[0:24] Set Your Goals and Make Them Happen

Rachael: Today, we pick back up our conversation with Maria Roat. She is the Founder of MA Roat Consulting and a former US Deputy Federal Chief Information Officer. Without further ado, let's get to the point.
Maria: Yes. I think that's a great point.

Because when you're setting strategy or anything like that, I often see, and I've done it myself that says in three years, we're going to get to here. We might zigzag to get there in three years. It's not a direct line, and having that ability to think in those business terms is just so invaluable.

Even as you have the technical, when you start moving into more senior management and leadership positions, you have to have that skillset too, to be able to say, "In three years, this is our plan and this is where we're going."
Year one is going to be this, year, two is going to be this, and year three is going to be this.

And we're going to keep building and do this thing. We might zigzag and we might have some failures along the way, but we have a target that's set. I think that's a great point about the technical folks who are always head down. You know what? People like that. They want to work in that environment and they'll do that their whole lives and their career. But if you want to move out of that, you have to be able to think a little bit differently in terms of those outcomes.

 

Taking Risks to Bring in New Talent

Rachael: Yes. I wonder if some responsibility lays with the industry here, Maria. Because it seems like you have this wonderful talent pool, particularly veterans. And I do keep reading that people aren't pursuing bachelor's degrees as much as they were. They're looking for more hands-on type technical roles, plus I couldn't imagine trying to pay for college right now as an undergraduate. 

On the industry side, it seems like there's a huge opportunity to really have focused programs, to take these valuable assets that are mission-focused and train them. They would be amazing employees and contribute huge value to the industry, but the industry has to open the door and understand the value and start taking advantage. Not take advantage, but you know what I mean.

Maria: Yes. I see it time and time again where industry says, "Well, I want this experience, I want that experience. Well, you're not going to get people with that experience that you're looking for unless you bring them in, unless you mentor them, and unless you train them. I see a gap sometimes where industry says, "Well, I'm looking for all of these qualifications," yet they're not going out on a limb to bring people in at the junior level. 

I have seen small businesses do that, bring in somebody who they were a gym teacher for half their career. Now, they're in the middle of their career, they have the aptitude and they're actually training her on cybersecurity, some different aspects of cybersecurity, some DevSecOps stuff. She's learning and they took a risk in hiring her. Why can't industry do more of that? I'm seeing that more with small businesses, being able to bring somebody in.

 

Focus on the Learning Process

Maria: I know there's an economics thing to it for small businesses. If somebody's got the aptitude, bring them in. They're going to train them and they'll get hands-on experience. But sometimes some of the bigger companies, they need to step out on hiring people who are not qualified or did something else in their careers and want to make a mid-career shift. There's a lot of onus on industry for standing up programs to bring in that mentorship, that technical mentorship per se, and bring people in at the junior level. 

I know I've had tons of success bringing some people in at much junior grade levels and put them on a career track and say, "If you do this, then we can promote you to this, and then we can promote you to that." Take a risk on that person that says, "Hey, you've done some of this experience. Here's what I need." You interview them and you think they might be a great fit. And then you work together to train that person even more and give that person more tools in their toolbox to do the job.

Petko: Maria, I'll tell you, I've personally hired interns and even junior individuals for security operations center. But I'll tell you, if you are an individual that's ever worked in a security operations center, either in government or in a cybersecurity vendor, you're automatically in demand.

As a cybersecurity vendor, we'll train people and literally a year later or less, they're like, "Oh, I've got a job here and it's double the salary." It's like, well, regardless of what I could do with your career, I can't move that quickly.

 

Create a Fun and Innovative Workplace Environment<

Maria: Yes. That's tough, and that's a risk from your perspective. You're going to bring somebody in and they're gone in a year. What's the incentive to keep them for longer than that? 

I always knew that if I hired anybody, if I had them three years, great, and then they moved on because they're going to make a lot more money in the industry. But what I did find is they were there for the mission. If you tie it to the mission, they stayed, and they wanted to stay a little bit longer before they went out.

There's somebody I know who absolutely loved what he was doing, but a couple of kids, economics played a factor, and he went off to work for one of the big cloud providers. While he's making a lot of money, he's not having as much fun and he's not seeing back to those outcomes; delivering for the American public, all those kind of things.

He's working on widgets and he doesn't have that sense of purpose and mission anymore. It's a risk bringing in people at the junior grade level because they might make more money somewhere else, but you got to look for them.

Petko: I would still do it again though, I'll tell you that right now, even if I had them for six months. One is, you identify how eager they are. And I found that I get innovation from the younger talent where they bring in fresh ideas the team had not considered. I would still do it, even if it's only six months.

 

 

[6:48] What Is Cybersecurity?

