Don Easton is the faculty lead for the Associate of Applied Science (AAS) in Cybersecurity program at Lane Community College. He has extensive experience in information security, cloud computing, digital forensics, and other technical areas.
A summary of the episode
Easton emphasizes the importance of professional certifications in addition to the degree, and the program partners with vendors to offer certification exam opportunities.
Key trends Easton is watching in cybersecurity include the increasing use of AI and machine learning, cloud security, and the unique security challenges of industrial control systems.
He advises students to explore their interests and passions to find the right cybersecurity specialization, whether that’s through a formal degree program or other learning paths.
Listen to the episode
A full transcript of the interview
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Welcome to the Cybersecurity Guide podcast where we explore academic and career pathways in cybersecurity to help students and early career professionals navigate this dynamic field.
Today’s guest is Dawn Easton, a seasoned technology professional and cybersecurity educator at Lane Community College. Don holds a master of science in information security and assurance from Western Governor’s University and serves as the faculty lead for the AAS in cybersecurity at Lane.
With deep experience and expertise in areas such as information security, operations, cloud computing, Linux and Windows and digital forensics, Don is passionate about preparing the next generation of cybersecurity professionals through hands-on real world instruction. Don, thank you for joining the show today.
Don Easton:
Thanks, Steve. I’m glad to be here.
Steve Bowcut:
All right. Looking forward to this conversation. It’s going to be fun and informative, but as we like to do on this show, let’s start with a little bit more about you.
Tell us how you got to where you are, where your journey and as it relates to cybersecurity started and what led you to where you’re at. Give our audience an idea of the various different ways that people can end up teaching cybersecurity.
Don Easton:
Sure. Yeah, so I started out, I’ve always liked technology. I’m been interested in it since I was, as soon as I first touched a computer. Then when I got out of high school, I went into the military and after serving the military for a bit of time, I discovered computer gaming for one. And that was something that really, really interested me and started tinkering with computers themselves.
And so when I got out of the army, I was self-taught and I started tinkering with computers more, got my first technical job, started school right after that in a technical program and generalized IT. So when I started in the field, it was generalized IT most, we didn’t have a whole lot of specialists because there wasn’t really a need for it.
Security was always thought of, wasn’t really thought of actually. But when you did think of it, it was mostly security by OBS security, which is, we all know kind of a crazy way to think of things now, but that’s what we did. And then as I progressed in my career, and I went to school, I realized that I train people all the time at work. We all do that.
Steve Bowcut:
True
Don Easton:
And so I really enjoyed working with folks and seeing them learn skills and learn new ideas about how to fix this and how to fix that, what to look for. There’s just a variety of different things that we all know that we teach others that are coming up through the profession.
And so after working in the field, I’ve worked for some fairly large Fortune 500 cybersecurity companies is I decided that that’s really what I wanted to do was teach. And so I started out part-time teaching and then as I progressed, I am now full-time faculty, been at Lane for a decade and that’s why I’m right here.
Steve Bowcut:
Perfect. Thank you very much. I appreciate that. Alright, so let’s talk about what you do teach. So you’re the lead and the AAS in cybersecurity at Lane. So walk us through the structure of the program and how it prepares students to go to work in the industry.
Don Easton:
Sure. Yeah. So the AAS is a two year program. It is a very technical program and so we focus mostly on the skills and knowledge needs needed to be an entry level cybersecurity professional, mostly technician level analyst. So when students come to Lane, they’re going to complete a series of courses.
First year is going to be a lot of generalized IT courses, like there’s a series of Windows courses and Linux courses. They have to take two courses in programming. We generally prefer them to take Python. Python’s very heavily used in cybersecurity.
And then there’s a couple of networking classes. And then as they get into the second year is when they get into the more challenging courses where we do a security operations course where they do some forensics analysis, incident response, network security course.
We also have one that focuses on security devices such as firewalls and then an ethical hacking course. And so throw in some cloud computing with all of that. And it’s a pretty well-rounded program. Very, very, very IT focused, but also network security focus. I like to call it a blue team degree because we are really focusing on the defender.
