Air Force Vet Achieves 20-Year-Old Goal: Earns Pay Raises, Promotions, and Moves from IT to Cybersecurity -All thanks to the Certified Ethical Hacker Certification (C|EH)
Company: ISPA Technology
Degree: BAS Information Systems Engineering Network and Security
Country: United States
Rob Barnes, a former Air Force IT specialist, recently revealed how obtaining a Certified Ethical Hacker (C|EH) certification helped him achieve his 20-year goal of working in cybersecurity. Barnes started his cybersecurity journey at a cyber training range that hooked between several bases. His passion for pen testing grew, and he decided to pursue a C|EH certification. The certification helped him stand out in the market, win quarterly awards for his unit, and eventually land his desired job within one week of submitting his resume. The C|EH certification also helped him renegotiate his salary and reach his career goal after two decades of hard work. Read on to learn more about Barnes’ inspiring journey to success in cybersecurity!
Is C|EH Worth It?
Tell us about your journey as a cybersecurity professional.
I have been doing cybersecurity for about 23 years now. I started my cybersecurity journey in 1999, when I joined the Air Force. It was fledgling for the information assurance and cybersecurity realm at that time.
Everybody remembers Patch Tuesday. It was pretty much, “Hey, grab some patches from Microsoft or whatever vendor and throw them at your system.” Nobody took the time to analyze and do them. They just trusted the vendor to say that this patch is good to put on our system.
But through the years, technology has advanced rapidly, and businesses, corporations, and the military have leveraged that technology to become more efficient and effective. But with that newer technology comes more exploits, attack services, and vulnerabilities.
That’s how I fell into the cybersecurity realm. Once the focus shifted to securing networks and systems, it became the forefront of the military and my career.
I am a Microsoft Exchange Active Directory, Citrix, and VMware subject matter expert. I engineer VMware solutions, Citrix solutions, exchange solutions, and administer them. I have information assurance and cybersecurity experience tied in with it because they all overlap, are overarching, complement one another, and you must have a secure environment to run effectively.
I’ve also learned about the different types of accreditations through the years. I am presently working on the risk management framework process. So the C|EH has put me in this realm as well. It has helped me out.
At present, I am retired from the military. I did 20 years and four months, and I am now a contractor with a company for the military. I didn’t stray too far away from that environment. That is where I started, how things came to be with the cybersecurity realm, and how it became part of my everyday job.
How has the C|EH benefitted your career?
We had yearly evaluations. I got higher marks than most because I worked hard and got the extra education needed to fill the additional blocks and round myself out.
It’s helped me out in that way.
I was introduced by the pen testers on the close test range. They didn’t go too far in-depth with their tools.
Through the years, I looked at more tools and then started understanding how they work, what they do, where you would employ them, and how to use them to secure your network and look for vulnerabilities.
What caught your attention about the C|EH program?
What caught my attention was about five or six years into my IT career in the Air Force. We had a cyber training range that hooked between several bases. It was a closed network, and it was training. They brought in red teams to attack, and we would have to defend the network.
They brought that in to show people that these are the exploits, what attacks look like, how you should defend, and what you’re looking for. When all those training exercises on the ranges were going on, they mentioned that this is an actual career track that you can do, a certification. They started talking about pen testing and then showed us the tools and techniques they used. That’s where I got my first taste of it.
When I got to my last final base, I worked with a guy, a computer programmer, who was really into pen testing. We started talking about the different tactics, techniques, and procedures (TTP), ways to exploit, and other pen test stuff. He helped me out, and I helped him out, and he mentioned that you should get your C|EH.
So I went ahead and got my C|EH. That is how I got involved with it.
The C|EH is recognized in the Department of Defense (DoD) as there’s a DoD initiative called DoD 8570 Cyber certified workforce.
It is one of the multiple levels inside the DoD, like information assurance manager, information assurance technician, the pen tester, etc. So it is recognized and required for whichever track or level you pick.
There are multiple avenues or lanes inside DoD you can go to utilize the C|EH. You’ve got the attack, defense, and cyber protection side. So it can be utilized in any one of those to meet 8570 requirements.
