In this monthly column, Defense Daily highlights individuals from across the government, industry and academia whose efforts contribute daily to national defense, from the program managers to the human resource leaders, to the engineers and logistics officers.
Jim Coyle is the U.S. Public Sector CTO at Lookout. Coyle had worked in cyber knowledge and expertise positions for over 20 years and now uses it to help close the security gap many government agencies and organizations face. Coyle is currently responsible for leading the charge for the greater US Public Sector community, to re-design and revolutionize cyber security programs of customers to battle today’s threats.
How did you get involved in the defense industry or community?
You could say I was born into a sense of duty, as working within the defense community runs deep in my family. Both of my parents previously worked for intelligence agencies, and I have several family members who served in various armed services during World War II.
Growing up, I always had an interest in working in the security field. I realized early on that obtaining a job in security is quite difficult, as most organizations require a certain level of experience—even for entry-level positions. My first job in the field was a rather unconventional start; I worked for a popular hotel chain as a security engineer. After a brief stint outside of IT, I found my way back to my true passion, cyber threat defense.
My career journey of 20+ years has led me to the role of U.S. Public Sector Chief Technology Officer at Lookout, a data-centric cloud security company, where I’m dedicated to helping government agencies address mobile security concerns.
What are some challenges you faced working through your career?
One challenge I faced early in my career journey was a lack of professional leadership. Early on, I struggled to find a personal mentor. Whether I was trying to better my team or myself, I often felt like I was in competition with my peers and management rather than working as a cohesive unit. This helped me develop a proactive mentality that pushed me to build solutions or find resolutions to significant problems without being asked. This mentality has supported my career growth and enabled me to more efficiently navigate the standard red tape within the industry.
How do you work to be a mentor yourself to younger counterparts?
Time and advice are the two things I offer freely to any up-and-coming professional entering the cybersecurity workforce. For me, helping someone avoid a mistake that I made early on in my own career or helping them repeat the success that I’ve had is one of the most rewarding feelings. When you’re able to propel someone to success – even surpassing yourself – it’s a downright addictive feeling. As such, I always strive to make myself available to anyone who reaches out for advice.
What does it mean to be successful in your career field?
What defines success often looks different depending on your company or job position. In my current role, the ability to give government customers that “ah-ha!” moment that enables them to better defend our nation or solve a highly complex problem is where real success lies for me.
Organizations often overlook mobile devices as a security threat. While many agencies have protocols in place to defend against traditional desktop malware or server attacks, far fewer have protections for mobile-centric attacks or are aware of how mobile devices serve as the initial entry point to cyber breaches.
It’s a big “aha” moment when they realize just how big a role mobile devices play in their day-to-day operations and how quickly attackers can compromise credentials and sensitive data based on advanced phishing and social engineering tactics.
Another “aha” moment I’ve seen is around election security. Many attackers are using SMS text messages that election campaigns are using to reach constituents to phish victims. Fake links can be hidden in simple messages posing as election candidates or information on polling locations or voting times. Once a victim clicks the fake link, they’re led to a website that tricks them into entering their username and password for an account, where they may inadvertently download malware or surveillanceware, giving criminals a back door into government systems housing private voter and citizen information or allowing attackers the opportunity to steal money.
Helping agencies understand these threats and how they can combat them to better serve constituents and carry out the mission is what makes this job worth doing.
What are some of the under-appreciated positions in the defense field, the unsung heroes or essential cogs in the machine that help the job get done with less recognition?
While everyone has an important part to play when it comes to securing our nation, we should spotlight the researchers and analysts who often don’t get the recognition they deserve. In many cases, they’re faced with the darker side of life, tasks that go beyond looking at code or software and impact human lives. They may work as many as 18 hours a day with as little as four hours of sleep. This strain takes a toll on them mentally and physically, and we’ll never know about most of their successes.
It’s important we provide these individuals with the support they need. While recognition is important, we also need to hear from them regarding what they would deem most helpful. Sometimes, that’s as simple as having someone to talk to about their struggles.
How has the culture changed around diversity within your career?
The biggest takeaway I’ve noticed throughout my career is the increase in the inclusion of women in the defense and cybersecurity field. There is, of course, still much work to be done across the board, but I can remember growing up witnessing my mother being passed over for jobs or having issues with upper management solely because of her gender. Now, friends and family of mine in the industry are working in those very positions my mother struggled to get into. While those challenges haven’t been eliminated, there has been significant progress.
I’m grateful today to be working with a company that values every individual equally and gives them the recognition they deserve.
What is your advice for new entrants to the defense/military community?
It’s imperative for new entrants into the field—or anyone interested in learning more about it—to find mentors early on. The first step, and the hardest for many, is reaching out to your network and people within the community and asking. If you just ask, you’d be surprised at the resources and people who are willing to help you succeed.
Often, I’ll give advice to and have conversations with recent college graduates because the people in my network reached out to me.
Additionally, gaining that initial experience before entering the workforce is important. There are so many more programs and classes available to gain experience now than when I first entered the industry.
One of these is the SFS (Scholarship for Service) program, which provides funds to universities for student scholarships in support of education in cybersecurity-related areas. Selected students are awarded a scholarship for up to three years. In return, recipients agree to work for the federal government in a cybersecurity position for the length of the scholarship, meaning students receive both an education and employment.
Another resource is the CCDC (Cyber Collegiate Defense Competition), where students can test their cyber skills in protecting network infrastructures against industry hackers. This is a very fast way to learn exactly what to expect in the cyber field once students graduate college and enter the workforce.
What do you see as the future of your sector in national defense?
The role of cybersecurity will become even more critical as the digitalization of government and our daily lives increases. Cybercriminals are actively targeting agencies with evolving tactics and threat vectors, looking to harm our nation and citizens. This threat will only increase in the coming years.
This year, we’ve already seen how cyber and traditional defense are starting to blur lines when it comes to hunt-forward operations, defense of weapon systems, citizen-facing government systems, critical infrastructure and hospitals. With sectors becoming increasingly entwined and interconnected, the human element of national security has never been more crucial.
Today, it’s more important than ever to protect our citizens from the advanced cyber threats aiming to steal credentials and disrupt daily life, especially those targeting mobile devices. 60% of mobile devices run on vulnerable operating systems. Moreover, 2023 saw a record number of mobile phishing attempts targeting enterprise users, with 2024 and beyond shaping up for an unprecedented increase. Because mobile devices contain so many endpoints, adversaries can easily gain access to devices and the data within them. Entire chains of vulnerabilities within both apps and operating systems make it increasingly difficult to track these vulnerabilities.
That’s why Lookout is working with agencies to identify and address these gaps. By adopting a comprehensive mobile security strategy and mobile threat defense solutions, agencies can proactively combat these sophisticated cyberattacks, proactively hunt for unknown threats and close the mobile security gap to ensure citizens are protected
Who are the Force Multipliers in your community? Let us know at [email protected].