Steve Bowcut:
Yeah, exactly. Okay, so maybe a two part question that part of this I just thought of.
So you feel like, or would you recommend students coming into your program already have a fairly solid technical background or are you starting pretty much at the beginning so that you’re teaching them what they need to know?
How much, much education or experience do they need to have before they start the program?
Don Easton:
The program’s designed for people coming in with no experience, no background. It is helpful of course, but it is not a requirement. And we get a lot of folks that have decided to pursue a career change. They’ve got a degree in, say for instance sociology and they’re working in social services and they decide I want to work with security, I see all these data breaches, so I want to do something different.
And so they come in, they’ve got work experience, not directly related, but they want to try it out. We also get a fair amount of high school students. I’m also in my intro, I’m also a licensed K-12 career technical education teacher in Oregon. And so I try to encourage high school students to come into the program too because it takes all kinds to really do this job.
Steve Bowcut:
Perfect. Thank you. I appreciate that. And we’ll talk about that high school student thing here in a minute. So before we move on to this topic though, I’m curious, I always find this kind of a fun little look under the hood.
So when students are coming in, and I know it’ll vary a lot, but kind of generally speaking, what skills or topics do you find the students are most interested in learning, and then which ones do you think are most essential and are those two ever or always the same?
Don Easton:
We have a lot, and I think this is pretty common probably other educators that you’ve talked to that generally a lot of students come in, there’s a lot of sensationalism around cybersecurity, particularly when we start talking about being a hacker and having all these screens up on the wall and all of that.
And there’s some validity to that because that does, the security operation center may have that set up. So students come in, you want to learn how to stop to defend a system against a hacker. That’s primarily what we get and they’re really, really set on doing that. The reality is by the end of the program, they’re prepared to do that.
When they come in, the first thing that they’ll notice is that, yeah, it would be great to do that, but they don’t necessarily have the foundational skills yet to be able to really do that. You don’t start at that level. No, you don’t. And so when they come in, they start working with different systems and operating systems and different types of technologies and they are learning all these foundational stuffs.
And so a lot of ’em though, when they get in there and they start learning the foundational stuff, they’re excited still because they’re starting to realize, hey, wait a minute, there’s a whole much of other stuff with this because cybersecurity is just not one thing. It’s a lot of things.
And so they start realizing that and that’s when they get these ideas in their heads about what their focus is for them, what they want to do or what they think they want to do.
Steve Bowcut:
And that’s so valuable because I think as they’re going through this, some people may find that they’re really more interested in let’s say social engineering than they are some more technical aspect.
And we need those people in cybersecurity as well. They need to have the background, they need to have the basics. But if you are more interested in people and why people do what they do and how social engineering works, how do you get people to give up their password, that kind of thing.
We need people with that interest in those skill sets in cybersecurity as well. So thank you for that. I appreciate it. Now I’ve noticed that you have both an in-class and online components to the cybersecurity education at Lane.
So how does that work? Some of each, can you do one exclusively? I mean, can you be online exclusively? And then how would that work with the need for some hands-on work? How do you manage all that?
Don Easton:
So you can do either. We have been working pretty diligently on ensuring that everything that to complete the degree program that you’re able to take the classes needed at a distance. There are some classes that are a little more challenging to take at a distance because of the requirements as far as hands-on work, which you just mentioned.
But because a lot of people talk about the pandemic and COVID, COVID for the cybersecurity industry actually wasn’t all a bad thing because what it did was increase the amount of attention on remote work on people working from other places, which is really when we think back cybersecurity incidents, a lot of those are remote workers or they were third party vendors.
And so when we look at it that way, we think, well, we should be more aware of how that works. And so having students able to complete the program primarily online really gives them that set of skills on top of the skills that they’re developing through the program hands on, a lot of labs are virtualized now in the industry.
A lot of our infrastructures virtualized, so we do a lot of virtual machines. We’re talking about software defined networking, cloud computing. And so really physical presence is not necessary to complete a program like this. And like I said, I feel that to some degree taking classes online is actually a benefit.
