Johnstown, PA October 25, 2024

Digital technology is now an essential part of nearly every aspect of our lives, making cybersecurity more critical than ever. From safeguarding computer systems and sensitive data to protecting vital infrastructure like electrical grids and water systems, security is paramount.

At CTC, our cybersecurity experts work tirelessly to defend both our company and our clients from cyber threats. But what exactly does a cybersecurity specialist do? In our 'Behind the Scenes' series, Michelle Ricci, Operational Technology Cybersecurity Specialist, shares her insights into the vital work of keeping us safe.

What sparked your interest in cybersecurity, and how did you begin your journey at CTC?

A few years ago, over lunch, a friend mentioned she was starting a cybersecurity bootcamp. Intrigued, I asked her to explain more, and what she described instantly caught my attention. I spent the rest of the day googling cyber-attacks and the fascinating methods used to exploit and defend systems. After months of binge-watching cybersecurity videos and immersing myself in research just for fun, I realized this was more than just a casual interest—it was a passion. I decided to take the leap and apply for the M.S. program in Cybersecurity Engineering at the University of Southern California.

After graduation, I came across the OT Cybersecurity Specialist position at CTC and it immediately piqued my interest. Operational Technology (OT) is the technology used to monitor and control industrial equipment such as heating, water supply, electricity, and other essential services. I applied and was thrilled to receive an offer. I have been working in the role for about two years now, and I’m loving every moment!

Can you describe a challenging cybersecurity issue you've faced at CTC and how you resolved it?

During a recent visit with a client, my team noticed that the process for managing keys needed improvement. The current method wasn’t up to date with the latest security standards, which could have left important systems vulnerable.

My team developed a new plan that included safer ways to store these keys, stricter controls over who could access them, regular checks to confirm everything was in its correct location, and training for staff to understand the new procedures. This made the key management process much more secure and ensured that critical systems were better protected.

What emerging cybersecurity trends or threats are you currently focused on within your role at CTC?

My main focus has been on the growing overlap between IT and OT security, especially as ransomware and supply chain vulnerabilities increasingly target critical infrastructure. Additionally, insider threats are a major concern, so I helped design the OT cybersecurity training to minimize risks from within. These efforts help protect systems and increase the overall security posture.

How do you stay up to date with the latest developments in cybersecurity, particularly in the context of your work at CTC?

I’m subscribed to daily email newsletters from trusted sources to keep up with emerging threats and best practices. I also listen to podcasts like Darknet Diaries and frequently visit cybersecurity standards websites including NIST and CISA.

What advice would you give to someone just starting their career in cybersecurity?

I would recommend embracing continuous learning by pursuing training opportunities and certifications, as the field is constantly evolving. It's important to stay informed by regularly reading industry news and guidelines from organizations like NIST. Being proactive in asking questions and proposing improvements demonstrates your commitment to enhancing security. Lastly, cultivating strong communication and teamwork skills will help you effectively convey complex concepts to diverse teams and stakeholders.

Cybersecurity can be a high-pressure field. How do you maintain a healthy work-life balance while working at CTC?

Setting clear boundaries between work and personal life is important. I dedicate time for exercise, hobbies, and fun activities. I also communicate openly with my team about workloads and deadlines, which helps us support each other and manage stress effectively. This balance allows me to remain resilient and perform at my best in my role.

What strategies do you use to disconnect and recharge?

I love exploring new restaurants and trying different cuisines. Spending quality time with my pets, especially playing fetch with my dogs, helps me relax. Additionally, I enjoy Pilates and indoor bouldering to stay active and clear my mind.

What’s something that many people might not know about you?

I really enjoy metal detecting! I like to detect at beaches, parks, and travel to new areas to explore.

I’m also an active member on the leadership board for Women in Cybersecurity (WiCyS) San Diego Affiliate. Many women, including myself, experience imposter syndrome, often doubting our abilities and contributions in a predominantly male industry. Being part of WiCyS has been incredibly empowering because it provides a supportive community where I can see other women thriving in their cybersecurity careers. Watching their successes reinforces my belief that I can achieve my goals too. As Head of Outreach, I organize events, attend conferences, and foster connections, which helps us all navigate our cybersecurity journeys with confidence and resilience.