Justin Williams, is an instructor and chairperson of the Information Technology Department at Mount Aloysius College.
Summary of the episode
Williams shares his personal journey into cybersecurity, starting as a student passionate about understanding cyber threats and now guiding the next generation of cybersecurity professionals.
He discusses the hands-on learning opportunities available in Mount Aloysius’ NSA and DHS-recognized cybersecurity programs, including digital forensics, ethical hacking, and more.
Williams also provides advice for students considering a career in cybersecurity and discusses emerging trends like AI and quantum computing that will shape the future of the field.
Listen to the episode
Read a full transcript of the episode
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening. Welcome to the Cybersecurity Guide podcast. I’m your host, Steven Bowcut.
Today we are joined by Justin Williams, instructor and chairperson of the Information Technology Department at Mount Aloysius College. Justin is not only a faculty leader, but also an alumnus of the program with hands-on experience as a government contractor specializing in digital forensics and server engineering.
He brings a unique full circle perspective, starting as a student passionate about understanding cyber threats and now guiding the next generation of cybersecurity professionals.
In our conversation we’ll explore his journey, the strengths of Mount Aloysius NSA and DHS recognized cybersecurity programs and what students can expect from careers in digital forensics, ethical hacking and beyond. With that, welcome Justin. Thank you for joining me today.
Justin Williams:
Thanks for having here, Steven. I’m looking forward to talking with you and helping out some of the future generation to understand given pathways they may take.
Steve Bowcut:
Yeah, I appreciate that. This is going to be fun and interesting. I’m looking forward to it. As we want to do on this show though, the first thing we want to do is get to know you a little bit. I think that a little bit better. I think that helps our audience understand how your academic and personal professional journey may apply to their lives.
So tell us how you got interested in cybersecurity. Was it something that from a wi lad you were interested in or did it come later in your academic career? But how did that come about for you?
Justin Williams:
So it actually started when I was younger. Sorry about that. But primarily it started when I was probably 10 or 11 years old. I had a very keen interest in computers. I actually was given my first cybersecurity book pretty much. I started getting into a variety of things when I was younger.
I started reading in a variety of things and I really got hands-on with regards to cybersecurity until I started my college journey. And that primarily occurred when I heard my brother actually was coming to Mount Aloysius College here and he was talking to me about the digital forensics program that they had here at the time, and I was like, wow, that sounds amazing.
I’m really interested in it. Being able to pretty much take a computer, extract out evidence from it, present that really being able to do a lot of different stuff with a given pc.
That sounded really cool and I ended up coming here for a day go figure when it was really snowy to take a tour of the campus. And yeah, it was definitely an interesting experience for a first view of the place.
But overall, I mean I got a look at the lab, I talked to some of the instructors and honestly outside of it being a blizzard up here when I came, it was a really great program from how everything was splayed to me.
Pretty much after I started coming here, I started getting hands-on with some digital forensics tools, some techniques, and actually being able to eventually extract out a forensic image from a given PC or given hard drive and dig into that and extract out given artifacts that are of importance to a given case, maybe like a given picture of something or a given video or audio file or given web activity such as searches and all that.
So that’s what really got me going and got me started at the end of the day into the realm of cybersecurity.
Steve Bowcut:
Interesting. So you studied cybersecurity and then if I understand your career path after that, so then you went to work, so you were in the government sector as a contractor applying some of those skills that you had learned and then you came back and now teach.
And so I’d be interested to know how did your experience working in the industry, how does that translate into how does that change or affect how you teach?
Justin Williams:
Honestly, I think working in the industry kind of gave me a perspective on things that if you don’t work in the industry, it’s kind of hard to gain.
Particularly if when I went to go work for the organization that I did, the government contractor that I did, we primarily were getting hands-on with setting up Windows server infrastructure on VMware based components and really getting hands-on with all kinds of different technologies and doing that kind of gave me a perspective of not just the cybersecurity stuff but then also the IT based stuff.
