– By Dr. Emad Rahim, PMP, CSM, APMC
Dr. Calvin Nobles is an information technology and cybersecurity subject matter expert (SME), national security leader, cybersecurity scientist, and practitioner with more than 25 years of experience. He is an adjunct faculty member at the University of Maryland University College. He is active in involved in the cybersecurity community, volunteering with multiple professional associations and conducting research. He authored a book on the integration of technologically advanced aircraft in general aviation. Dr. Nobles’ personal story is featured in the book, Black Men Changing the Narrative Through Education.
Dr. Nobles recently retired from the U.S. Navy after 25 years and is currently employed with Wells Fargo as a Cybersecurity / Information Security subject matter expert supporting the Enterprise Access Management Team. Dr. Nobles serves as the Chairman, Cybersecurity and Information Technology Advisory Board for the Maryland Center and Bowie State University. Additionally, he serves on the Cyber Council for the Intelligence and National Security Alliance. Dr. Nobles has fulfilled various leadership positions. He served as a Cybersecurity, Cyberspace, and Cryptologic Planner, as the Deputy Director of Operations, Deputy Director for Strategy and Governance, Director of National Operations, Chief Security Officer and Deputy Director of Intelligence, and the Executive Lead for Cyber Intelligence Support.
How did your cybersecurity career get started?
My career in cybersecurity started the United States Navy while working at the National Security Agency after transitioning from naval aviation. It started when cyberspace operations were highly sensitive and unknown to the public.
What is the role of project management in cybersecurity?
Project management is vital to cybersecurity as it serves as a managing platform for a multitude of efforts such as technology integration, strategy and policy development, remediation, process changes, and large-scale efforts. Project management is a common understanding for cybersecurity professionals as a Project Manager leads each project and directed by a Project Sponsor (controlling authority). Project management is essential in ensuring the projects stay on schedule, within the cost parameters, and on its intended purpose. It is difficult to imagine how large organizations will coordinate, prioritize, and implement cybersecurity endeavors without project management. Most cybersecurity professionals are accustomed to working on project teams or supporting indirectly.
Can you please summarize your industry, and share how organizations are applying cybersecurity and project management in the workplace?
I currently work in the financial and services industry for a Fortune 50 company as a Cybersecurity / Information Security Professional. One of my responsibilities includes serving as a Project Sponsor. In this role, I am the controlling authority for the project; yet, the project manager is responsible for project objectives and the administrative functions. My previous project was an enterprise level project that I assumed control with two months from project completion date, and the project was behind schedule. Through long hours and building a comfortable and productive working relationship with the Project Manager, the project was completed on time. My next project will be a Role Based Access Control effort that takes 18-24 months to complete. By the way, functioning as a Project Sponsor is one of many responsibilities as a cybersecurity professional. Regardless of the specialty, supporting, directing, or leading projects is a collective responsibility.
Do you see any trends in your industry as it relates to cybersecurity and project management and other related methodologies?
For the most part, I envision that the current trends and practices will continue regarding cybersecurity and project management. Project management will remain the platform for managing a litany of efforts in cybersecurity. Cybersecurity is a multidisciplinary field and project management is one of the many specializations that align under the cybersecurity umbrella. I do not foresee that changing for some time.
What is your advice to people that are interested in pursuing a career in cybersecurity and project management within your industry?
My advice for project managers seeking to work in the financial and services industry is to learn as much as possible about the industry or cybersecurity. If possible, try to get a graduate certification in cybersecurity, a graduate degree in cybersecurity, or a professional certification in cybersecurity. If attaining advanced education is not financially possible then use resources like Cybrary and other free online training to increase your cybersecurity knowledge. Ask to volunteer in cybersecurity once a week at work. Attend cybersecurity conferences and network to find an employer willing to provide employment. Joining a professional cybersecurity association will provide exposure to cyber professionals, tacit knowledge, and different venues. Do not give up; if it is a professional desire to work in cybersecurity then keep learning and networking.
I noticed you had earned several certifications. What type of value has these certifications provided to you in your career?
I have not earned any professional certifications; however, I have earned several graduate certificates from universities. In some industries, these graduate certificates are respected like certifications.
Do you think the industry is catching up to better understanding the benefits of cyber security and program?
Absolutely, with the Equifax, Deloitte, Uber, and Yahoo cyber breaches accompanied by intrusive regulatory oversight and the General Data Protection Regulation (GDPR), most organizations understand. With increased fiduciary scrutinizing, BoD and corporate officers realize the serious implications of being underprepared for cybersecurity. This is just one element, the cybersecurity threat landscape, emerging technologies, a shortage of cyber talent, IoT, artificial intelligence, machine learning, deep learning, the Dark Web, and blockchain are exciting developments that will change cybersecurity. From the BoD, c-suite, and leaders across the enterprise need to understand the basics of the abovementioned technology. Cybersecurity is evolving, and so are the cybersecurity threat actors who seek to exploit any unmitigated vulnerability. As long as data is the new currency, the industry will continuously change to maximize security or at least try.
What are some of the significant gaps you still see in the cyber security profession and what can industries do to address them?
A significant gap is cybersecurity leaders linear thinking on what it means to be a cybersecurity professional. Another gap is the lacking of defined minimum standards for cybersecurity professionals. Organizations continue to overlook individuals with certifications and degrees with no experience for employees with 5-10 years of experience. The talent gap is widening too fast to continue to ignore individuals with the passion, credentials, and drive but lack experience. The lack of women and minorities in cybersecurity requires immediate attention. There is a lacking of applied research in cybersecurity as evident by ongoing issues like human factors, technology integration, and ineffective cybersecurity training.
What type of things do you do to stay current in your field (professional development)?
I classify myself as a cybersecurity scientist. Working as a cybersecurity practitioner and conducting research on various topics in cyber sharpens my proficiency. Additionally, I attend conferences, network, and read extensively in different areas of cybersecurity. Also, I am pursuing several certifications from three different universities on cybersecurity to stay current and informed on cyber-related matters. For my technical skills, I rebuild own computer systems, developed a virtual network, and conduct attacks on a personal network.
What are your last thoughts or closing remarks to our project manager subscribers?
Project managers are enablers of cybersecurity efforts and bring a level of expertise that many cyber professionals do not have. Project managers that have a high-level of cybersecurity proficiency are value added to projects. Whatever sector you support, make it your purpose to learn as much as possible about the industry.