A Career in the Secret Service: What it Takes
We asked Kevin Sanchez-Cherry, IT Security Specialist within the agency's Information Security Operations. In this exclusive interview, Sanchez-Cherry discusses:
Sanchez-Cherry is an IT Security Specialist for the United States Secret Service's Information Security Operations sub-division and is responsible for leading the Secret Service's Certification and Accreditation (C&A) Program and Information Systems Security Officer (ISSO) Program. He also assists in the management of the enterprise Information Assurance (IA) Program for the Secret Service.
Prior to joining the Secret Service in 2006, Mr. Sanchez-Cherry served two years as Principal Security Specialist with the Department of Commerce's Office of IT Security, Infrastructure and Technology (ITSIT), and was responsible for monitoring the agency's operating units' compliance with Federal and Department IT security requirements, laws and guidance.
TOM FIELD: What types of careers are available for information security professional in the Secret Service? We will find out today. Hi, I am Tom Field, Editorial Director with Information Security Media Group. I am talking today with Kevin Sanchez-Cherry, IT Security Specialist with the Information Security Operations of the U.S. Secret Service.
Kevin, thank you so much for joining me today.
KEVIN SANCHEZ-CHERRY: Thank you, Tom.
FIELD: Just to start out, why don't you tell us a little bit about yourself and your role please with the Secret Service.
SANCHEZ-CHERRY: Well, I have been with the Secret Service for just over three years in the Information Assurance Branch, and under the CISO I am responsible for the management of our certification and accreditation program, which is daily management of our C&A compliance with the Federal Information Security Management Act as part of the Homeland Security Department. And I also oversee and manage the information systems security officer program, which provides guidance to our staff, and they are our front line protection for our IT systems.
FIELD: So, Kevin, for information security professionals that are interested, what types of careers are available to them in the Secret Service?
SANCHEZ-CHERRY: Well, the Information Assurance Branch has information security operations people, they have FISMA compliance people like myself, network security specialists, infosec training and even some information security research and development people. So we are always looking to hire the best and brightest.
FIELD: Now there is an awful lot of talk these days about cybersecurity, talk about FISMA reform even. Where do you see the biggest areas of growth to be for professionals entering the field and entering the Secret Service?
SANCHEZ-CHERRY: Well, thanks to the backing of President Obama ... cybersecurity has gotten a bigger foot up, and the compliance and probably even information security training are the biggest areas right now.
FIELD: Give us an insight, Kevin: What are the baseline qualifications for an information security professional that wants to join the Secret Service?
SANCHEZ-CHERRY: To start with, a good understanding and knowledge of federal laws and requirements, especially the guidance coming out of the NIST, and a good strong commitment to get the job done.
FIELD: Give us a bit of insight on the hiring process Kevin. What do candidates have to be prepared to face as they go through the process of joining the Secret Service?
SANCHEZ-CHERRY: Well, our hiring is pretty comprehensive, but that should not discourage anybody. It just means that qualified applicants should look at a testing to the high standards that we use to fill our positions, and it can typically take about three months to be hired from the time an open position is announced. We are working hard to try and accelerate that, and once hired, all of our employees get a thorough background check before even reporting to duty, and they have orientation within the first week on the job.
FIELD: Now, Kevin, many of us, our exposure to the Secret Service is what we see on television or what we see in entertainment, and it might be glamorized. What are some of the myths and realities of a career in information security in the Secret Service?
SANCHEZ-CHERRY: Some people think federal government service is dull, long hours, high stress, but the reality is any job worth having is worth doing well, so that may mean hard work at times and -- depending upon the agency that you are at -- the stress levels could be high at times. But on the converse, there are rewards of knowing that you are helping for example to prevent an attack on your systems or that you have helped an agent to protect his detailee to the highest levels that the Service has; that is a good feeling. And with our dual mission, the job here is never dull. I would say everyday I walk through the door and see our name in the star on the wall there it just humbles me and makes me proud to be working for such an elite agency, to know that every day when I go home that I have helped protect the president or another foreign dignitary or secure evidence for criminal investigations. Knowing that my job makes a difference is all the reward I need to keep coming here every day.
FIELD: Now, Kevin, what did you do before you joined the Secret Service?
SANCHEZ-CHERRY: Immediately before here I was at the Department of Commerce in their Information Security Office, working also on FISMA compliance certification and accreditations, helping to ensure that all of the subcomponents were kind of keeping their systems secured to the highest levels that they needed to be.
FIELD: So, if you could boil it all down based on your experience having moved from Commerce into the Secret Service -- if you could offer somebody a piece of advice that might be considering a career such as yours -- what would you tell them?
SANCHEZ-CHERRY: That working for the Secret Service is the most rewarding work I have done since I started in information security 10 years ago. If you want a job in information security, I would say go for it, especially for the federal government and definitely here for the Service. Learn everything that you can and try to help others whenever possible, be open to new ideas, new ways of thinking.
FIELD: So one final question for you Kevin, for someone that has got the desire and wants to do exactly what you have talked about, what should be their first step? Where should they turn first to at least look into the process if not initiate it?
SANCHEZ-CHERRY: Depending on the experience they have, if they are just coming into information security, try to gain as much outside experience as you can, initially in IT, but if you can do any kind of other, even if it is volunteering helping secure systems at a local school or a local charity, something along those lines, just something that you can do to help you get an understanding as well as reading through and kind of getting an idea of the various laws, like the FISMA law and some of the NIST guidance.
FIELD: And then if they are specifically interested in the Secret Service, where should they go for a job query?
SANCHEZ-CHERRY: USAjobs, and we post our positions there and on occasion, I believe, the local newspapers.
FIELD: Very good. Kevin, I appreciate your time and your insight today.
SANCHEZ-CHERRY: Thank you.
FIELD: We have been talking with Kevin Sanchez-Cherry with the United States Secret Service. For Information Security Media Group, I'm Tom Field. Thank you very much.