Now, I did get a further set of experience on the cybersecurity end because with being a digital forensics engineer and having that role, I primarily helped to set up these environments for investigators who are out there actually getting a phone, getting a hard drive, getting a computer, bringing that back, and then investigating it in these environments.
So I learned how pretty much outside of how the investigative process worked on the government level, but also how the infrastructure behind it really worked. And then I think those two pairings really helped to gain a broader understanding and bring that into teaching.
Honestly, it was kind of a bittersweet kind of thing because I didn’t start teaching until COVID happened, which that was kind of a tough situation there, but it’s like I started teaching remotely at first and I was asked actually by my predecessor who worked here, Hey, do you want to come and teach?
And I was like, yeah, sure. I’d love to try and test those waters out, see if I’m really good at it. And I’ve instantly fell in love with it when I started and after a bit I wanted to get more involved and help out more and more students.
And so I then kind of pretty much gravitated out of the government contracting role I was in and came more full-time here and then, yeah, eventually worked my way up throughout the program.
Steve Bowcut:
That’s fascinating. Well, first of all, one of the things I always like to ask someone who has your kind of experience is to get a little insight into what that’s like, and I’m talking specifically about your experience working in digital forensics.
So I think a lot of students and people who are interested in cybersecurity, maybe that some of that interest is generated by things that may not be so factual, but I don’t know, but you probably do.
So if you’re a young high school student or college student, you watch shows like CSI and you see all of the really cool things that digital forensics can do, my guess is not having worked in that field that that’s a little more glamorized than what real life is.
So could you help us understand how much of that is just television glamor and how much of that is actually what you do if you’re working in digital forensics and is it a fun and exciting job?
Justin Williams:
I mean, obviously there’s some glamor to it. I got to make it look like it’s really easy to be able to do and it takes time and effort to be able to learn, but it is really fun and some of the stuff within it, I mean some of the stuff within TV shows do kind of depict how, for example, you get a phone in and you have to extract data from that phone in order to geolocate where that person was. So that kind of stuff can be fun.
You’re pretty much trying to pinpoint where a bad guy is at and or where he may be or where associates of his may be. So that kind of stuff is honestly really exciting to be able to do.
And I think TV shows get that partially right, but they do obviously over glamorize the technical stuff because you do have to have a bit of knowledge on how given tools work, artifacts are extracted, given processes behind it, but you learn that as you go through given programs or given trainings and that’s kind of the nice thing too.
Steve Bowcut:
Yeah, that’s so interesting. But it must be at least it would be very fascinating. It’d be very rewarding I think to be involved in a career where you are helping to do those kinds of investigations and help the investigators providing the information that can lead to getting the bad guy off the street so people don’t become victims any longer.
So that’s got to be rewarding. It also had to have been rewarding for you, I think, to do this full circle thing. I’m just kind of enamored with that whole idea. So is it rewarding for you to now see, I always think that that’s probably many students kind of dream in the back of their head when they’re a student.
Is it someday I’m going to come back and I’m going to be the chairperson of this department at where I’m going to school. So is it as rewarding as it seems like it would be?
Justin Williams:
Oh yeah, definitely. And I mean obviously when you get into a given career, I mean mine was kind of happenstance. I heard of a teaching opportunity here and jumped at it primarily. I was like, okay, this sounds really cool, I want to give it a shot. And I just started teaching and I fall in love with it.
So it’s like I was in a role to where I was doing a lot of really cool stuff, but it’s like I got that opportunity to start teaching and I’m like, wow, this is actually really fun. This is really enjoyable. And I was like, okay, I want to pursue this further.
Pretty much finding that new avenue that it’s like when I was a student here I was like, okay, maybe teaching is something I wanted to give a shot at because I was always a tutor or an SI leader helping out other students with their work. But when I got out in the field, it wasn’t really something I was expecting to come full circle with initially.
But when I heard about the opportunity of teaching here, I instantly jumped at it and fell in love with teaching in and of itself and now being able to pretty much help out a variety of students and achieving their goals. I think that’s really rewarding
Steve Bowcut:
Yeah
Justin Williams:
And of itself because you see all of these young individuals, older individuals even come through middle-aged individuals and they learn a variety of things and are able to then go out and get that job that they’re looking for or apply for that given position they’re looking for.
