Monsurat Ottun ‘06, ‘20 is the Assistant City Solicitor for the City of Providence where she works on a variety of legal matters, including cybersecurity. She also sits on the Mayor of Providence’s Muslim American Advisory Board. Monsurat majored in Human Development while a BC undergraduate and received her master’s degree in Cybersecurity Policy and Governance from the Woods College of Advancing Studies in 2020. As an attorney, she also holds a J.D. from Roger Williams School of Law.
Q: Can you briefly summarize how you came to learn about career pathways in cybersecurity?
A law school colleague of mine decided to get her Masters degree in Cybersecurity and talked to me about the program. She thought I might like it and she was right. Cybersecurity is an interesting field of study and absolutely necessary as we move forward into the world of technology. I was and am excited to learn all that I can about personal security and privacy and how these areas will affect so many aspects of our lives in the future.
Q: Please provide a high-level overview of major responsibilities (i.e., “day in the life”) of your work with the City of Providence. What is the most/least energizing aspect of your work?
My job responsibilities as they pertain to Cybersecurity involve building our security and privacy infrastructure, working with the different departments to create priorities and develop a system for efficient implementation. The most energizing aspect of my work is working with so many experienced SMEs in the field and leaning on their expertise to propel our goals forward. There’s never a dull moment. The least energizing is getting through some of the red tape when it comes to implementation. There will always be obstacles and challenges but sometimes it allows for opportunities to be creative and thoughtful in approaching our information security systems.
Q: What are some of the interesting / significant industry trends, challenges, and opportunities in the cybersecurity field as of late?
A growing challenge for municipalities is ransomware demands. It’s important that we are vigilant in monitoring and protecting our most important assets and having solid plans for incident response. As the saying goes, it’s not a matter of if but when. We have to be prepared for the worst. I’m always aware that there are potential threats on the horizon and my goal is to work towards becoming as resilient as possible so that we are not an easy target for these sophisticated hackers.
Q: What are some typical internships and full-time jobs in the profession, and how do they differ?
There are so many job opportunities out there from compliance consultants to data privacy interns to cybersecurity strategists and so much more. Each position requires a different level of experience and/or level of education/certification. Oftentimes, what is most needed are folks to be aware of new regulations coming out on a regular basis and determining how to be compliant with relevant laws or someone who can help develop an incident response plan. However, there are so many different aspects of security and privacy – there is risk management, governance, security engineers, and so on. It’s a continuously growing field and I’m sure someone looking to get involved will have plenty of options to decide from.
Q: What skills and aptitudes do you think are essential to be successful in your role? Do you have any ideas about how students can hone those skills, especially while operating in a largely “remote,” virtual setting for the time being?
I would suggest informational interviews and internships would be most helpful to understand the roles that are out there. On-the-job experience is the best way to get involved and build a skillset in these areas. Also, there are opportunities to practice on one’s own. There are books, online courses, practice devices, and so much more. I would recommend talking with folks in the field and then delving deeper into the aspect of security that speaks most to the individual.
Q: How would you say your Masters in Cybersecurity Governance and Policy informed your career direction? From whom do you recommend this program for?
My circumstance was/is a little different than most. While I was enrolled in the Masters program, I was already working as an attorney for the City of Providence. Upon earning my degree (and even before I completed the program), I took the initiative to propose a plan for a formal security program at my job and my employer was more than willing to grant me the opportunity to build up our infrastructure. So I work on Cybersecurity in addition to being a lawyer. I chose to also become certified in security management and privacy by earning the CISM and CIPP certifications. I am currently working on my CISM cert and then will work on my CIPP cert. It is not mandatory for my current role but I felt it would be beneficial and perhaps open up doors for me for the future. I think the most important aspects of engaging in this field are networking, building the proper connections, having a good understanding of security and privacy systems and governance structures/frameworks, and being willing to learn. It’s an ever-evolving field and it is not something anyone can do in a silo.
Q: What tips do you have for students to remain connected and knowledgeable within your industry?
I have subscribed to listservs like Krebs and US-CERT. I also subscribe to local listservs and am a member of both ISACA and IAPP. I am consistently receiving updates from all sorts of security and privacy groups and local ISACs. CyberSN is a good place for looking for cyber opportunities. Kevin Powers is a great resource for the Masters program at BC. I would say the best way to engage is to network and stay connected to folks in the field. I find that that is the best way to learn about and stay connected with potential opportunities.