interest lies. So that’s an interesting approach. I like that.
So we’ve talked about NightHax, and as I understand it, and you can elaborate on this, or correct me if I’m wrong, there’s some other events like the cyber, the Texas Cyber Summit, B size, and Antonio, some other extracurricular activities that students haven’t that attend your college have the opportunity to participate in.
Can you talk to us a little bit more? I know we’ve touched on this, but maybe is there anything else that you want to add? Why these extracurricular activities are so critical for career success?
Rick Lopez:
There’s a couple of things that go along with it. Number one is networking. And sometimes students misinterpret that and say, well, I don’t like networking, meaning the technology. And we say, no, we don’t mean networking.
Steve Bowcut:
Not that kind of networking, the technical term. We mean go to this conference, go attend a breakout session. And in that breakout session, maybe you’ll meet a guy who works at Dell and just pick his brain and say, Hey, what do you do at Dell? And how’d you get in? What kind of background do you have? And can I have your card if I have a question? I said, that’s networking.
So the conferences that you mentioned, we encourage them to go there. Number one to network. Number two, Hey, maybe there’s something in that conference that you didn’t know and now you’re going to say, oh, look, I think these guys have a soc.
Or these guys have a noc. And they’ll say, Hey, what’s your hiring requirements for a soc? What’s your hiring requirements for a noc? And you have an intern program, you have a premise program, and you will find out at that point a contact that maybe you can find a role for yourself, either an internship or a real job.
Now the other part of that, Steve, is there are technical sessions in those conferences.So I’m going to go learn about SPO a little bit more about that. I’m going to learn a little bit more about data analytics. I’m going to, Hey, there’s an AI session. Let me go figure out what’s going on in AI. So there’s a two part there. Number one, build your technical skills.
Number two, build a network for yourself. Now, one of the things that I specifically can promote in my classroom is are you part of LinkedIn? Yes, right?
Rick Lopez:
And 20% of my students are a part of LinkedIn. They’ll say, well, not that’s for professionals. I say, well, but you’ll pick up a professional mentor from LinkedIn. They’ll look at the fact that you’re at Norty, Lakeview, and you’re in a cyber defense program, and they’ll say, Hey, I want to link up with you. So not even knowing you, they’ll ask you to be a friend of theirs, and then you can start poking there.
So that’s another thing we do is in the conferences, ask them, what forums are you a part of? Because they’ll give it to you. They’ll show it to you on their phone. Hey, here, here’s my LinkedIn id. That’s what we do. And the last conference I went to in Austin, which was a Texas cyber summit, they had a course on hacking or a breakout session, and they were doing it real time.
There was a car, it was a Corvette parked in the parking lot, and they kept turning on the windows. I mean, she kept turning on the lights, rolling down the windows, blowing the horn, and the concierge came into the classroom and said, Hey, man, somebody, there’s something, something wrong with your car. I said, no, we’re hacking it.
Yeah, well, some practical hands-on some courses that maybe we haven’t touched, but you can go do it. But primarily is go and find out what the industry is looking for and try to connect with someone. Because as you know, 80% of the jobs are networks. They don’t get published. Somebody just knows, Hey, I’m looking for a kid to do this. Here you go.
Steve Bowcut:
Yeah, yeah, that’s exactly right. And along that line there of networking. So as I understand it, and there, again, correct me if I’m wrong, so Northeast Lakeview hosts this thing called tech talks with industry leaders. Talk to us about that. What is that and why is that important?
Rick Lopez:
We have different people from the industry that are talking about their strategies and they could roll into their hiring needs. And what they describe is not only, okay, we’re moving into, we have a soc, but we’re moving into automation using ai, and these are the skills that we’re looking for.
And that’s how the student will understand, oh, that’s an opportunity there. So they give us industry trends. They also give us, okay, if you are moving in that direction, how do I have to adjust the curriculum to be able to prepare for that? Now we have four degrees at the college. We have cloud, we have database, we have networking, and we have cyber defense.
I’m specifically the cloud guy. But when I am talking about that, I’m talking how that fits in cyber defense, how that fits in database, how that fits in networking so that they understand the system of that, not just, well, I understand cloud because that kind of helps ’em with the tech talks because those guys, they’re visionary guys, they’re strategists. So what we’re doing there is, okay, where are you headed? How quickly do you think you’re going to be there?
So that’s the plus to the students is they say, you may be a networking student, but where’s networking going? You may be a cyber defense student, but where’s cyber defense going? You may be a cloud student. So where’s cloud going? You may be a database student. What does database have to do with cybersecurity? And one of the things that I emphasize when I’m in the classroom is what are you protecting? Are you preventing people from accessing your system? Well, yeah, but ultimately you’re protecting data.
So how is the industry addressing that and what are the tools they’re using not only to prevent people from accessing their data, once they access it, how can they identify the footprint of the person who hacked it? So that’s another thing that tech talks tell us about primarily.