And it’s like seeing them get into those positions. One lady got in who used to be here at the Wisconsin State Police doing digital forensics. It’s like she got into the position she wanted to and now she’s out there and doing a lot of really cool stuff out there.
Steve Bowcut:
That is awesome.
Justin Williams:
So it’s definitely come full circle, but it’s like at the end of the day I followed that passion of mine and it’s primarily following what you’re passionate about at the end of the day.
Steve Bowcut:
And that is good, and I think it’s good for our audience to understand. So that is an avenue if you are interested in cybersecurity, but you’re also interested in being an educator, you could start with the education, get some industry experience, and then return again and be an educator if that’s where your passion lies. I love that.
Let’s talk about the programs specifically. So the cybersecurity and digital forensics program that’s been recognized by the National Center for Academic Excellence by the NSA and the DHS. What exactly does that mean for students or potential students? What does that distinction mean as far as opportunities for students?
Justin Williams:
So it honestly opens the door for a variety of differing facets, such as scholarships, job opportunities through the government. Those given standards and of themselves pretty much tell government agencies, organizations that hey, students that come from this program are able to replicate what we are doing here with regards to working with given digital forensic tools, working in a SOC or working with given seams or pretty much being able to replicate anything that they’re doing with regards to what we are teaching here. So that’s kind of the at least overarching thing with regards to the CIE program here. So
Steve Bowcut:
It makes me wonder, so obviously, well I’ll say obviously, but I’ll let you come on whether this is true or not. So I would assume that hiring managers in government, either government entities and or government contractors would really look hard for that. They wanted to look at somebody who’s had an education in one of these schools that’s accredited in that way.
How about, or do you have, first of all, I guess it’s two part question, is that true? But then also I’d be interested in knowing it. Do just general industry, no, not government contractors or government, but just commercial entities. Do they also look, do hiring managers also look for students that have gone to an institution without accreditation?
Justin Williams:
I definitely do think it helps the students stand out with regards to their education because I mean, government entities know about the CAE program, particularly like the NSA DHS,
But also more private organizations, particularly ones that handle work with the government itself. They probably are more aware of this designation as well. So there are a lot of big companies out there that obviously know about this type of designation.
But with regards to one of the major things that the program offers, I’ll just go into one of the scholarships that they offer real quick here. There is a scholarship called the IT is the DOD Cyber Scholarship Program, the DOD-CYSP. This scholarship program pretty much allows for students to be able to apply for it and it can offer them not just financial incentives, but also a guaranteed internship within a given federal government entity.
Steve Bowcut:
Oh, wow.
Justin Williams:
So say for example, you apply for this, students would actually be able to put into what they called, and I don’t know if this is the actual term or not, but they coined as sort of like an NFL draft to where they have a list of students and then there’s a variety of government entities that say bid on an interest towards a given student, and pretty much they can then bring that student on board and give them internship experience.
Steve Bowcut:
Yeah, That’s extremely valuable. I mean, that’s getting an internship that would be great for anyone’s career. Yeah. Okay. So earlier you kind of touched on this idea of hands-on learning.
I’d like to explore that a little bit more. So can you tell us some of the, describe for us maybe the hands-on learning opportunities that a student could expect coming to Mount Aloysius College?
Justin Williams:
Yeah, sure thing. So there are a variety of opportunities we try and give our students with regards to hands-on work At a very fundamental level. We start by building out their foundational skills, so hardware, networking, programming, learning about given operating systems, working with Linux, we try and give them that foundation first in order for them to understand how pretty much the cogs work behind given technologies.
And from there, throughout those given classes that they take, they learn how to build out actual applications. Some of them can be simple, for example, in the programming class, it could be calculators, some can be some students even go further than that and build out things that are log analyzers if they want to get really in depth, if their interest is cybersecurity.
And then throughout the hardware class, we have students actually rip apart and put together a pc. I mean it seems pretty rudimentary, but it teaches them then how to work with hardware. And then for networking, we have a variety of switches and gateways and firewalls that we try and expose our students to so that way they can understand the basics of giving switching technologies and giving firewall technologies that are out there.
