From Helpdesk to Homeland Security to State RAMP PMO: Shea Simpson Reveals How the C|EH Certification Filled His Technical Knowledge Gap

Shea Simpson

Title: Senior Information Security Analyst
Company: StateRAMP PMO (Knowledge Services )
Country: United States

Shea Simpson has had an impressive ten-year career in IT, rising from helpdesk support to Director of IT services before transitioning to cybersecurity. With years of experience as an information system security officer for various government agencies and corporations, Shea was well-versed in the field, but he still felt a gap in his technical knowledge. That’s when he turned to the Certified Ethical Hacker (C|EH) certification and unlocked a whole new world of hacking and penetration testing. As Shea explains, the C|EH led him to expand his knowledge base and seek out more experiences to learn about pen testing. In this interview, Shea reveals how the C|EH helped him bridge the gap in his cybersecurity knowledge and how it can do the same for others looking to enter the field.

Is C|EH Worth It?

I went out and got my Security+, and I got my CISSP. And then, I surveyed the landscape to see what was next? What did I need to know? And I realized that there was a gap between what I knew about it and what was relevant to cyber in terms of technical aspects, so I landed on the C|EH as the next logical step. 

Tell me about your journey as a cybersecurity professional. 

My name is Shea Simpson, and I am a Senior Information Security Analyst at StateRAMP PMO. My background is ten years of IT experience, starting with the helpdesk and working up to Director of IT services. And then, I switched to cyber and got about five years of dedicated cybersecurity experience.

I got into the industry by bothering people. So, my friend recommended me as a potential hire on government contracts to a government contracting firm. And so, I called the hiring manager of that contracting firm every two to four weeks for about four months to put me on contract. And then, I was an information system security officer for the U.S. Department of Transportation for a couple of years. And then, I moved to the Department of Homeland Security, the U.S. Postal Service, and Capital One, and now I am at StateRAMP PMO.

My career aspirations right now are to become the director of the StateRAMP PMO because StateRAMP has a great mission to help protect state and local governments from cybersecurity threats. I want to be a part of that and help the country. So, I think being the director of these different PMOs is one way to do that.

What caught your attention about the C|EH program?

So, I already knew a lot about cybersecurity about protecting systems just because of what I needed to do in my IT career because that’s when, before cybersecurity got broken out, it was just a part of it. And so, after I got my first dedicated cyber job,

I went out and got

a couple industry certifications. And then, I surveyed the landscape to see what was next. What did I need to know?


And I realized there was a gap between what I knew about it and what was relevant to cyber regarding technical aspects, so I landed on the C|EH as the next logical step.

How did the C|EH benefit your career? 

I do not have a technical degree. My undergraduate degree was a Bachelor of Science in Psychology from Louisiana State University—Geaux Tigers! And I have the technical skills and the knowledge, but I need a piece of paper from an institution that says, hey, this guy studied with us. And the C|EH, for me, is that piece of paper.

After I got my C|EH, it was my introduction to the hacking and penetration testing world, so I sought out more pen testing learning experiences.
I played around with catalytic some. I got another pen-testing cert, and I was able to expand my knowledge base, so the

C|EH is kind of the front door for me into a whole world and body of knowledge that I wouldn’t necessarily have gotten experience with had I not gotten the certification.

How recognized is the C|EH in your organization and the industry? So, in the industry, C|EH is very well known.
Everybody knows what the C|EH is if you’re talking about it. It helps to put those three letters after your name and your signature block.
In my organization specifically, it’s well known. I have a co-worker who’s studying to get his C|EH right now.
The director of the PMO is a Certified Network Defender, which is another EC-Council certification.

So, the EC-Council certs are a well-known thing and a benefit to us.

What was your favorite part of the C|EH program? Please explain why?

Alright, so I’m not a Bootcamp guy. But for the C|EH, I took a five-day boot camp, which was awesome.

The C|EH instructor knew his stuff.
And he not only, you know, communicated the information that we need to know to pass the exam, which he did. He also walked us through a penetration test from beginning to end.

It was awesome. We got a lot of, you know, vulnerability, discovery, identification, exploitation, post-exploitation stuff. SQL injection, remote code execution, a man in the middle, it was fabulous.

And that was my favorite part of the whole thing. The Bootcamp was great, and I’d highly recommend them.

Do you attribute any part of your success to EC-Council? If so, do you have a message for the team at EC-Council?

So, I attribute a large part of my success to the certifications I hold. I have 11 of them right now. And that helps not only to get me past the HR gatekeepers and into the interview room, but it also has made me an expert on cybersecurity, cloud security. And for the EC-Council, people, you know, keep improving the exams, keep upping the ante on what’s required. I never took the C|EH practical. I think that would be fantastic for you and me and the industry. So, you know, keep up the good work. And thank you very much for allowing me to participate in this interview.

Did C|EH help you give back to the community in any way whatsoever?
Yes, I was able to mentor a graduating class from a cybersecurity boot camp

and what they needed to do next to get into a cybersecurity role and what they should do in bettering themselves skill-wise to become better cybersecurity professionals. I always tend to speak to several people who want to get into the cyber industry or just start and help them navigate those kinds of tumultuous early first years, where you don’t know nearly as much as you need to know.

How has the C|EH certification impacted you?

So, unless I’m around professional pen testers or legit hackers that speak at DevCon every year, I tend to know more about how to exploit information technology systems and software and make them do things that they’re not supposed to do that I want them to do. I know what the vulnerabilities are and what the CBS score is. I know how to remotely execute code onto systems and things of that nature. So, it helps if you’re in the security industry to know how to do that because, at the end of the day, that’s what you’re there to protect against.

Become a
Certified Ethical Hacker (C|EH)

"*" indicates required fields


Is CEH Worth It?

Facts of Certified Ethical Hacker (C|EH):
Reported by Thousands of Seasoned Cybersecurity Professionals in CEH Hall of Fame 2023.

Certified Ethical Hacker (World’s No.1 Ethical Hacker Certification)

C|EH is used in 7 of the Fortune 10, 47 of the Fortune 100 across many cybersecurity functions, making it a de facto standard in both the public and private sectors.

Certified Ethical Hacker