Steve Bowcut:
Interesting. Yeah, so a couple of readily identifiable benefits there would be for the students. They can get an idea of where the employers, the local employers, where they’re looking, where they think their needs are going to be. And for the college, it gives you an idea of how you may want to tweak your curriculum to meet the needs of the students. That’ll be graduating later on.
You can kind of see around the corner and see what’s coming. That’s excellent. One more question kind of along these same lines. Now, anybody who’s familiar with cybersecurity, the cybersecurity world understands that San Antonio is kind of recognized as one of the largest cybersecurity hubs outside of Washington DC and that’s right in your backyard. So how does the college and how can students kind of leverage that proximity?
Rick Lopez:
The proximity is that we’re local, and it’s also aligned with Washington. So we’re the key part of being local or NSA and Microsoft. They also have a hub here is the home base is still in Washington DC. So I can take a job here and make my requirements, Hey, I really don’t want to move, which I don’t know your experience with students who are graduating, but they don’t really want to move to Washington state or New York state or Florida State.
They want to stay local. But once they taste that, that extension is in another state, specifically in the cyber defense role, then they’ll see, oh, there’s more opportunity here. Now, another thing that I stress in the classroom is you don’t have to move. And ultimately you’re going to be, if you want to be an IT consultant, you’ll get there and it’s going to take you 15 years. If you move, you could be there in eight because there’s an opportunity to build your skills and move from an IT specialist to a senior IT specialist, but you’ve got to move to Oklahoma.
So you take that move and you grow your skills. Then there’s an opening in San Antonio for a architect, an IT architect, and you move back to San Antonio. Now you’ve made two jumps and you’ve probably made substantial jumps in salary.
Sure. Then you say, I think I’m ready to be an IT consultant, and you can be based out of Washington dc, but you can do it remotely. So that’s the way I phrased it to students is, Hey, you want to be an IT consultant in 15 years or do you want to do it in eight? That’s up to you. Now, personally, I moved five times and the fifth time my family said, we’re done.
I said, but fortunately for me, I was already a consultant, so I could do it from anywhere, but that’s an experience that I share with ’em to say I made substantial jumps in salary because of that. So you can stay local, which is beneficial. There’s NSA here, local, there’s Microsoft here, local, there’s Dell, who’s in Austin. But once you make the jump, then you can always work your way back. Just depends on you moving on.
Steve Bowcut:
That’s right. If you have to be that person who’s willing to take advantage of the opportunities regardless of where they are, and that earns you the freedom then to live wherever you want once you’re at that level. So that’s great advice. So Rick, we’re about out of time. So I want to end with kind of a forward looking question here.
You’re in a unique position that I think you can help students, as we said before, see around the corner to see what’s coming. So looking ahead from your perspective, what trends in cybersecurity, maybe it’s AI, automation, cloud, but which of the trends doesn’t have to be one of those three?
Maybe there’s something else that’s on your mind that you think students entering the field today should be most prepared for and thinking about as they get their education.
Rick Lopez:
There’s a couple that you touched on that are really on the cuff of where we’re going. From an IT perspective. You see that the new smartphones, they have AI on it. Now. AI is a new, I mean, if you’ve had an answering machine, it’s kind of AI. Amazon with their answering machine, they were an AI. You call your creditor and they say, Hey, this is so-and-so, and you’re really not talking to a person, you’re talking to AI.
So it’s not new, but it’s captured the industry and what it can do to automate what it can do to optimize what it can do to explore new opportunities. So there’s three main things here that we say, if you haven’t engaged in any cloud activity, you need to do that. If you haven’t engaged in any AI activity, you need to do that. If you haven’t engaged in any data analytics, you need to do that because that’s where the industry is headed.
So we are prepared from a cloud perspective, we are prepared from a cyber defense because we’re mapping that to the Splunk data analytics soc. What we’re now exploring is AI, okay, how do we incorporate that as a degree versus incorporated as modules in our courses? Because I use that in the courses.
I use automation, I use data analytics, I use tools, I use some AI, but my course, the cyber defense course is not an AI course. So those are the three cloud data analytics, AI, because there are now jobs as a AI analyst or an AI designer, meaning that if I understand the technology and how I can incorporate it into improving a corporate performance, then that’s a plus.
Steve Bowcut:
Right. Okay. Well, Rick, thank you so much for spending part of your day with us today. The wealth of knowledge that you have is going to be beneficial for lots of our listeners, so we appreciate you spending some time with us.
Rick Lopez:
You’re welcome, and thank you for the opportunity.
Steve Bowcut:
You bet. And that wraps up today’s episode of the Cybersecurity Guide Podcast. A special thanks to Rick Lopez for joining us and for sharing insights into how Northeast Lakeview College is preparing the next generation of cybersecurity professionals.
And as always, thank you for listening. Be sure to subscribe wherever you get your podcasts so you won’t miss future conversations with educators, leaders and innovators in the field of cybersecurity.