And then giving them the basics of Linux from there on out helps them to get hands-on and working in a Linux environment. But then after that basic experience has been covered, they then get into the more cybersecurity heavy courses, such as, particularly the courses I teach being digital forensics, we actually have two enterprise grade tools and a variety of given other open source tools and free tools that we teach students about.
But we also teach them about the techniques in order to, how to approach a given crime scene, how to collect that evidence at that crime scene, what to do with that evidence. We give them as much hands-on as possible with given digital forensics facets, and they can even get a certification after the fact through a company called Cellebrite as well.
So we give them not just the hands-on experience, but then also give them the capability to become certified in one of the tools we have here, which that really stands out as well, I think, in my opinion.
Steve Bowcut:
Interesting. So you said earlier that you started teaching and it was COVID and it was kind of all remote at that point. That kind of begged the question. Now we’re talking about hands-on. I thought, well wait minute, is it all in person now or is there a combination of remote and how do you accomplish that?
Justin Williams:
Yeah, so it’s a bit of a combination right now. So we do offer online courses here, and the online courses are primarily for topics like programming topics.
We do also have some digital forensics classes online, which how we primarily handle that is we have a set of servers in our lab that students can actually remote into and have these environments that they can work in that have pretty much all the tools and resources in there so that way they can get hands-on with analyzing a given forensic image, extracting out artifacts, and they don’t necessarily have to have a high-end gaming computer or something along those lines to be able to do so they can just use our servers here and remote from their dorm or home if they’re taking the class online.
So that’s something really cool that we do, at least with that mix that we have of online and in-person classes.
Steve Bowcut:
Right. Okay. Interesting. All right, so kind back to the digital forensics. So digital forensics is one subset of cybersecurity, if you will, and not all students are interested necessarily in investigative type work or digital forensics. Their interest in cybersecurity may be broader than that.
So speak to us about the importance of the skills that you learn in digital forensics and how that might apply to a broader cybersecurity role. Maybe somebody working in the SOC as an analyst or something.
Justin Williams:
Yeah, so I mean learning how to pretty much extract out, for example, logs from a Windows PC that can help to somebody in a SOC understand, okay, this is how a log looks when I see it, this is the information that it has within it.
And it allows for them to pretty much translate that into working with a seam tool. For example, Splunk or Wazoo, just two that popped into my head. But primarily it allows for them to understand that, hey, these are what these logs look like when I see them.
And even on the networking angle, let’s say you learn how to analyze given network traffic through network forensics, obviously you’re going to be probably looking at traffic if you’re working in a SOC or security operations center, and you’re going to need to know what is going on within that given network traffic.
Well, with network forensics you can understand pretty much how given devices are communicating with each other, what traffic’s going across the network, what might be malicious, and then what might be just your standard everyday traffic.
Steve Bowcut:
Okay, that makes sense. I appreciate that. So even if you don’t want to spend your life in digital forensics, the things that you’ll learn in digital forensics classes will certainly be translatable to anything in cybersecurity. That’s good.
All right. So let’s kind of pivot here a little bit. A lot of students I know get pretty excited about cyber clubs and competitions. So talk to us about what’s available there. Do you do some capture the flag or what do you do in cyber clubs and competitions?
Justin Williams:
So at Mount Aloysius College here, we have a cyber defense team and the cyber defense team allows for students to get experience with competitions that are out there given cyber competitions. One that we do, it’s called National Cyber League, and primarily we have students get together and they go through the given challenges in there.
Recently we just got done going through a password cracking section. So they primarily get hands-on doing these given things that you might be doing out in the field. There’s even a section that we just are starting into for log analysis, which is pretty big, at least when it comes to working in a SOC role or even a forensics role.
I mean, there’s a variety of cybersecurity roles to where understanding the logs is pretty critical. But we also do try and spin up our own homegrown competitions in-house and one that we’ve done recently, it’s actually called a hacker hunt.