Steve Bowcut:
I can see that. That really makes sense to me because of people that I know that work in the field, it is hard to think of any that actually work out of an office.
There are some that man a SOC and they work in a SOC and they do that kind of work, but particularly the ones that have been in the industry for a few years, they all work remotely. And so I guess getting your education that way kind of prepares you for what your job might actually look like as well. And that’s not for everybody.
I mean there are some people who just don’t work well remotely. They need to be in that office and they need to have the interaction with other people. And there’s social reasons and all kinds of reasons why that’s true. But alright, so that’s interesting. I appreciate you explaining that.
So your background is both in education and the operational side of cybersecurity. So I think it would be interesting to hear how your professional background, the things that you did when you were a practitioner of cybersecurity affect what you teach or how you teach it in cybersecurity.
Don Easton:
A lot of my background had an impact on the program itself. I created the AAS at lane and took it through all of the hoops and jumps and wiggles you have to do to get a program accredited. And so with that, because of that, my background we’re very focused on network security.
I feel like there’s a big demand for it and that it is a very technical aspect of cybersecurity very, you have to have a very good tension to detail and things like that. But my background has been primarily security operations and cloud security.
So I’ve been a cloud security engineer and a network security engineer. And I’ve worked with a variety of different systems, but that has really helped shape how I look at cybersecurity. When we talked earlier about students coming in and being all excited and seeing that hacking and all that, well, not everybody’s going to be a pen tester and not everybody’s going to be able to do third party vulnerability assessments.
We need folks that are capable and want to defend our networks because that’s where we really need people. And so that really defined that. Like I said, AAS is a very technical degree program.
So because of that, a lot of students will come in and in the two years that they’re with us or more, they are very much heads down doing the work and understanding, being able to gain that understanding that even though I have all this knowledge and these understandings of the CIA triad and all that, I can actually apply that and see how applying that makes a difference.
So my background, and that’s all kind of a roundabout way, is that I came up through the ranks and I really focused on that physical aspect. I’ve been a CCNA, I’ve done that kind of work. And so that’s why we have a networking component.
That’s why we have an operating system component because they need to know all of it. And so I’ve worked in it, I’ve worked in cybersecurity and they are not, sometimes they’re exclusively mutual, sometimes they’re not.
Steve Bowcut:
Yeah, exactly. So let’s spend a little more time flushing out here. What students come to your program graduate with an AAS, what kind of roles they could expect that set some realistic expectations here? What kind of roles they could expect?
And maybe we will roll into this same question, the idea of professional certifications, because I know that there’s many, if not all entry level jobs, you’re going to be looking for some professional certifications. Many of them say, well, within a year you have to have a plus or whatever.
So they’re different requirements. But I think it would be interesting to get your perspective on that. What kind of roles would they be interested? Would they be qualified? And then do you train them for professional certifications or do you see the need for those certifications?
Don Easton:
So the first part of that is it’s an entry level program.
Steve Bowcut:
It’s an AAS degree, right?
Don Easton:
Yes
Steve Bowcut:
That’s what we expect.
Don Easton:
But students come in with a variety of different experience levels, different backgrounds. Some of them do come in with other degrees, some of them do come in with some certifications. They’ve had other programs they’ve been in that they decided they wanted to come to Lane.
We have students come in from four year computer science programs that have decided that that’s just really not what they want to do. And they would rather just get in there and get their hands dirty. So we have a variety of students, but really generally, one of the things, Steve, that was, is that at Lane Community College, at least in our department, we have a requirement of a co-op that to graduate.
So the co-op program, we actually have faculty member that is a co-op coordinator and he sets students up with internships and apprenticeships. And this is very, very important. And the reason that we require that is to get them some real world experience.
It’s hit or miss on what type of role they’ll have in their internship, but generally speaking, it’s almost always some level of IT support or it’ll be some kind of networking support, something of that nature in their internship.
And what the value of this is, is that it builds that relationship with the employers and local community. Our department, one of the things that is encouraged and required in some instances by the state is to have an advisory committee made up of industry faculty and students. And so we do that.