Petko: But I just want to highlight that I think industry tries to do a lot, but they're just moving so quickly in cyber. Literally, you go to the coffee shop, "Oh, you work in cyber? Do you want a job?" Literally, it's like that. The demand is so high, it feels like, in certain parts of cyber.

Maria: Yes. I think that's a great point. You talk about cyber, and what is cybersecurity? When you tell a high school student, "You could work in cybersecurity," well, it's so wide. That's a four-lane highway. 
What is cybersecurity? It's operations. It could be data. It could be forensics. There are so many, it could be architecture. There are so many things in that field. I think we need to do a better job articulating though, also as well, what cybersecurity is.

Because if you take somebody, like a good math student, and maybe they're a good troubleshooter, you can put them in with a security operations team. Being able to troubleshoot and do root cause analysis. An incident pops up. Well, how do you find out where that came from? Being able to do some of that stuff. I think talking about just the cybersecurity a little bit differently, too. "I'm going to go work in cybersecurity." Yes. But what? What does that mean?

Petko: Maria, I got to poke here on this one because I think it's interesting. Maybe I'm aging myself, but I remember when IT used to be IT or data processing, and then became IT, and then you had IT security, which eventually became cyber. And then you had a bunch of IT people that says, "No, I'm doing cyber."

 

Zero-Trust Engineer

Petko: They changed their titles because they wanted to add the word cyber. I kid you not. The other day, I saw an opening for a Zero-Trust engineer.
Maria: Interesting.

Petko: I was like, "Well, what does that mean?" Are they just now dropping the word cyber and calling it Zero-Trust?

Maria: Yes. Zero-Trust engineer, is it a network engineer? That could be a network engineer, depending on where you are in your Zero-Trust maturity level. Zero-Trust engineer could be a data engineer. 
I saw that, too. I saw that shift over time. Well, how much of your job do you do is cybersecurity? Well, if you're a network engineer, I think that's built-in. It's always been there, we just didn't call it that.

Rachael: That's hilarious. Zero-Trust, just right in front of everything these days.

Maria: Yes. Zero-Trust engineer.

Petko: I need a Zero-Trust cookie this morning, or a Zero-Trust coffee.

Rachael: That's amazing, I guess the other piece too though, and keep me honest here, Maria. I feel like there are more and more programs coming online though, for people to go get some training and figure out if this is something they may want to do. I don't know if people actually know about the myriad programs out there.

We were talking to the Johns Hopkins, Tony Dahbura the other day, and they have, although it's a master's program. But continue to hear more and more funded programs that will pay for you to learn the security and give you an apprenticeship or something like that. How do people find those? Or are you seeing the same thing in an uptick in terms of what's available to folks?

 

A Clear Platform of Information

Maria: I think there's a lot out there, but I don't know that it's always communicated. For somebody who's maybe not paying attention to what's going on out there, they need to know how to do the outreach, even to their local colleges. Even if they're not in school, their community colleges and others, their counselors, to be able to just ask the question about, what internships are available? Because not everybody's on LinkedIn, especially if you're a junior in your career. You don't know who to follow or what to do, but being a little bit more hands-on.

I think the hard part around networking, I think there needs to be more engagement at the high school level to be able to share information about where to go. I can't speak for the guidance counselors and what information they're sharing. But boy, they ought to have a big

I know with Instagram and TikTok and all that kind of stuff, I don't know that that's the right venue for hitting some of this stuff. Sometimes you just need to hit it at the source, which is the high school, and working through the guidance counselors. How do you get more industry people involved in getting the information out there about the free opportunities and the internships and stuff like that? 

 

The Opportunities an Accessible Information Can Provide

Maria: In Frederick County, where I live, there's a whole tech community here. But I don't know that at the high school level or the more junior level that people are engaged from that perspective. You have companies that are a part of it and they bring their people along,

Rachael: Yes. That's a really good point.

Petko: Maria, I do remember though, some vendors out there had partnered with lots of high schools across the country where I think it was by the time you went to college. You were certified in network administration by these vendors. They were providing labs and resources to the local schools, so they could do some of this.

Now, it was very school-specific. Not all high schools had this, but I think they tried to do that and definitely got some value out it. I think you're right, though. We probably need more of a, how do we educate them earlier? Because we want them to go to college at the same time, too. We don't want them just to get the certificate and then not go to college.

Maria: Yes. There's a couple of programs I had seen where they were reaching out to more inner-city schools and kids who might not have an opportunity to go to college otherwise. But they would give them hands-on experience, place them at companies at no cost to the,

I'll call them the kids, young adults. At no cost to them. But not only were they learning technical at the companies. 

 

[13:07] A Head Start Wins Race

Maria: A certain percentage of their time was spent back at the organization, learning how to tie a tie, how you address people, how to shine your shoes. Those kind of things that you're not always going to get in an office, so that they are better prepared to speak and articulate, not just get the technical expertise.