So we have two groups of students, one being defenders, one being attackers. The attackers go in first try and get as far as they possibly can in the infrastructure, and then the defenders are kind of acting as those instant responders, like the attack happens, how far do they get?
What am I able to see from the logs and network traffic and how can I improve the defense of this infrastructure to prevent it from happening in the future? So I honestly thought that was a really fun thing to have and have them do. And we’ve ran it, I think five times so far each increasing in scale primarily.
Steve Bowcut:
Yeah, I mean that’s a real world example of what they may be doing in their career. So I love that I give some experience doing what they’ll eventually be paid to do.
So I’d be interested, I think our audience would be interested in, and I don’t expect that where all the students have ended up after they’ve come through your programs, but can you give us some examples that you are aware of students that have come through the program and where they may have ended up working or things that they’ve done in the industry?
Justin Williams:
So I would have a list up here. I don’t think I have it up right now, but off the top of my head, we’ve had students go to the FBI RIS, Google, Apple, I’m trying to think of some of the other ones as well.
Some of them have stayed local working for companies such as Precision Business Solutions (PBS), and some of them also teach now at given colleges in the area such as Penn Highlands and a few work in given industries in the area such as healthcare, for example, UPMC.
Steve Bowcut:
Awesome.
Justin Williams:
And if I had the list up here, I probably could go a bit further.
Steve Bowcut:
But the point being that they’ve ended up in some very prestigious and financially rewarding positions.
Justin Williams:
Yeah, Definitely.
Steve Bowcut:
That’s kind of what we wanted to understand. So we’re kind of coming to a close here, but there’s a couple more questions I want throw at you, and they’re both kind of forward looking questions. The first one is maybe some advice.
So if you were face-to-face talking to a student who’s thinking about starting their academic career in cybersecurity, what advice would you give them about choosing a program?
They may not be in Pennsylvania and Mount Aloysius may not be an option for them, but what option to help them explore the options that they have? What would you tell them to look for?
Justin Williams:
I would primarily look for a program that helps to, if you don’t already give you those foundational skills, at least to start with. Because if you’re going to end up working in any kind of IT role, you want to at least know those foundational skills like networking hardware, at least a little bit of programming.
You don’t need to be a mastermind at it. And then operating systems in and of themselves. I do also think if the program offers any form of Linux courses that can be beneficial so that we can gain the basics of that operating system. Because a lot of places, even in the government do utilize Linux on their infrastructure in some capacity.
So having a program that can give you that experience is pretty useful. And then from there on out, look at what kind of cybersecurity focused courses that they have, and if you’re not sure what avenue you want to go down, I don’t know, being a SOC analyst or doing even maybe threat hunting or OSINT or digital forensics or whatever particular, even pen testing.
If you want to get into that route, I would just suggest trying to find programs that maybe fit your interest, whether you want to do more defensive or offensive style stuff.
Now, obviously if you get into a program and you’re like, Hey, this isn’t for me, the way I always look at it is you gave at least the cybersecurity end a shot. You were interested in it initially, but then you can pivot into other programs as well.
It is a little bit of a tough thing to do, obviously sometimes, but it is good to then know that, hey, maybe being a SOC analyst isn’t for me, maybe digital forensics isn’t for me because you got that experience initially before going through the full program and getting into the job role or something like that and being like, oh, well this isn’t for me.
Steve Bowcut:
That’s a really good point. And I always like to point out that cybersecurity is really broader than maybe many students understand initially when they’re coming in. You don’t even need necessarily to have a strong technical background.
Maybe what you find out after taking some digital forensics class or some ethical hacking classes or pen testing or something, you realize I’m really more interested in social engineering and I would like to understand why people do what they do or how they get their victims to give up a password or to click the link or the things that they do.
So there’s that whole psychology side of it as well as the technical side. So there’s a place for a very broad range of interests, it seems to me like in cybersecurity. Alright, so we’re going to end here with kind of a forward looking question. We’ll ask you to dust off your crystal ball and look into the future.
