For this month’s leadership spotlight, we spoke with Dustin Hutchison, Vice President Services and Chief Information Security Officer (CISO) at Pondurance. Dustin has an impressive academic background that culminated in a doctorate in philosophy with a dissertation on cloud computing in healthcare. His strong belief in learning and teaching continues as a leader at Pondurance and adjunct professor at various colleges. Dustin began his cyber career focused on HIPAA compliance for a small hospital. He credits the combination of education and business opportunities as a key to his success in the cybersecurity field.

How did you get into cybersecurity?

My start in cybersecurity really was born out of compliance. Early in my career, I was focused on workstation, server, and networking — some general IT things — and because of the timing, HIPAA in healthcare was a relatively new thing. I was at a small hospital. We had a really small staff, no cybersecurity team, and so I was suddenly responsible for HIPAA compliance. That led me down the path of privacy and security.

How did you grow into the leadership role you’re in today?

Early in my career when I transitioned from pure break/fix and general IT and really started to focus on compliance and cybersecurity, I realized I needed a seat at the table. And what I mean by that is, from a leadership standpoint, learning the vocabulary of business, not just focusing on pure technology. After I finished my undergrad, I went on and got an MBA, took 10 days off after that and got my Ph.D. Education plus the opportunity from an organization standpoint really kind of led me down that path.

What was the biggest lesson you learned as you moved up in your career?

I think the biggest lesson I learned is really focusing on the technology, understanding the tech but knowing that you’re trying to solve a business problem. And so that’s one of those issues from an IT standpoint that’s always present. IT and cybersecurity are there to enable a business, and so understanding what the business is trying to do is really the primary key.

Why would someone be excited to join your team? 

Joining the Pondurance team, especially on the services side, is an exciting thing. The exposure to so many different customers, environments, and networks is just outstanding, and plus the collaboration between the teams. So when you think about a security analyst getting exposed to compliance or pen testing or application security, you’re not siloed in one role. You get exposed to a lot of different things.

As an adjunct professor, what advice do you give to students starting a cybersecurity career?

I teach undergrad all the way up to doctorate level students, so there’s a lot of different experiences and knowledge that come out of those different levels. I think it’s really important for inexperienced and emerging students to understand that there’s a lot to learn and they need to really get that experience and that exposure, and that doesn’t always happen on the job. It doesn’t always happen at school. Sometimes your education is in your own hands, even if you have great professors and great curriculum. So I also recommend being open to shifting gears. You may go into the field thinking, “Hey, I want to be a pen tester when I grow up.” And as you start working toward that, working in your home lab, doing some different things, you may quickly realize that you’re more interested in something else. So being open-minded to how broad the cybersecurity field is, is really important.

What advice would you give someone who is interviewing with you for an open role?

Getting interviewed is really an opportunity to reverse engineer the opening. So, you look at the job description, what the company is looking for, and then understand what you’re good at, and then work to fill in those gaps. And then, also being transparent about what you do and you don’t know. I tell a lot of my students that you’re not going to come out of school knowing it all, so looking at those job descriptions, doing what you can in a home lab environment, or doing some additional research or reading really goes a long way. Then, when you’re being interviewed, relating the question back to your own personal experience in that context is really important.

What qualities do you look for in people who are starting their careers?

When you’re starting your career, realizing that you’re rarely going to be a solo contributor without a team is important. Knowing that you’re going to work and learn with and from other people is really important. So understanding the dynamics of teamwork, understanding the importance of asking questions when you don’t know something is really important, and then also understanding deadlines and expectations, so if something’s not clear, being okay with asking for help and advice. The technical skills — most people are motivated and driven by because it’s fun — those come a little bit more naturally. Rounding that out with those new, personal, transferable skills is really key.

What are the opportunities today for people interested in a career in cybersecurity?

Cybersecurity is growing rapidly. My favorite on-ramp for cybersecurity is the security operations center analyst, or the SOC analyst. The reasoning is, you’ve got a huge safety net of a team, you’ve got flexibility from a role standpoint,  plus there’s a lot of opportunity to grow from a knowledge perspective within that role. And then, understanding where you are and being exposed to some of those other opportunities, such as pen testing or application security, is really important. Also from a consulting standpoint or professional services perspective, a lot of times, those types of employees have a lot more experience, but there are opportunities for students and inexperienced employees to understand regulatory compliance and how to perform risk assessments in the cybersecurity field also.

What kind of mentorship opportunities are available at Pondurance?

The mentorship opportunities at Pondurance are really vast, right out of the gate. We are a collaborative, sharing team anyway, and so you see that across the board. Any new employees have that safety net of a mentor that goes hand in hand with their onboarding. A consultant, for example, won’t run a solo project for quite a while. They will spend a lot of time shadowing another consultant. The same goes with the security operations center analyst, or a SOC analyst, where they are grouped with other people that are working a specific shift. They are given specific responsibilities, and they’ve got someone that they can escalate anything that they find to and then also the expectation of QA, or quality assurance review, before anything goes customer-facing.

Interested in joining the Pondurance team? View our current openings!