I think some of those programs I think are hugely beneficial.

Rachael: My question, Maria, is, but do they need a bachelor's degree? I think of all of these people that I've worked with in industry who were senior vice president of engineering and don't have a bachelor's degree.

Just had got started really, really young, go and get hands-on and then just work their way up the career. I know a lot of people like that and it's really fascinating. And then I think we talked about this last time, you've got the CIO of some whatever, huge conglomerate, and they have, I don't know, a harp degree in music. It feels like there's a little latitude there.

Maria: Yes. You know what? You're right, and you get tons and tons of hands-on experience. If you don't get your bachelor's degree, that's okay. But I think at some point, it is valuable to go out and get your degree because it makes you a more well-rounded person.

Again, I was on the 25-year plan and of course, there were requirements around some of the sciences that I wasn't interested in. But I had to take them.
 

 

Education Provides a Well-Rounded Experience

Maria: But you know what? I had a blast taking an astronomy class. And I took a class in science of the weather. 
I think getting your degree makes you much more well-rounded at some point. Maybe you don't need it right away, but there's a lot of value in the hands-on. But also, I'm a proponent of getting your degree at some point, just for giving you that more well-rounded experience in education.
Rachael: Yes. That's a really good point. I do think of all the classes where I learned something new, but I hate it. I didn't want to take it. Math is not my friend and it took me a couple of tries to pass, but I finally did. But you learn something about yourself through what you're capable of too, which was really good learning experience.
Maria: Yes. I was never good at biology and classes like that, but when I had to take a couple of classes, I was like, "Oh, the science of the weather, I can do that." And astronomy. I can build an astrolabe and go look at the stars because I'm hands-on and very tactile. Yes, I can build an astrolabe and I know how to, okay. 
Rachael: I love it. Something that's also been in my mind a bit lately is, and I know you do a lot of volunteer work, and I believe it's with AFCEA, the Young AFCEANs, AFCEANs and VETSports. You're doing mentorship as well, and I think that's another piece that people, I think they're intimidated to ask somebody, "Would you be my mentor?" I would love your perspective there, from all of your time volunteering and working with folks. 

 

Ask the People Who Already Made It to Show You the Way

Rachael: How do you suggest people go about finding a mentor and someone who could be a truly invaluable contribution to charting their life and professional course?

Maria: I had a couple of ways. I have had, from college students, random LinkedIn requests for an interview, so where the student needs to get some information about possible positions or something. I've actually done a few of those over the years, where just a random college student reached out to me on LinkedIn and said, "I'd like to do an informational interview with you." There's one way. Talking to my peers and others, I don't know any of them that have ever turned one down either, because I've never turned one down. 

It's 30 minutes of my time, maybe 45 minutes of my time. But again, I've talked to others of my peers and they're like, "Yes, we are happy to do it." Having random people request through LinkedIn. And then working with the Young AFCEANs, AFCEA Bethesda, and others.

Participating in speed mentoring and some of the annual dinners where they have round tables. And they pair up a senior executive with someone who's younger in their career to host round tables. It could be on cloud and it could be on security, or pick something. 

But again, that expands their network, because you have a round table of 10 executives and you're facilitating with one of those executives. You're expanding your network of people, who to talk to. ACT-IAC. American Council for Technology and the Industry Advisory Council, they have a series of leadership programs, from junior to mid-career. Where they partner government and industry together. 

 

Learning From Experienced People

Maria: Again, that's expanding the network, learning about other people's jobs. You're getting your leadership training. And I've participated both with AFCEA Bethesda and with ACT-IAC on their programs, and working with a lot of the people who are more junior in their careers. And it's not about the technical. It's not the technical piece of it. It's about sharing experiences. Because I've been very open in my career, not the technical challenge, but leadership challenges. Dealing with people, dealing with grievances. How did you do that?

And then also, sharing experiences, how to celebrate the small things. I bring in a cake to celebrate turning off our oldest system in our portfolio. Being able to share those experiences and things like that, I think it's invaluable to people who are younger or even mid-career.

Sharing those experiences, not just the technical, being a mentor for them. Because they're going to try and navigate through this and they're going to say, "Oh, I heard from Maria and she had to deal with this people issue," or, "She had a good idea. Let me follow up with her and get some more detail around it." 
B

ut by sharing those experiences, not just technical, but what we've learned over time, is just really invaluable. Just being able to share that. Again, people with the outreach. I've done formal and informal mentoring programs. Sometimes it's just somebody asking me, "Hey, I need some help. Will you work with me?" I had a senior engineer, super smart, but he was going into a position where he needed to speak to his customers. He'd never had to do that before. He had to talk to customers and he had to brief them, and he had to talk in business terms. 

