On a work trip to the U.S., Australia native Brett White ‘21G met up with a buddy—a UNH alum—who took him to an ice hockey game.
“That was the start of a love affair with UNH Wildcats hockey that has lasted over 20 years,” White says.
So when White was looking for graduate programs in cybersecurity, he was very happy to see UNH at the top of the search results. The love for Wildcats hockey helped, but it was the focus and accessibility of the online cybersecurity policy and risk management (CPRM) program that led White to UNH.
“I have a technical background in cybersecurity, and I was looking for a program that would help me develop my understanding of the administrative side of cybersecurity to become a more well-rounded cybersecurity professional,” White says. “Most cybersecurity graduate programs include components associated with the technical side of CS, but I didn’t want to cover that ground again. The UNH program was the right program for me, as it was focused on cybersecurity policy and risk management at a much deeper level than other programs were able to offer.”
We caught up with White to hear more about his background and how the CPRM is bringing new knowledge to his role as a systems engineer specialist for Cortex, an AI-powered security operations platform, at Palo Alto Networks.
What sparked your interest in the field of cybersecurity?
I came to cybersecurity from a networking background. My first foray into cybersecurity was configuring firewalls and proxies to allow certain communications flows in the network while building secure networks at Telstra, Australia’s largest service provider. But this was done without much consideration as to why. Over time, I developed more awareness of the reasons behind what we were doing, of data breaches in the real world, and of the existence of cyber adversaries. From there, I developed an interest in the adversarial mindset – the how and why of what they do – and in helping customers defend their networks from cyber adversaries. As I saw companies getting hit with various cyber incidents, including data breaches, I came to realise that cybersecurity is very much about protecting people and their data. I now firmly believe that privacy and security is a fundamental human right that should be defended, and it has become my mission to defend it for as many people as possible by enabling organisations to defend themselves, their data, and the data of their customers, employees, and business partners against cyber adversaries through a threat-informed and ever-evolving cybersecurity posture and risk management program.
"I’ve come to realise that there is a symbiotic relationship between all aspects of cybersecurity – the technical, the administrative, and the physical. If any one of these aspects is weak, it impacts the over security posture of the organization."
What was your favorite part of the CPRM program?
Some of my biggest takeaways from this program were not from individual courses or topics that were covered, rather they were from the consistent themes or threads that were interwoven across the entire tapestry of the CPRM program. This, in my opinion, is where a graduate program sets itself apart from individual courses or certification programs. Individual courses present topics in isolation and don’t allow the student to see and understand how different topics are interrelated and influence each other as part of a comprehensive cybersecurity risk management program. It is only when you bring all of these topics together under a well-planned and comprehensive program that you can truly understand and appreciate these interrelations – or the interconnected nature of the topics – and how they can support or undermine each other in establishing an organizational cybersecurity posture and risk management program. As such, I would advocate for a graduate program every day of the week.
How does what you’ve learned in the CPRM program apply to your career?
Over the past few years, I have come to understand that cybersecurity is not just a technology problem. If it was, organisations would simply deploy the latest and greatest technology, and the problem would be solved. But, with the ever-increasing number of breaches, this is clearly not the case. I’ve come to realise that there is a symbiotic relationship between all aspects of cybersecurity – the technical, the administrative, and the physical. If any one of these aspects is weak, it impacts the over security posture of the organization. Therefore, for an organization to have a secure posture that allows them to prevent or detect and respond to cyber incidents, these aspects must work in unison and support each other. The cybersecurity policy and risk management program has made me more aware of the need for the technical and administrative sides of cybersecurity to work together to establish and maintain an organisation’s security posture. The greatest technology will not protect you if there are not policies and procedures to govern its use. By the same token, the best policies and procedures will not protect you if you don’t have the right technology in place to provide you with supporting evidence of their efficacy (or otherwise). It's this understanding that I can now take to my customers to ensure that we are bringing both their technical and non-technical controls to bear in the most effective manner, in order to develop and continue to evolve their cybersecurity posture and risk management programs in the face of an ever-changing threat landscape.
What was the most rewarding part of your UNH experience?
The CPRM program reaffirmed for me my existing understanding of the administrative side of cybersecurity, as well as developing it further and filling in some gaps that I didn’t realise that I had. As such, I feel much more confident in engaging with customers across all levels of the organization to develop and evolve their cybersecurity posture and risk management programs. I think that the capstone project gave me the biggest confidence boost of all, as I was able to put all that I had learned into practice and write a white paper that I believe will truly deliver value to Small- to Medium-sized Businesses who are looking to engage in Cybersecurity Outsourcing in an informed and risk-aware manner. The feedback I received from my capstone committee has given me the confidence to pursue my paper’s publication and release into the public domain, which I am hopeful will happen this year.
Where do you hope the CPRM degree will lead you?
I hope that I will be able to make a move into Governance, Risk, and Compliance (GRC) Consulting or another role that allows me to have more consultative, strategic engagement with my customers going forward. I am looking forward to moving into a role that will allow me to bring all of my technical and non-technical skills to bear to deliver real and meaningful cybersecurity improvements for my customers.