Tasha Cornish is the executive director of the Cybersecurity Association, a nonprofit that focuses on building a strong cybersecurity community.
The organization has three Centers of Excellence: the Center for Business Growth and Innovation, the Center for Cybersecurity Talent, and the Center for Cyber Resilience.
The Center for Cybersecurity Talent works to create opportunities for on-the-job training, internships, and apprenticeships to help build the next generation of cybersecurity professionals.
A summary of the episode
Key industry trends and challenges include the increasing role of artificial intelligence and quantum computing in cybersecurity, as well as the growing importance of data analytics, privacy, and communication skills.
Her advice for students and early career professionals is to get involved in the cybersecurity community, show up and participate, and be open-minded about how their skills can contribute to the field.
Listen to the episode
A full transcript of the interview
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Today, our guest is Tasha Cornish. Tasha is an executive director of the Cybersecurity Association. We’re going to be discussing building a cybersecurity community. I’m very excited about this episode today. I hope the audience enjoys this as much as I think I’m going to. There’s a very fascinating topics that we’re going to discuss, and they’re critical. They’re critical for the industry as a whole.
So let me tell you a little bit about Tasha. Tasha is a nonprofit executive with expertise in relationship development, fundraising, and project management, a natural collaborator and connector. She is highly recognized for her ability to work dynamically with a variety of stakeholders, particularly in the fields of program recruitment and retention and for her analytical abilities, and she’s just got a great personality as well. So with that, I would like to welcome her to the show. Welcome, Tasha. Thank you for joining me today.
Tasha Cornish:
Thank you, Steven. It’s my pleasure to be here.
Steve Bowcut:
This is going to be fun. So let’s start as we always do, by getting to know you a little more. So tell us more about your journey, how you decided, how you got to where you’re at as the executive director of the Cybersecurity Association Association and what kind of inspired you to get there.
Tasha Cornish:
Absolutely. My professional and educational background is in public health and neuroscience. So I was not the most obvious choice for this, but growing up in that space, data privacy and data protection and really anything to protect the health and privacy of the folks that we work with is critically important.
So I was always very interested in how cybersecurity and privacy intersect when I went on to lead a human services nonprofit. Our information systems, and again, data privacy were critically important in how we worked with our members and our folks that we served. So we worked primarily with older adults. I was there during the pandemic and I played this really critical role, or the organization played a very critical role in bridging that population to working with technology because all of a sudden they were all expected to go online to manage all of the benefits that they need to survive.
And with the combination of my curiosity about technology and how we can use it to build stronger communities as well as data privacy, when I learned about this role, I was also interested as a public health professional in the economic development and workforce development part of it. So it was a wonderful opportunity for me to use my nonprofit management skills to contribute to an industry in a field that is critically important.
Steve Bowcut:
Excell-ent. Well, we’re certainly glad that you’re in this field and you contribute your expertise. So before we move on, let’s start here with maybe some advice that you would give students, or as you know, our audience is primarily students and or early career professionals who have begun their career in cybersecurity, or they’re still considering the cybersecurity as their academic or professional career. So are there any specific skills or certifications or advice of any type really that you would like to offer our audience?
Tasha Cornish:
Sure. So looking at the jobs that our members are hiring for today, we see a demand for really core computer science and information technology skills. There are certainly many jobs where you’re not going to use what we call cyber forward skills every day, project management, technical writing, et cetera. But having that core knowledge and information systems, computer science is really, I think, a strength when you’re coming out and you’re starting your first career. I’ll say it again, I’m sure, but it can be a tough field to break into. There’s a lot of entry level jobs sometimes that receive far more qualified candidates than they can fill positions for. So certainly any opportunity you have to join student groups, other professional groups early on in the process will help you as you start your career.
Steve Bowcut:
Excellent. I like that idea. So probably what you want to do is develop some relationships. You’re kind of in the community, you’re in cybersecurity, people in cybersecurity. You’ve met chief information officers and CISOs and people like that before you even apply for your first job, ideally, I suppose.
Tasha Cornish:
Definitely. And it really gives you that visibility. Cybersecurity is an industry that’s all about trust, and if they see you, if they know you, if they like you, if you could have a conversation that will certainly help in your journey. And we will talk a little bit more about it later, I guess.
Steve Bowcut:
Okay. All right. Well let’s move on then. So in the background research that I did preparing for the show, I noted that there are these three centers of excellence that are a part of or included or fall under the cybersecurity Association. Can you talk to us about that, explain what they are and what they do?
Tasha Cornish:
Certainly. We launched our centers of Excellence in 2022 to create entry points for anyone who wanted to interact with our community because we know that the strength that our community is, it’s very diverse. We have folks in government, academia, students, individual members, corporate members, and each person comes to really find their own frontier and to really accomplish their individualized goals.
