Student Spotlight: Keith Hartung, CISSP
Glad to have you back to the CyberVista’s Student Spotlight Series. In this series, we talk to newly-minted CISSPs who used our Live Online comprehensive training to earn their certification. In this interview, we talked with Keith Hartung, IT Security Manager at the Commonwealth of Pennsylvania. The following interview has been edited for brevity and clarity.
CyberVista: Please describe your job responsibilities as a Security Engineer.
Keith Hartung: I work directly with the agency’s CISO. I’m in charge of all of the security technologies that provide the direct security services for the agency. For instance, I handle privilege user management and application security. Another part of my responsibilities is focused on data protection. I am responsible for ensuring that all of our applications are in compliance in regards to data protection regulations and policies. I supervise a team that maintains the agency’s cybersecurity infrastructure. I’m tightly involved in our data loss prevention program and our vulnerability management team. To say the least, my job keeps me busy.
CV: Tell us about you became interested in cybersecurity.
KH: I entered the cybersecurity landscape as an adult. I’ve always had a love for computers, so when I attended college I declared as a networking major and the timing was perfect because they were just launching a new cybersecurity program. Therefore, the decision was easy to declare as a dual major. Around the midpoint of my education, I actually had to take an extended break from my studies. Seven years later, I was determined to earn the other half of my degree and graduated with a Bachelors in Business Administration with a concentration in Information Technology for Business Education. Shortly thereafter, I began my career as an IT instructor.
CV: Why did you decide to earn your CISSP certification?
KH: Well honestly, I wanted my CISSP because I seek to challenge myself. I have not stopped taking classes since 2010 because I know I need to stay abreast of the latest technology and innovations in cybersecurity. After a while, I noticed a pattern that most of these classes strongly encouraged earning your CISSP. Every time I enrolled in a new cybersecurity class, I would hear, ‘If you want to really advance in the cybersecurity field, then earn your CISSP,’ or ‘If you want to contribute back to the field and not just be a worker, then make the CISSP certification your goal.’ All the hype really intrigued me, and the more research I did, it became obvious this needs to be my new goal.
CV: Why did you choose CyberVista as your CISSP training provider?
KH: Well before CyberVista I was given an opportunity to attend a one-week boot camp. Since my employer was paying for it, I did not hesitate to take advantage of the offer. After that one-week boot camp, I came out of there with more questions that I had going in. I did not feel prepared and the training just simply wasn’t enough. When the opportunity arose where I could choose a training environment and training method myself, then I researched all of (ISC)²’s authorized training providers [CyberVista is an (ISC)² Approved Training Provider]. However, this time I was steering clear of all boot camps. Once I realized CyberVista’s curriculum was an integration of live online lectures, on-demand videos, and an array of self-study tools; I was hooked. It was just what I needed.
CV: What CyberVista resource was most helpful?
KH: I mentioned before that I had experience in teaching. I pride myself on the ability absorb and retain knowledge, but what cements what I’ve learned is teaching. The live online lectures provided me with the space to do that. Each week my instructor would ask the students to teach a concept that we recently reviewed, which helped reinforce the information we were studying. Also, I was amazed there was so relevance between my coursework and my day-to-day role. For example, there was a point in the course where my class was covering disaster recovery and it just so happens at my job, we were in the process of redoing and reworking our disaster recovery plan.
CV: Do you have a favorite CISSP exam domain/topic?
KH: Absolutely. The domain Information Security Governance and Risk Management is my passion. In my opinion, everything related to cybersecurity all links back to risk management. Great cybersecurity starts with great risk management plans.
CV: Tell us about exam experience.
KH: I went into the exam with confidence, not an ounce of doubt, and didn’t feel like I was overreaching at all. A good exam strategy that worked for me was after reading the question, I allowed myself to think of my own best answer before I even glanced at my choices. I took my time developing my own answer than trying to match the answer to the question. This helped me to avoid any trick answers – what my instructor referred to as “honeypots.”
CV: How is the future of cybersecurity connected to the education of younger generations?
KH: The federal government runs a few fantastic and free programs for high school kids to introduce them to cybersecurity as a career option.These programs are underutilized. In order for schools to implement these free programs they have to reach out to the federal government first, but the problem is many schools don’t even know these programs exist.
I’m not too surprised by the workforce shortage because the introduction between cybersecurity and young adolescents is happening too late. They’ve envisioned and scoped out so many other career paths by the time they’re young adults. Cybersecurity seems too fresh and new for them to abandon and lose interest in the fields they’ve been considering for years. If we can move up the timeline of the cybersecurity introduction, then not only will we see more adolescents funnel into the workforce but they’re going to be better Internet citizens and take cybersecurity more seriously.
CV: What do you like to do for fun outside of work?
KH: I juggle a few hobbies. One of my favorite pastimes is cooking. I also love bushcrafting, which essentially is about enjoying extended periods of time outside in the wilderness and getting creative with nature’s resources.
Do You Want to Pass?
If you’re like Keith, hoping there’s a cram-free option when studying for the CISSP exam or other certifications, then let us show you a better way. At CyberVista we have two goals: Help you learn the material so you can pass the exam, and help you retain the information so you can apply what you learn for the long term. Learn more about CyberVista’s Live Online training courses including the CISSP, CISM, CEH, and Security+.