Brad Rhodes has over 23 years of experience in cybersecurity with leadership roles in the federal, commercial, and military spaces. He holds multiple certifications and serves as an affiliate professor at Regis University. Dedicated to developing the next generation of cyber professionals, he coaches a CyberPatriot team and is a frequent speaker and mentor to transitioning military members. You can Brad on Twitter @cyber514 and LinkedIn.
How did you become interested in the military?
To be honest, I joined the military to pay for college. I had two choices: an Air Force ROTC scholarship or an Army ROTC scholarship. The Army ROTC scholarship was worth more money, so that is the route I went. My dad went through Army ROTC and flew helicopters in Vietnam, so I followed him into the same service.
I had hoped to fly helicopters like my dad, but alas I could not pass the flight physical with my poor vision. Thankfully, there was a home for me in the US Army Signal Corps where I could leverage my undergraduate degree and computer skills. It ended up being the best choice for my first Basic Branch.
Did your role in the military have any direct relationship to your current or previous roles?
My roles in the military have been oddly related to what I do today. I spent three years on Active Duty as a Signal Officer at Fort Gordon, GA. When I left active duty, I joined the Army National Guard as a traditional drilling (one weekend a month, two weeks a year) Soldier. I went to work in the civilian world as a Government Contractor supporting Army Space Command and then Air Force Space Command in policy and technology. After three deployments (Operation Noble Eagle after 9/11, Operation Iraqi Freedom (Kuwait/Iraq), and Operation Enduring Freedom (Afghanistan), I decided to try my hand at Government service in the Intelligence Community.
On or around 2013, a mentor approached me about moving into the Cyber Operations field in the National Guard. I jumped at the chance to get back to my true passion: cybersecurity. The National Guard afforded me the opportunity to tackle the professional certifications I needed to be successful in this field. Since I never say no to training opportunities – you never know when they will come along again (two more on my list before the end of 2020) – I was able to prove I had the “cyber chops”. This led to me becoming the first Federally recognized Cyber Warfare Officer in Colorado in early 2017. After a time, I returned to my roots as a Cyber Threat Hunter in my civilian job in 2017.
Of course, when you are serving in the National Guard or Reserves, you are never “out of the woods” when it comes to deployments. From early 2019 to February 2020, I was mobilized with my National Guard Cyber Protection Team (CPT) at Fort Meade, Maryland conducting real-world cyber operations. It was an amazing experience to be on the tip of the “cyber spear” and I know we made an impact on malicious cyber actors around the globe. While this deployment put a bit of a crimp in my civilian career, it gave me the opportunity to learn (hundreds of hours studying and several more certs), grow, and find my latest role as the Head of Cybersecurity at zvelo. At zvelo I work with an amazing Leadership Team and I have the privilege to work alongside two of the smartest cyber defenders I know.
Sadly, my military career is nearly over. It has been a wild ride over the last 23+ years. Three overseas deployments, two in the United States and luckily, in each deployment I did the job I was trained for, which has been rare in the era of the Long War. When I do retire, I hope I will have the opportunity to speak, write, and teach more. I have been lucky to do what I do for as long as I have and giving back is important – that is how we keep the cybersecurity community strong and connected.
What experiences while in uniform started you on the path to where you are now?
When I was a young Second Lieutenant, I was given two pieces of very sage advice. The first was: “No one cares about your career but you.” The second was: “When what you’re doing stops being fun, it’s time to stop doing it.” I am sure that resonates with many military members and veterans. I left Active Duty because it was not fun anymore, I grew tired of being someone else’s Officer Evaluation Report bullet. When I joined the National Guard, I did it to complete my ROTC scholarship service obligation. I honestly did not think I would be there 20 years later! The National Guard – especially Team Cyber for the last six years – has been another family to me! Affectionately, I would not want to serve with another “herd of nerds” across the 54 States and Territories. Thus, I have balanced a civilian job and military career for a long time – sometime successfully, other times not. I have probably cared more about my Army career than the military ever has about me.
On the second piece of advice, I have left a job situation – government service – when it was not fun anymore. I truly enjoyed the people I worked with in the Intelligence Community, but when it took months and months to integrate a free open source tool* to take things to the next level, I knew I was done. That is one of the hardest things to know – figuring out when it is time to find the next thing. Trust me, you will know, but it does not make leaving any less hard.
* Ironically, the tool that I fought so hard for actually stuck in the Intelligence Community and I got to use it again during my deployment to Fort Meade!
What did you do in the latter part of your service/while you were leaving the military that set you up for success?
I have never really left the military (as my wife and kids will tell you). Serving in the National Guard for the last 20+ years has allowed me to travel the winding path I have taken to get where I am today.
I have four DD-214s (Active Duty, Iraqi Freedom, Enduring Freedom, and Task Force Echo (cyber)), which means I have “transitioned” out of the military four separate times. Each time, I came home to a new role at work or completely changed jobs which was particularly challenging. The training and experience I garnered each time led me to my next opportunity. I have held four specialties in the Army in the past 23 years: Signal (communications), Space Operations, Information Operations, and Cyber Warfare. Each was a building block for the next – Signal kept in me tech, Space Operations gave me my Top Secret clearance and a shot in the Intelligence Community, Information Operations was my bridge into cyber, and Cyber Warfare has led to the pinnacle of my career as the Officer-in-Charge of Cyber Shield (National-level exercise).