So the first center we created was our Center for Business Growth and Innovation. This is for any type of entrepreneur who wants to build their own cyber company. So we help them connect with other folks in marketing and sales and partnering agreements, which is really important in government contracting, which we work a lot in given our headquarters in Columbia, Maryland.
And we do a lot of work there to also advocate for more investment in business growth and entrepreneurial programs. For our Center for Cybersecurity talent, we’ll dive a little bit deeper into that one, but really we discovered that you cannot grow your company exponentially unless you have the right talent to fuel it. That was really a limiting factor we were finding. So we work with folks who are responsible for recruiting and retaining that talent to make sure they are doing it in a way that really grows the industry and moves it forward.
And lastly, the Center for Cyber Resilience, which is what we are likely most known for, it is really our education and outreach arm. So we collaborate with other chambers, other associations, really anybody who needs information on trends in sled, which is state local education trends in small businesses and really needs that actionable resources around cyber for their non-cyber company. Out of our Center for Cyber Resilience, we also have security roundtables where we invite practitioners to come together and have those conversations across all industries.
Steve Bowcut:
Okay, excellent. And as you alluded to, I do want to spend a little more time talking about the Center for Cybersecurity Talent, but before we get there, I think it would be interesting to delve a little deeper into how you go about fostering this community and collaboration among the members. And I assume there’s programs or events or those kinds of things. Can you tell us about that a little bit?
Tasha Cornish:
Absolutely. Our signature event every year is our award ceremony, which we just hosted in September, which really brings together the entire ecosystem to celebrate individuals who are exhibiting excellence in cybersecurity companies, as well as training opportunities and training programs and universities, especially those that are dedicated to building the diversity of our field. So that’s always our big blowout event.
We also have large events around women in cybersecurity as well as our legislative event in the state capital of Maryland in Annapolis. Throughout the year, we host smaller, more curated events, usually in person, but we are rebuilding our capacity to host events virtually because we do have members beyond the region and we want to make sure that they’re also engaged in this community where we’ll usually have speakers and we’ll always have some breakout sessions and time for discussion and that informal networking, because we really find that’s where a lot of the magic and connection happens.
Steve Bowcut:
Okay, and I presume that our audience can go to your website and find about the events when they are, how do you register, how do you attend or connect virtually, those kinds of things.
Tasha Cornish:
Steve Bowcut:
Okay, thank you. Alright, so let’s go a little deeper then into the Center for Cybersecurity Talent and Workforce Development. I think our audience is going to be particularly interested in that. So maybe you could talk to us a little bit about the role of recruitment and building this next generation of cybersecurity professionals.
Tasha Cornish:
Absolutely. Historically, our constituents have been typically corporations. So most of our work within the center of Center for Cyber Talent still works primarily at the corporate level. So one thing that we’re very excited about and we will continue to grow is the work that we do to create on-the-job training opportunities for our members to really dive more into skills-based learning, to dive more into internships and apprenticeships because our key constituents often are small and medium-sized businesses, so this can be really challenging for them to navigate.
So we try to remove those initial barriers because we know that in order to accomplish their goals, they really need to invest some time and energy into building the next generation. So we focus a lot on that. We also work with community colleges. We’re big community college advocates and people into the field and then connecting them with those types of on-the-job training opportunities. We also do a lot of work around reskilling and upskilling. So just anecdotally, the number of folks who come to me who work in IT, who say they want to transition to cybersecurity but can’t find a way is always staggering. So we try to empower, it can be mind-blowing sometimes.
Steve Bowcut:
Yeah, I can imagine.
Tasha Cornish:
We really try to empower our employers by advocating sometimes getting funds directly for them, for their staff to train them in penetration testing or cloud security or some other security operations that their IT help desk person could use to upskill and then transition into those roles to give them those core competencies. And when you look at the roles that need to be filled in cybersecurity, there’s a large area swath of the kind of job field right now that does fall in that mid-career range. And so by upskilling folks and really specific skills, we’re hoping it can accelerate them faster into that mid-career and fill those jobs that our companies so critically need to fill.
Steve Bowcut:
Excellent. Okay. So from a practical level then, so students maybe they’re getting ready to graduate with a degree that’s associated with cybersecurity or a cybersecurity specific degree or ent-the-ry-level professionals that are working somewhere and want to advance their career. What do they, do they contact you? Do they come to your organization to find these opportunities for mentorships or internships or networking opportunities, or do they go directly to the corporate members of your organization? How does that all work?