I can’t speak on the corporate side of the world, but I know for the DoD, that’s how it has played out.
It took one week from giving them the resume to getting hired, and it is a great job.
It also helped me renegotiate my salary. I went back to my company and was like, “Hey, I’ve got my bachelor’s. I’ve got these eight other IT certs, and then I have my C|EH.”
These are not just generic but rather vendor-specific certs. I was like, “I’d like to negotiate,” and I got the salary I wanted. I reached the goal I set for myself 20 years ago.
It also rounded out my skillset and allowed me to get into leadership and project management positions when it was time to do cybersecurity items planning, securing the network, and securing the servers.
When I learned the risk management framework process, there’s step three, which is the security control traceability matrix (SDTM), with a bunch of IA controls, that allowed me to talk with the validator to say, “Hey, this is how we’re going to answer this and here are my results from the pen test I did to meet this IA requirement.” It helped discuss how we would move forward and pass that step of the risk management framework process.
I’m more of a hands-on type of learner. I prefer that more than auditory or visual. If I do it, it sticks with me better, i.e., being able to get in the labs and see the tools and techniques employed.
The outcome and the results were way better than any just lecture and power point or listening to a theory. There was a lot of material within those five days of the course. It can be stretched a little bit to a couple more days.
But if you focus on it for five days, it is good. I don’t regret taking this course.
Do you attribute any part of your success to EC-Council? If so, do you have a message for the EC-Council team?
The instructor at the venue I went to was fantastic. For every question I had, he broke it down into simple steps and explained things very clearly.
It helped the entire class understand.
He had in-depth knowledge, which was a significant contributor to my liking of the C|EH course. Also, I like that EC-Council hosts events like Hacker Halted because I attended that last year, and it was good. It keeps people abreast of the changing and emerging cybersecurity threats and changes.
So if I had something to say, I would say thanks for putting out a stunning course. It has been very beneficial, and I’m sure it’ll benefit more people when they decide to take it.
Did the C|EH help you give back to the community in any way?
It did, yes. While I was in the military, I did a youth group, and it was called the Sea Cadets. It was under the Navy, and by schooling, we took kids from 12 to 18. They had a full curriculum like you would in the military.
But then, for our area, I started introducing a cyber aspect of it, how it blends into the military side of the house because it’s not just boots on the ground anymore. Now it’s fully integrated with satellites and technology, different networks, cyber attacks, and defense.
And that’s the piece I started with them. I said, “Hey, look, here’s this toolset, it’s not just black and white. Now, there’s network attack, network defense, and then people attack us, people attack them.” So I started teaching them the fundamentals of how these things work.
This is even in the corporate environment, not just on the military side of the house. So that was one way, and they enjoyed it. And I was happy with it. I no longer do that program anymore. But I started it, and it’s still there. So it’s pretty good.
Another way I gave back was from my experience with the pen test world and the red team, blue team, and CPTs when I got my present job. This guy working there started getting interested in pen testing. I started talking to him about it and gave him resources, mentioned different tracks that he could do and job opportunities that were out there. I started guiding him on that path.
He’s taken off now, gotten several certifications, and started pursuing that pen test path and moving in that direction. He’s working on his bachelor’s. He’s doing the rest of the service he needs, and then he will probably move on to some good, exciting jobs within the attack and defend the realm. So those are the two best ways that it’s helped me get back to the community.
Certified Ethical Hacker (C|EH)
"*" indicates required fields
Is CEH Worth It?
Facts of Certified Ethical Hacker (C|EH):
Reported by Thousands of Seasoned Cybersecurity Professionals in CEH Hall of Fame 2023.
Certified Ethical Hacker (World’s No.1 Ethical Hacker Certification)
C|EH is used in 7 of the Fortune 10, 47 of the Fortune 100 across many cybersecurity functions, making it a de facto standard in both the public and private sectors.
Certified Ethical Hacker
WE DON’T JUST TEACH ETHICAL
HACKING WE BUILD CYBER CAREERS