All along the way, I have been afforded some amazing training and served with America’s best and brightest. I have led Soldiers in combat operations, and I was fortunate enough to bring all of them home. I will tell you this, I am by no means perfect. I have screwed up plenty (you can ask my superiors, soldiers, and peers), but I was lucky enough to have leaders underwrite my honest mistakes. I hope I have done the same for the soldiers I have been entrusted to lead. I still have not quite learned when to keep my mouth shut at times. I am not sure I ever will – but when I look back on my military service, I know I always tried to stand for the right thing even if it was to my professional detriment. And that is okay by me.
Looking back—did you do anything that set you back?
Looking back, I wish I had dived back into cybersecurity proper (in my civilian career and military) much sooner. That being said, I don’t regret the path my career has taken, and when I did circle back into the cybersecurity adventure, I had the experience and knowledge that helped me get the professional certifications and experience I needed. One thing I will say for sure is do not start with Certified Information Systems Security Professional (CISSP) as your first professional certification, that was crazy! While a bit backwards, it rekindled my deep interest in the field and helped me find my place.
Looking forward, I hope to start a doctorate program in the next couple of years. I believe that is the next logical step in my education. There will probably be some additional professional certifications along the way too. I think the only certainty is that I will keep on learning!
What are 3 challenges/experiences you’ve faced/had in your current role where you leaned on/used your military experience to help overcome?
Before starting at zvelo, I had spent much of my career in the government contracting and government service world working behind the “green door.” When the opportunity at zvelo presented itself, I jumped at the chance to join the commercial space (so I did not have to work in Sensitive Compartmented Information Facility (SCIF) on a daily basis).
In my current role, I have leaned on my background in Operations Security (OPSEC) to help protect my company’s proprietary data. For example, there have been times when I was able to advise blog writers to generalize items to protect our secret sauce.
In the military I think we all grow thick skin and learn to not take things personally. In the commercial space, I have discovered that is still useful. This is especially true when you are not the smartest person in the room – I am not that guy – and listening is the better part of valor. It can be tough when your project does not get top billing, but as the old saying goes “sometimes business is just business.”
Finally, I would like to thank zvelo for being a great place to work. Team zvelo has been super supportive of my continued service in the National Guard (along with my fellow Guardsmen and Reservists). If you make the transition out of the military and decide to keep wearing the uniform in the Guard or Reserve, make sure you find a civilian job home in a company that supports that choice. It is hard to continue to serve if they do not.
What sort of education and experience would a veteran need to either land your role or be part of your team?
In my opinion, transitioning military members should start with the basics. If you know nothing at all I recommend starting with either the Google IT Certificate (available via Coursera) or CompTIA’s A+ Certificate (great course on Udemy). You will find each of these learning opportunities will help to demystify the technology you probably use every day and wondered how it worked. If these two certificates are too simple for you, start with CompTIA Security+ or Network+ or EC Council’s Certified Ethical Hacker (CEH) certificate (the knowledge-based one, not the hands on “master” level). Keep on working your way up until you find something that is hard for you and you will know your limits. Then the real learning begins!
One additional thought here… Transitioning members should really look to become familiar with the desktop virtualization, the Linux operating system (especially command line), and basic coding with a language such as Python. This basic set of skills is pretty much a standard expectation of entry-level cybersecurity professionals.
What message would you like to send to employers on how to hire and get the most value from veterans?
For employers considering hiring veterans, I say take that chance – you will not find more dedicated team members. Whether or not they have the technical chops to start, they will bring the ability to plan, speak, lead, and learn. Veterans are really looking for a chance to find their place outside of the military. Veterans do well in structured environments with clear direction and chains of authority. That is not to say they are not creative. Veterans are excellent at solving problems and making magic happen with limited resources.
In my mind, retaining veterans comes down to two things:
First, provide them with training – especially in areas they are lacking or extremely interested in. Trust me, veterans are quite used to “mandatory training” but if that is all there is, it becomes tiresome. Related to this topic, actually send veterans to training (easier said than done with the ongoing pandemic) – so they can focus on learning (as opposed to trying to work and train or worse they spend their off-time doing it [to be honest, they will do that anyway]). If that is not an option, allow them to train outside of the workplace.
Second, let veterans go to conferences (e.g. Black Hat, DEFCON, BSides, and local ones). Veterans want to feel they part of something larger than themselves and attending a “con” does that. While not exactly standing in formation, getting a chance to network at a big-time conference is akin to a military planning event for the next big operation. Veterans want to feel valued and that their contributions matter. One last thought: veterans will contribute back what you invest in them in spades. I know this personally because I helped hire two veterans to join me at zvelo and I am glad that I did!
For more articles from The Pipeline, our series highlighting veterans in cybersecurity, click here.