Tasha Cornish:
Sure. We do have some corporate members that have specific schools with universities. So that relationship has gone really well, but they can also come to us. We tend to really work well for folks who are studying remotely. We know that sometimes people are doing their careers remotely and they might not have that local anchor. So we’ve done a really, I think, effective job at engaging those folks, bringing them out to our events, either as volunteers or our special guests so they can interact with those in corporate spaces. We do also have a free student membership that we launched this summer that we are just really starting to roll out
That we can build that relationship with students and get them those connections earlier on. It’s a very simple application, but we do ask about things like your willingness to do on-the-job training, any certifications you might have, and just give an idea of where in the NIST framework your interest really take you. Because we do have a lot of folks, given the small and medium size nature of their companies, they get really specific. So if you are interested in recovery or disaster or digital forensics, we can help navigate that a little bit better if we know that information.
Steve Bowcut:
Perfect. Okay. Thank you. All right, so let’s maybe pivot here a little bit and talk about some industry trends and challenges from your perspective, because I think you’re bringing a unique perspective to the show, and so I want to leverage that a little bit if we can. So what cybersecurity trends or challenges do you think new professionals should be aware of and how do they stay ahead of these evolving threats?
Tasha Cornish:
Two trends we’re -seeing, which is ubiquitous, I think across industries, but specifically in cybersecurity, are an artificial intelligence and quantum computing, artificial intelligence, all the rage of course. So we know that every professional, but especially younger professionals and those earlier in their career will need to know how to use these tools.
I think the cybersecurity entry level landscape will change a lot. The security operations, which is where a lot of folks start their career will change with these artificial intelligence tools. So understanding them is going to be critically important. And then quantum computing, we know that that’s going to change the way and the speed at which we do so many things. So just understanding how that will also impact adversaries specifically. I think we’re seeing a lot of, we always have nation-state threat actors that we’re concerned about, but we’ve seen a lot of really organized groups infiltrating industries, really methodically from the construction industry to healthcare.
And I think that China and others already have very advanced quantum computing skills and technologies. And I think just being aware of that, keeping an eye on that and learning those skills. Again, we don’t expect all cyber people to be quantum experts, but understanding how to apply those in the field will be critically important.
And with the advent of IoT, which is very old at this point, but still the data that’s produced by all those devices, having a really core understanding of data analytics and data science, I think will grow increasingly important in cybersecurity because we’re going to just have more and more data every day. We produce more data. So understanding that, and then lastly, I think less technical, but really important in this area is understanding all of the things going on with privacy.
There’s a lot of ap-plications and new legislation and regulatory things around privacy that will impact the way people run their cybersecurity programs. So understanding that a little bit better. And then communication call is old school, but with the tools of cybersecurity and artificial intelligence, the computers are going to be doing a lot of things that we do now. So we’re going to have to become very effective at communicating with others and around that moving forward.
Steve Bowcut:
Those are all excellent and very important. Thank you for that. I appreciate that. I really do. The AI thing resonates with me. I know a lot of people are worried about what role is AI going to play in cybersecurity and threat mitigation? And it’s true. We’re seeing more and more of that in the soc. We’re seeing AI tools being used in the soc.
So for someone who wants to get into this industry, I mean, it’s an invitation for you to learn how to use AI. Don’t be afraid of it. It’s not going to take your job, but unless you don’t know how to use it, the tool that you’re going to have to use, it’s still just a tool, but you are going to have to know how to use these AI tools that are being deployed in SOX in lots of organizations. So thank you for that.
I appreciate it. And the quantum one is interesting to me too. I see that as, and this is just my personal opinion, but I see that as kind of a maybe where we’ll first start to see cybersecurity threats from quantum computing will be like at a nation-state level, right? So as you mentioned, China has some advanced capabilities there. We need to make sure that we’re the first one to win that race so that we are prepared. But that’s where I think that battle will happen is at a nation-state level, probably not your run-of-the-mill hackers for at least a few decades, I hope.
Tasha Cornish:
Let’s hope. Absolutely.
Steve Bowcut:
All right. I think we’ve talked about building professional relationships. Is there anything else you wanted to add about how you can insert yourself in this ecosystem if you’re a student or an early to mid-career professional, or do I think we’ve covered that?
Tasha Cornish:
Yeah, I would say one of the key things is just showing up. We see so many students. I, for example, was at an event at NIST last week. I spoke for a national cybersecurity careers week, and I was sitting next to a sophomore student who knew, he knew he should be there. His professor encouraged him to attend, and 100% he showed up that day.
