Kimberly Mentzell is the Cybersecurity Program Manager for the Maryland Department of Commerce, a professor and the Program Manager for Cyber and IT at Frederick Community College, and an Adjunct Professor at Capitol Technology University. She serves on the leadership team for CSTA, on the Maryland Cybersecurity Council, the Advisory Board for the Frederick Tech Council, the MMC’s Steering Committee, and and is a member of YSIS. She also co-chairs for the Maryland Cybersecurity Educators’ Committee, where she works with government, education, and the industry to promote cybersecurity education and to build cyber curriculum.
How did you get into CS? When did you first become interested in CS?
I was in college actually; I remember being in college and finally having access to this big network, having a VAX account, and I just thought it was so cool that we got to play with this. I mean, I remember the world before the Internet; I would have loved to have had that when I was a child. There was Oregon Trail and that kind of stuff, and typing classes in grade school, but really my first compelling experience with computers was in college. I went to Loyola in Maryland and had the opportunity to hang out with some of the IT department guys who were doing the tech work there and it got to be very interesting to me. Having been exposed to it I always wanted to go back and take more tech classes, but I was already an accounting major and didn't have room in my schedule to go and specifically take a programming class. But even when I was still an accountant I was interested in consulting and working in IT; that always fascinated me. I find the problem-solving aspect of it to be really interesting, the fact that everything's digital. And you don't have to be an expert at mathematics or some kind of physics genius to really like IT; either you like it or you don't. Either way it's still part of your life, but if you want to devote your entire day to it is a whole separate question.
I've been involved in technology for over twenty years now; I was an auditor for two, then got into programming. I started off as a programmer for Association Management Software, worked there for several years, then I decided I wanted to get into education, so I went back and got my first master’s degree in Education. I still ended up kind of working in technology, because once they found out that I was tech-literate I was given tech courses to teach. Later, I became the IT Manager for the school as well, taught even more technology at Frederick County Public Schools- networking, cybersecurity, programming, Linux- and became a network engineer. In that period of time I was also the Network Coordinator, or the Technology Coordinator, for the school system as well. I started teaching college networking, hardware, and software classes around eight years ago as well. I have my CCNA for routing and switching; I have a CCNA in CyberOps, all still active. I have a MA in Net+ and Sec+ and I'm currently getting my third master's degree in Cybersecurity at University of Maryland, which should finish up this year. It's an ever-evolving process and you continually learn and do new things.
What are some successes and challenges that you have had along the way?
Twenty-some years ago when I started off, it was interesting being one of the only female programmers in my company. I was surrounded by all guys- and it was fun, I enjoyed it; we had a good time and they were very nice to me, but still. There was still sort of that, “Well, you're a female, you're not really into technology, you just stand here and talk about it, you don't really know it,” attitude, you know? People were very surprised when they found out that you actually programmed and whatnot.
As I eventually got into education, I had the same kind of experience. I had a lot of male students, and when I’d walk in some of them would be really surprised that I was the teacher- or even think that I was one of the students. Overcoming those kinds of barriers has been a challenge but it's been fun in a way, too, because I like the idea of getting to surprise people. In the same vein, I've had an opportunity to mentor a diverse variety of students, and getting to work with all those different perspectives has been awesome. Making CS welcoming and accessible, really looking at building equality and diversity is key, because we're in the process of stretching out and changing from a very white male-centric kind of industry. Working towards that has been an interesting aspect of my work, particularly at Commerce. I especially support the educational goals that we have here, and actually start some of those IT and cybersecurity initiatives myself, so it's been great to be part of that.
Do you have any advice for people who are interested in getting into CS?
Yes, and this is what I would say: if you want to go into cyber, you need to go in and get the basics first. Focus on getting your foundations. Don’t worry about getting the six-figure salary your first year out of high school or college; the important thing is to get experience, whether that be through an internship, an apprenticeship, an externship- whatever you can get your hands on- that would be the best thing. Of course take as many classes as you can, and yes, certifications are good because a third party is verifying what you’ve learned. But that extra experience is so essential to really be considered for a position in the field. So take that entry level position; take that help desk position; take those junior positions, because that's what you need in order to really build up your skill set and your experience in order to move on to different things that you’ll find more interesting. Opportunities are going to pop up that you can't even imagine at this stage, so relax! At the beginning, just sit back and learn everything you can; be like a sponge, suck everything in. You’re going to have a fantastic journey, it's just going to take time.
What do you have going on now that you are proud of, or excited about, or are looking forward to?
I like what I do now because, being the Cybersecurity Program Manager for Commerce, I get a 30,000-foot view of everything. I get to promote, develop, and foster cybersecurity throughout the entire state of Maryland, so I deal with everybody- in the commercial sector, in academics, and also with the government. It's very interesting as a management role; I still do some technical work, but I really get an opportunity to look at the strategy of how we're going to best move forward in the future with IT and cybersecurity specifically.
One of the things I do at Commerce is talk about cybersecurity and its impact across every single industry sector. Recently, we’ve heard a lot about the Colonial Pipeline attack and the attack on JBS (a meatpacking plant). Those kinds of attacks reinforce that cybersecurity really is everybody's responsibility. It’s no longer just siloed and put off on the IT department, it's extremely important in every organization. So we talk about everything from individual data care to good cyber hygiene practices in companies, all the way up to advanced cybersecurity topics. What's best for the business, for the industry; small, medium, and large businesses in all the different industries that they reside in. I work in agriculture and cybersecurity, I work with cybersecurity in manufacturing, finance, healthcare… it's so central in all these different areas, and looking at the geopolitical situation right now, it really is a reflection of how important cybersecurity is in our daily lives. So many people walk around with a computer in their pocket now, with a smartphone that collects information and locations and all that, so it’s important to be thinking about cybersecurity on a personal level. Fostering an awareness of cybersecurity is something I'm really excited about and mean to continue working on at Commerce.
Another thing I like about being at Commerce- and in Maryland more broadly- is that we get to work with clients from around the world. Maryland actually is considered an epicenter of cybersecurity! We have a number of very powerful cyber companies here, companies that have a huge impact at the national and global levels, and that industry presence gives us a front row seat to the newest applications, techniques, and software. We also have a very comprehensive academic environment here at University of Maryland, UMBC, UMGC, UMCP- UMD in general, all of the universities that are here. So we have a wonderful potential workforce here in Maryland as well, and that's also a huge attraction for people who want to start businesses or come here to work. They see Maryland as a place that has the culture and the community to support a growing industry; people want to be where the action is, and in cybersecurity the action’s in Maryland right now. We have all of our three-letter agencies right down the road; we're very close to Virginia. Right here in Maryland, Baltimore County, Howard County, Montgomery County- all of our counties, really- we really do have a strong presence.