So what trends are you seeing from, you have a unique perspective so you can see things coming that maybe students can’t see. So what trends do you see shaping cybersecurity that students, it might be useful for them to have on their radar now so that they can customize their education to meet what the future might look like?
Justin Williams:
That is certainly a, I wouldn’t say tough question, but there’s a variety of things definitely coming down the pike that are going to shape IT in general
Steve Bowcut:
Okay
Justin Williams:
The biggest one that I’m pretty sure everybody has been seeing in some capacity is AI or artificial intelligence. It’s everywhere. You probably see it in some app or on your device or whatever in particular. But I would say try and understand some of the AI based facets that are coming out with regards to cybersecurity.
I would even say going as far as learning about given technologies within AI, like one called MCP model context protocol, that’s something really new that pretty much allows for AI to talk to a variety of tools out there. Even giving AI the capability to auto hack into given devices just by talking to it.
So pretty much you could be like, Hey, run an Nmap scan on this and give me access to this. And then it’ll be like, okay, I’m going to find that vulnerability for you and I’m going to exploit it and I’m going to give access. I’ve seen videos out there of it doing that, and that’s kind of the really crazy thing that’s coming down the pike and it’s going to automate a ton of different stuff within cybersecurity.
Now, it’s not obviously going to take away jobs. I think it’s going to probably, if anything, create new jobs or replace given jobs. So learning about AI in some capacity, especially stuff revolving around MCP model context protocol is really going to be big.
And then another thing that is probably further out, I don’t foresee it really coming anytime soon, but hey, maybe it could is quantum computing. It’s definitely one of those that it’s like it’s talked about right now and there’s been a lot of development in it, but I’d say probably at least a few more years before we see anything really ground, really concrete come out. I know, I forget what company it was, but they’re working on a quantum based CPU right now. I can’t think of the company name for the life of me.
Steve Bowcut:
That’s fine. We probably don’t want to mention their name anyway. So not that it’s a bad thing, maybe they don’t want that being a topic because it does feel like with Quantum, to me anyway, at least from my, as a journalist, it does kind of feel like we are kind of living under the shadow of a wave that we just don’t know when it’s going to come crashing down on us.
So for students listening to this podcast is certainly something they need to be aware of. They need to understand what quantum computing is and the threats that will come with it, and maybe how as defenders they could utilize it. Just like with AI, I mean the threat actors are going to employ AI models and techniques to achieve their goals. And as defenders, you also need to understand that AI is a useful tool that you could use to defend against that.
Justin Williams:
I remember there being a article or discussion with regards to quantum computing regarding how it can break through encryption. Now that may sound scary to a lot of people, but there is a quantum level encryption that I would suggest trying to learn about a little bit if you want to get ahead of things because they are working on quantum encryptions now for how to safeguard given data. So just something I figured I’d throw out there too as well.
Steve Bowcut:
Yeah, and that’s good to know. It does take some of the fear and anxiety to wait. I think that’s the thing that most people when they think about quantum computing that they’re most afraid of is like, whoa, all of our encryption is now no longer going to be any good, but if there’s an alternative to that that would be just as secure or more secure, then maybe we don’t have to. Maybe the sky’s not falling after all right.
All right, Justin, we are out of time, but thank you so much for spending part of your day with us today and sharing with students and early to mid-career professionals that are thinking about cybersecurity, some of the options that they could find, at least at Mount Allis. And a lot of that will translate to other learning institutions as well. So thank you so much.
Justin Williams:
Thank you as well, Steven. It’s been a pleasure talking with you, and I wish everybody who’s out on the journey right now, the best of wishes. I know it may seem daunting, but find that niche or find that program or really that part of it, or cybersecurity that fits you. Don’t be afraid to try different things because you never know. At the end of the day, you may fall in love with something that you’ve never heard of.
Steve Bowcut:
That’s right. And you may in the end come back and teach others about it. You never know. Right.
Justin Williams:
Yeah, that too as well.
Steve Bowcut:
Alright, well thank you. Thanks to our listeners. Don’t forget to subscribe so you won’t miss future conversations with leaders helping to shape the future of cybersecurity. Until next time, stay safe and stay curious.