But he even said, I don’t know if us is the right space for me. Everybody seems so experienced, but showing up and we had a short conversation, and then the person next to him who could really, I think help advance him in some of his goals, picked that up and just they really dove deep into a conversation. And I will say this community, in my experience, it has been really open. It has been really giving. So even if you feel uncomfortable or not ready to go out there or know what you’re going to talk about, showing up will gain you so much admiration because we all know what it was like to show up in that first encounter, not knowing why we were there, what we were doing.
So go past that fear, because I will say this, I was nervous coming from a human services nonprofit, very mission-driven experience to come into a more corporate environment. But this field is so mission-driven, and in my experience, people just want to help there and be there to help and support you in your journey.
Steve Bowcut:
You know what, that is probably the best advice I think I’ve heard in a long time on this show because the young people that I know, if you want to be a standout young person, that’s what you need to do. Just push past that, show up at some of these kinds of things where maybe you’re the only young person in the group.
Everyone else has got decades of experience, but those people with decades of experience, we all look at you and we think this person has something going on. They’re here, they showed up, and that makes a huge difference. That’s the kind of person you want to have on your team, somebody that will show up and be in an uncomfortable situation because they want to learn and further their career. So that was good. Thank you.
All right. So funding. Is there anything that you think our audience might need to know about how your organization is funded, corporate sponsorships, those kinds of things, just so that they’re aware?
Tasha Cornish:
Sure. We can talk a little about that.
Steve Bowcut:
Yeah, tell us about that.
Tasha Cornish:
Yeah, so it’s really critical for us that we have a diverse funding stream for many reasons. One for sustainability, nonprofit 101, but also to really again, just reflect the diverse nature of our community and who’s contributing. And we have service agreements. We’ve really been able to do a lot through our Sonos of excellence because we want to also do research. We want to move the field forward. So we had a project earlier this year with the Maryland Department of Commerce and the Small Business Development Center in Maryland to work on cybersecurity for small businesses, which is a whole other topic we could have a podcast on.
So we do programs like that. But a part of cybersecurity that really every professional should be engaged with at some level is advocacy. So we know from working in federal and state legislations, those people are wonderful sometimes at governing, and sometimes there’s a lot of things they need to know about Cybersecurity, and cybersecurity will increasingly become a thing everyone needs to know about, even if you’re not a professional. So working with organizations like ours and other associations to inform our elected officials, what they should be concerned about when it comes to cybersecurity and data privacy is critically important. And we’re really excited to be that conduit between our members and those who want to hear from them.
Steve Bowcut:
Perf-ect. Thank you. I appreciate that. Alright, so we are about out of time, but we do want to leave you with the last word, and I think it would be beneficial for our audience if you have any advice or encouragement that you want to give the students and young career professionals about how they can build this longtime cybersecurity career, how they can be a part of this community.
Tasha Cornish:
One of the things that I really love about this industry and community is how any skillset can contribute to it. You might go through your education and start in a specific field and then contribute to another one or this one in a completely different way. I came here from public health and I quickly realized all of the systems-level things I could work on here and get excited about. And I think just being flexible and being open-minded, especially in these entry-level jobs and your job search is critically important. It might not make sense to you why you start as a help desk professional or something else, or a program manager.
We see many people start in something that’s not related to where they want to go, but it’s so important to get into the field in any way that makes sense and get to learn the industry and learn the professionals because that network will continue to help you find roles throughout your entire career. So be persistent. It’s going to be hard of, but if you join communities like this, I’ve seen our professionals really wrap their arms around early professionals to encourage them because it can be a challenging place to start, but if you find your community early on, it can be a real game changer in your future success.
Steve Bowcut:
Yeah. Thank you for that, Tasha. And that’s probably something we didn’t focus enough on that maybe we should have is that you don’t have to have technical skills necessarily. The example that I always like to use is a young person who has maybe some training and or even experience in the field of psychology, and you could think, well, how does that relate to cybersecurity? I don’t know coding. I don’t know how to do these technical things.
But then if you stop and realize that so many of the attack vectors use some element of social engineering, you’re exactly the person that we need. Right? Absolutely. You’re the person that we need to understand why it is that the people keep clicking on the links that we’ve told them not to click on, or they don’t do the things we’ve asked them to do, or they give out information they shouldn’t be giving out. All those kinds of things. So it doesn’t really matter where your interest lies, there’s a place for you in cybersecurity, and I appreciate that you’ve kind of pointed that out
Tasha Cornish:
100%.
Steve Bowcut:
All right, so we’ve got a wrap, but thank you so much, Tasha. This has been so much fun. I’m so glad that you had the time to come on our show and help our audience.
Tasha Cornish:
Absolutely. We really am grateful for your time.
Steve Bowcut:
Okay. And thanks to our listeners for being with us. Please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of The Cybersecurity Guide Podcast.