Jessica Gulick (Erin Williams/Virginia Tech).
Jessica Gulick ’07 has become a leader in the world of cybersecurity by revealing the team-based nature of the profession and using that insight to make it better.
In doing so, Gulick is demonstrating that core Hokie values—teamwork, competition, and service—go a long way toward making a difference in the world.
Gulick, president of the Virginia Tech MBA Advisory Board from 2015 to 2019 and a self-described “growth hacker,” is the founder and CEO of KATZCY, a consulting firm based in the D.C. area that helps cybersecurity experts grow their companies, professionalize cybersecurity functions in organizations, and accelerate market entry for cybersecurity talent and solutions. She’s vice president of the national board for the Women’s Society of Cyberjutsu, a national nonprofit that empowers women to succeed in cybersecurity.
Gulick also serves on the leadership team for Wicked 6 Cyber Games, an esports competition in Las Vegas. Competitions like Wicked 6 may well become an important way to identify and recruit emerging talent in the field.
“When you look at the workforce problem that we have in cybersecurity, it takes a good five years for any individual who's getting into a cybersecurity job to really be valuable for the company,” Gulick said. “What games do is that games provide hands-on training. It’s seeing what it feels like to have to be under the pressure of an attack, and seeing what it is like to work as a team.”
That team element is crucial for doing cybersecurity in a real-world setting. Wicked 6 and other competitions simulate that environment. With the rise of esports as a recognized activity sanctioned in a growing number of high schools, these competitions provide a great place to cultivate and recruit talented students.
“A lot of people think they think of cybersecurity as an individual sport, not as a team sport,” Gulick said. “A good cybersecurity team is a team. They know how to communicate. They know strengths and weaknesses of the other 10 team members. They know when to put which skill to use to either defend or attack. And so the beauty of that is, when you look at interacting with games, then you start to understand, wow, this makes people sharper, more aware, better team players, and better at communicating what they see.”
The ability to work on a team of individuals coming at a problem from a variety of personal and disciplinary backgrounds is a vital element for people to thrive in today’s work environment, whether in cybersecurity or any other field.
“The technological environment we’re all operating in needs new ideas and different ideas in order to help us secure it,” said Roberta “Bobbie” Stempfley, director of the CERT (computer emergency response team) Division at Carnegie Mellon University’s Software Engineering Institute, and a friend and collaborator of Gulick’s. “What we found in real life and competitions is when you put together a team that works well together but comes at the problem from different ways, you’re better at overcoming the problem in a rapid manner.”
The team environment also produces talent that’s attractive to company recruiters.
“Lots of times when people come out of academia, they don't have real-world experience,” said Paul Farrell, CEO for Nehemiah Security Inc. “Jessica’s competitions give these students real-world examples to compete with other students. I’ve watched them; they’re bright kids. They answer relevant questions on current topics in our industry, like, ‘If you’ve been breached, what’s the process that happens from there?’ That is significant because, more and more, getting people with real world experience is extremely valuable.”
Gulick’s involvement with Women’s Society of Cyberjutsu gives emerging talent another layer of support as they move from taking classes to engaging within their profession. That involves encouraging not just individuals with technical skills like writing code, but also those with other so-called “soft” skills.
“I do cybersecurity because it makes a difference,” Gulick said. “When you do cybersecurity, you’re protecting others. It’s making a difference with your life, and these young women need to hear that. They also need to hear that it takes all kinds. I'm not a coder, and too many of our kids, even today, are told you have to be a good coder to go into cybersecurity. You don’t.”
Gulick began in the cybersecurity profession soon afterSept. 11, 2001. She took a job with ManTech supporting the U.S. Department of State and managing its computer systems’ vulnerabilities. She developed policy proposals and systems to measure the performance of cybersecurity programs.
From there, Gulick went to work for Science Applications International Corporation (SAIC), a government contractor that employs more than 20,000 people, where she spent a decade. During that time, she began pursuing an MBA at Virginia Tech, “and that changed everything,” she said.
In the middle of her pursuit of that degree, she took over SAIC’s marketing program. She tripled its size and began to focus on cyber competitions, both as a way to market the company and as a recruitment tool.
“It was at that point that I realized that I had a passion for growth and marketing and strategy,” Gulick said, which led her to establish KATZCY in 2015.
Cybersecurity marketing can be tricky, both in terms of figuring out where a company fits in the industry, but also in communicating that effectively to consumers and the company itself.
“A lot of times in cybersecurity, you have startups or small businesses have really smart engineers with brilliant minds, but they don’t always understand that buyers need to understand what they’re getting in terms of value delivered,” Gulick said. “I have to actually see the tool or talk to the people that are delivering the service to really get a better idea of where they fit in the market. We kind of blend being a marketing agency and consulting firm.”
Farrell’s Nehemiah Security firm has benefitted from Gulick’s work.
“She is a master of her profession,” Farrell said. “She knows it cold. She knows the people. She’s very knowledgeable about everything—from a marketing standpoint, from a cybersecurity standpoint. People think marketing is marketing, but it’s not. You’ve got to have unique skills about how the audience thinks.”
Or, as Gulick puts it, “you have such opportunity in the cyber market because the cyber market allows you to be fun. It allows you to have a tone, allows you to have a personality. There’s a lot of fun things you can do in cybersecurity that you couldn't do in the financial industry, for example.”
Peter Clay has worked as an information security professional for 25 years, including three as an advisory for KATZCY. He said he loves walking potential clients around at San Francisco’s RSA Conference, an annual event in the cybersecurity field that draws tens of thousands of attendees. He shows them around the conference floor, where he estimates that Gulick has been involved in one way or another with about 20% of the projects on display.
“There aren’t very many people that have the MBA and can speak business, but also have the experience and the chops to speak cybersecurity,” Clay said. “Those are very, very different disciplines. It’s really, really important to have her ability to kind of figure out and be able to bridge those two worlds.”
Again, Gulick’s talent when it comes to cultivating teams has been a driving force in her success—even with her own company.
“Jessica really focuses on helping everybody on the team contribute and helping them bring their best,” said Stempfley. “It’s really fascinating. She creates that situation where even the most quiet and subdued individuals on the team still get to shine. She converts ideas to action.”
Gulick continues to create, to innovate, and to cultivate the next generation of talent in the cybersecurity field. Her advice for others is straight-forward:
“No fear, no fear. Just persevere,” Gulick said. “It’s not about perfection. When you’re starting out, go deep first: develop expertise in an area, and then broaden out from there. And develop your personal brand, your online identity, whether it’s LinkedIn or writing a blog.”