Alumni spotlight: Hector Santiago, DSc
May 20, 2019Ever wonder how someone got to the top of his or her field? This interview with Hector Santiago, DSc shows the path to success isn’t always a straight line.
Hector earned his bachelor’s degree from Syracuse University in fine arts, master’s degrees from Liberty University in business administration, Capitol Technology University in telecommunications and information systems management, and the National Intelligence University in strategic intelligence. He then went on to earn his doctorate in cybersecurity from Capitol Technology University.
He’s made numerous professional contributions to the cybersecurity world. For example, Hector devised a non-forensic attribution methodology (NFAM), which is used by the Department of Homeland Security (DHS) to track down anonymous cyber adversaries. He also played a key role in building the database used by the DHS for identifying cyber threats to federal agencies.
In his spare time, you might find him in downtown D.C. museums with his sketch pad.
Q: How did you make the jump from art to cybersecurity?
HS: During my undergrad years, I was studying to become an illustrator and graphic designer. Upon showing my portfolio to an art director for a major magazine, she said the portfolio was great, but I should leverage my English and Spanish so that I could appeal to twice as many people and avoid the starving artist routine when starting out. I decided to knock out my college debt by going into the army where I tested for and was chosen to be a linguist; I figured a third language (Russian) would help with selling my work to three times the people once I got out. It turns out I enjoyed the telecommunications aspect of my job very much, as well as the language, and began to focus on the technical side of analysis to be marketable once I separated from the army. At that point, I thought I would only do this while I built my art career. Opportunities to do more and more challenging telecommunications work for the U.S. government ensued. The rest is history.
Q: What advice do you have for an undergraduate considering earning a degree in cybersecurity?
HS: You must learn how to visually capture your ideas for presentations. One of the situations which many are not prepared for is quickly showing why an idea (cybersecurity or other) has merit to a boardroom audience, which typically means ‘what are the operational and, especially, financial implications?’. The ground truth in (IT) business is there are very few leaders who have the time to get ‘cyber savvy’ if they are not already, but they are still the ones who can champion what they understand or ‘kill’ what they do not. If the person responsible for cutting the check cannot understand your great idea, it remains just that: a great idea. The idea that’s understood gets funding and becomes a known service or product.
Q: What are most people surprised to learn about the cybersecurity field?
HS: The second you go outside of your organization for a solution to a problem, you now run the risk of paying for upkeep and ‘fixes’ of your IT which may not have been a part of the original proposal. The confounding variable here is that no one ever knows exactly how much to invest in cybersecurity measures to pre-empt malicious events. Subsequently, your return on investment (ROI) now dwindles as you pay for someone to come in and provide something ‘you can’t live without’, which no one knows how to operate except the outside business, all while using your data! This situation is universal, with relatively few exceptions. It’s better to bring in consultants to show you what can be done with your data, but try not to give up “total control” of the learning that can be done by your very own personnel in the process, unless you have absolutely no capacity or a thorough cost/benefit analysis shows it is better that you not build the desired capability yourself.
Q: Where do you think you’ll be in five to ten years?
HS: I’d like to start my own data analytic company. I, like many of my fellow thinkers, have come up with many ways to address issues that enterprises may pay to receive right now. However, the challenge that stops most people from making those ideas a reality is that the infrastructure that would allow the most customers to partake in the idea may not even exist yet. This happens a lot in cybersecurity. It is not uncommon for inventors to have to create the very demand signal that they themselves hope to satisfy with their commercial offering. As I am currently in government, it is illegal for me to actively pursue that path due to conflicts of interest. That said, I am always on the lookout for the environment to change in ways where I know my ideas will have the greatest impacts and, therefore, greatest chances of success and attraction of capital.
To start your career in cybersecurity, explore our two bachelor programs: management of cyber and information technology and cybersecurity. Either degree will be a good starting point for this exciting field.