And so that advisory committee and these internships and these employers that hire our students really kind of drive our programs and kind of help us make sure that we’re meeting our community’s needs. And so when we look at it from that standpoint, a lot of our students when they get out of the program, they’ve already built these relationships and a lot of ’em will go into either an IT job or which I call a cybersecurity adjacent job because they’ll do security stuff in an IT job.
And some of ’em go straight into a cybersecurity job. I had a young person that came in, had a bachelor’s degree in sociology is my example. She didn’t care for that. She didn’t want to get a master’s. So she at the two year program, and she is, it’s been a few years. And so she’s a senior cybersecurity person for a large hospital chain back east.
And so a lot of folks will come in, the employer will see, hey, they’ll give ’em a test drive six months or say, Hey, this person person’s top notch, let’s slide ’em into this role. So realistically speaking IT jobs, they fill these IT jobs in our community and a lot of them evolve into security.
There are a lot of employers, I’m sure you’re very aware, there’s a lot of folks out there. A lot of companies, small, medium sized businesses don’t realize that they need somebody that’s got a security focus. And on the certification side of things, I’m a big proponent of certification.
I personally, I have my CISSP, my CEH certified Ethical Hacker. And I’ve also got a forensic certification and I’ve had a CCNA and I feel that by the certification alone is not really necessarily, might not necessarily be a qualifier for a role.
And a lot of employers may look at that and say, this certification, they studied for a test and they took a test. Our program, my program is designed to be what we call stackable credentials. And so the goal is to study will leave Lane with a degree, real experience from their internship and certifications. And so we do offer opportunity to take certifications. Some of them are entry level. We are partnered with AWS and EC council and Cisco and CompTIA.
So we have the availability. We are a Pearson View testing center on campus. And so we encourage students to take these tests and we will work. Oftentimes, we don’t necessarily teach to the tests, we go beyond that, but we do encourage them to take it and we support them as much as possible. And then our financial aid folks do it and all.
And we get a lot of vets. I’m a veteran, we get a lot of veterans in. And the VA is really keen on certifications too. So I see value in it and I think that it’s a very important that students consider that.
Steve Bowcut:
Very good. I like that. That’s a great answer because there is value in it. I agree with you, there’s value in it, but it’s not the end all be all. It still doesn’t indicate whether you’re going to be a good employee or not. And why is employers are aware of that.
They want to know that you’ve got the technical background, but they also want to know, are you going to show up to work every day and all those kinds of things. So very good. Thank you.
So let’s circle back now around to something you mentioned earlier that I wanted to delve a little deeper into, and that’s bringing even younger people, high school age people. So you’re involved in this College Now program, as I understand it, explain what that is and how it works and any success that you’re having with that.
Don Easton:
In the state of Oregon, we have a program called College Now. And College now is a opportunity for college faculty, primarily community college faculty to train high school teachers that are interested. So when a high school teacher gets an endorsement, so let’s back up.
So one of the things that we helped high school teachers, if they’re interested in teaching in a technical program, whether it is computer science or IT is drafting or construction, then we help them get their endorsement to teach it.
And then once they get this endorsement, then we can turn right around and work them through different kind of program. The program called College Now, which gives us the opportunity to do what we call sponsored dual credit. And that gives the high school teacher the ability to teach a course that’s offered.
So say for instance, we do offer programming one or computer science one, so we have computer science one, which is our Python. We primarily, so we’ll have teachers that are interested in teaching that.
So sponsored dual credit allows a faculty member who is considered a subject matter expert to essentially mentor these teachers for the year. So they take it through a one year period. We teach them, we show them how to teach it.
They learn the material generally on their own. We help them with that, but we show them how to teach the course and they’re allowed to teach this course in the high school. And what happens with that is a student gets high school credit for graduation and they also get college credit.
Example. We’ve had students taking different courses and coming into lane with 15, 18, 22 credits of computer science and met almost their first year. So it’s an it’s incentive for students to come to college, but it’s also beneficial to them because there’s been plenty of research that these kinds of courses improve graduation rates. And so it’s a big thing.