 

[20:18] Maria’s New Career Path

Maria: I met him once a month and we went over a topic. Oftentimes, it's about asking the question and being engaged on this and expanding the network.

Rachael: I love that. It's almost like having a trusted and dumb-question person where you don't want to ask anybody you work with, but if there's a trusted person that you respect, can help give you guidance. It's so invaluable. 

Maria: Right. No such thing as a dumb question, ever. I've always said that. There's no such thing as a dumb question. Just ask.

Petko: That sounds like a challenge.

Maria: Yes. That's not to say I might not roll my eyes.

Rachael: I love it. Now, I know we're coming up on time, but I just want to ask you. You retired last year? You started your own consulting company and you're on all these boards. Are you having fun, Maria? Because I think it seems like you're having fun with it.

Maria: I am having fun. I feel like I'm on my third career now. I am working a little bit part-time, doing some board work, doing some advisory services behind the scenes. Getting to work with organizations like VETSports and working with a local nonprofit, Mission IT, up here in Frederick County. G

etting to do some of those things that I've never been able to do before, especially on the volunteer side of the house, because I was just too busy with my day job. 

 

A Way to Disconnect From Reality

Maria: Yes. I'm having a lot of fun. Getting in some hiking and some traveling in between and making a little money on the side. But also doing a lot of that volunteer work that just, between work and day job and kids and over the years, I've just not had a lot of time to do.

So it's been a lot of fun.

Rachael: Aww, that's wonderful. Well, thank you so much for joining us again. Petko, did you have any other questions? I know I've just been fangirling over Maria this whole conversation. I just love having her back.

Petko: I want to know, Maria, what books are you reading right now?

Rachael: Oh, good quizzer.

Maria: Oh, you know what? I think you guys asked me this question last time.

Petko: We ask it every time.

Maria: I know. And I finished reading The Wheel of Time. There's one book that's like the prelude to that, and I'm about halfway through that. That's what I'm reading right now.

Petko: I think it's interesting you're reading fiction or fantasy novels. It's a way of disconnecting from reality and just focus on something different

 

The Importance of Free Time

Maria: It is. You know what? I love to read, and I've been a reader. I'm a huge Stephen King genre fan. I got hooked into The Wheel of Time series and I just absolutely loved it because it was a journey, not a starting and end in a short book. I've just not done a lot of reading for pleasure over the last several decades, and I'm missing.

Yes, I've been doing a lot of reading and also working on some puzzles when I can. I love puzzles.

Rachael: Nice. Those are fine

Petko: Yes. I think it's critical that we do things for pleasure where we can disconnect from our day-to-day stuff, because it allows your brain to defrag, if you will, in the background.

Maria: It's so important, and I just didn't have that for so long. I craved it and I missed it.

Rachael: Well, thanks again for joining us, Maria. This has been so much fun, again, again, again, again. To all of our listeners, thank you for joining us this weekend. Don't forget to subscribe and smash the button so you get this episode in your email inbox every Tuesday.

Until next time, friends, be safe.

 

About Our Guest

 

Maria Roat is currently retired from federal service after more than 40 years in the industry. She started her own consulting firm called MA Roat Consulting LLC, which takes up most of her time. However, she is also on the Board of Directors for On Mission IT, AFCEA Bethesda, and Aquia Inc. She also works closely with VETSports Inc. as a member of the Board of Directors.

Maria Roat served as the Deputy Federal Chief Information Officer for two years after starting the role in May 2020 with over 35 years of professional experience in information technology.

Previously, Ms. Roat served as the Small Business Administration Chief Information Officer October 2016 – May 2020 where she led SBA’s digital transformation to a more proactive and innovative enterprise services organization responsive to the business technology needs of SBA program offices and small businesses & entrepreneurs across the United States.

Ms. Roat also served more than two years as the U.S. Department of Transportation Chief Technology Officer and was responsible for establishing and leading DOTs technical vision and strategic direction, driving innovation and planning for technology growth supporting internal and external facing mission activities.

Additionally, she served 10 years at the Department of Homeland Security (DHS) joining in June 2004 and serving in a number of capacities including Federal Risk Management and Authorization Program (FedRAMP) Director, FEMA Deputy CIO, Chief of Staff for the DHS CIO, USCIS Chief Information Security Officer and CIO Chief of Staff, and Deputy Director, Technology Development, for TSA’s Secure Flight Program.

Prior to joining DHS in 2004, Ms. Roat was in the private sector for 5 years deploying and managing global enterprise network management systems, as well as running Network and Security Operations Centers.

Ms. Roat is a graduate of the University of Maryland (UMUC), Harvard Business School Executive Education Program for Leadership Development, and the Navy Senior Enlisted Academy.