It’s very community focused and it works very well. I’ve been doing it for, I took over our departments about six years ago, and so I work with the high school teachers in all 16 school districts in our county.
Steve Bowcut:
Excellent. Wow. That is awesome. Thank you for that. Alright, so we’re kind of getting close on time, but there’s a couple of maybe forward looking questions that I wanted to hit you with.
The first one would be trends in cybersecurity. So whether it’s threats or technologies or even workforce needs, what are you watching? What are you keeping your eye on that’s coming in the future?
Don Easton:
Everybody’s keen on AI.
Steve Bowcut:
Yep. That’s for sure. Yeah.
Don Easton:
AI within the industry as far as big tech, but within cybersecurity, we’ve been using this type of technology for a long time, but it’s become mainstream. Generative AI is a big one.
So the concern, the look at that technology, it’s critical to know that we shouldn’t be scared of it, that we should be using it responsibly and ethically, that kind of thing.
I think that that’s kind of going to fall within our realm of expertise on making sure that that folks in our companies are using the technology correctly and not for nefarious reasons. Right?
Steve Bowcut:
Right, exactly.
Don Easton:
And so with that, AI is overarching right now. Another one that I focused a lot on in the past was cloud computing. Taking the security stack from inside of our data center and putting it in the cloud, which is operationally an improvement on performance and an improvement on the experience for our end users.
So being cloud security focused is very, very critical. And AI is another one that I look at as being very important. And then the third technology that’s really interesting, and I kind of branched out from this, is industrial control systems.
That’s actually my hobby right now is I’m looking at smart grids manufacturing automation because it is different. Operational technology is distinctly different than information technology. So I think that those cloud AI and ICS are very, very critical things to look at.
Steve Bowcut:
Wow, that’s great. I love that answer because I know that SCADA systems and other control systems, the threats there are ominous and the criticality, the results of what could happen with some major attacks against our critical infrastructure are pretty concerning.
So I’d love to see that you’re focused on that. Alright, so let’s finish up here with maybe some advice. So if you were sitting in front of, let’s say a room full of students who are starting to explore cybersecurity as a possible career path, what kind of advice would you give?
What do they need to think about or look at or do to decide if they want to move in that direction?
Don Easton:
So often tell students to be what are your interests? What are your hobbies? What do you find fascinating? What do you have if you’ve worked? What kind of jobs have you had?
Because what I like to do, particularly when we had a lot of retraining years ago, what’s called a trade act. And so a lot of folks would come in with this experience or they have this desire to do this thing. And I feel like you should always expand on what your passion is.
So if a student is really interested in cybersecurity or they’re interested in learning more about it, absorbing it, if they can go to local conferences or meetups come, if they’re here, come talk to me or somebody else that’s in cybersecurity, read journals, watch videos, just all kinds of these different things that they’ll start to usually start to develop their own idea of what that is that they really want from it.
And then once they figure it out, the best path to it. Some folks aren’t necessarily interested in going to college. I have a vested interest in that, but it’s fine.
I don’t think that everybody necessarily needs to go to college to get a degree. Maybe they come to the college and get a certification or they get some classes under their belt. So I think that if you keep learning, never stop learning and exploring. I think that that’s really where students find that they really, they found their niche, they found where they need to be and where they want to be.
Steve Bowcut:
Perfect. All right. So we are out of time, but Don, thank you so much for spending part of your valuable time with our audience today. We sincerely appreciate it.
Don Easton:
Thank you.
Steve Bowcut:
All right, that wraps up today’s conversation with Don Easton of Lane Community College. We hope that you gained valuable insights into how community college programs can launch meaningful careers in cybersecurity and what students can expect from a well-rounded workforce ready curriculum.
If you enjoyed this episode, be sure to follow or subscribe and don’t forget to leave a review to help others discover the show.
For more interviews, resources and guides to help you start your cybersecurity career, visit us at cybersecurityguide.org. Thank you for listening and we’ll see you next time on the Cybersecurity Guide Podcast.