Interview With Founder Jacob Hess

For the next interview in our series speaking to technical leaders from around the world, we’ve welcomed Jacob Hess, Founder at NGT Academy.

Jacob Hess is the co-founder of NGT Academy, an immersive, military-grade cybersecurity and IT professional training platform founded by former military technicians from the US Air Force that has equipped thousands of military engineers with top security clearances. Rather than taking years to obtain traditional education, NGT Academy's immersive program prepares students for careers in cyber and network security within months.

Tell us about the business you represent, what is their vision & goals?

NGT Academy is an immersive, military-grade cybersecurity and IT professional training platform that teaches people the skills they need to pursue careers in the tech industry, even people with no prior experience in IT.

I co-founded NGT with Terry Kim. While in the U.S. Air Force, we trained thousands of engineers for cybersecurity and network engineering roles in the military. We have combined the military-style training philosophy of job readiness with decades of network engineering and cybersecurity experience to create our program, which provides real-world skills training that can be completed in months rather than years, giving students the knowledge (and certifications) needed to work in IT. Our goals are two-fold: First, to fill critical job vacancies and, second, to prepare students for a fulfilling and well-paying career.

What inspires and energises you within your work?

The people we train. Helping people who used to live paycheck-to-paycheck find a career that’s fulfilling, rewarding and, yes, lucrative, inspires me every day.

Can you share a little bit about yourself and how you got into cybersecurity?

Born and raised just north of New Orleans in Abita Springs Louisiana, I officially launched my career at the age of 17 when I joined the Air Force. I enlisted in September of 2001, just 2 weeks after the attacks on the World Trade Center. I worked in Information Technology in the Air Force and then became a technical instructor in the ‘Network Engineer and Cybersecurity’ career equivalent of that time. I left the Air Force in late 2008 and held IT positions in the banking and consulting industries before starting our training company, NexGenT / NGT Academy, in 2016.

Like many others, my passion for technology was born from a teenage interest in computers and computer games. I wanted to know more about how they worked, so I was always taking them apart and rebuilding them. In my teens, there was an application called WinNuke that let you send a ‘ping of death’ to a target machine and shut the computer down entirely. It showed me the power of technology and how malicious it can be in the wrong hands. When I joined the U.S. Air Force, I knew I wanted to pursue an information technology career to be able to stop these types of hacks. (By the way, that application, WinNuke, wouldn’t work today. Our computers are still vulnerable, but not like they were in the 90s).

How would you explain your role to a non-technical audience?

We train people of all ages and skill levels to become proficient in computer networking and security. The students in our program go on to hold careers in network engineering and cybersecurity. They help companies to build, maintain and secure their networks and data centres to keep their data safe.

What advice would you give to someone wishing to start their career in cybersecurity?

Have a solid foundation in computer networking first. Our training is unique in that we train the core of networking before we move students into cybersecurity. A core in networking provides the best foundation for understanding the complexities of computer network traffic before moving into cybersecurity attack and defence.

You don’t need a four-year degree to work in cybersecurity. IT employers recognize and value skill and experience over a degree.

Can you give an example of security issues at your jobs, and how you and your team fixed them?

We train folks to be able to identify malicious traffic and malicious hosts, and how to scan, isolate and remediate them. There are various types of cyber attacks, and a lot of cybersecurity includes policies and procedures on how to respond, such as what to do when one identifies they have a ransomware infection. These are the types of things we train our cybersecurity students to know.

Does your organisation use log and metrics data to improve and secure your systems? How do you find managing logs assists your day-to-day work?

All IT teams benefit from log data, and so we certainly train our students thoroughly on sys logging and event monitoring. It is very important for IT teams at enterprise organizations to have systems built for monitoring everything that happens in the network whether it is security-related or just break-fix related.

What are common weaknesses in IT security strategies that companies often overlook?

• Some general security vulnerabilities that could lead to attacks include:
• Internet edge devices with open and potentially exploitable TCP ports
• Networks and servers running outdated code that contains security vulnerabilities
• Passwords taped to a computer or a device and passwords written on sticky notes
• Unlocked and easily accessible IT closets and server rooms - I’ve seen network consoles having no timeout set so anyone could come by and plug right into it
• Using single sign-on without strong password policies
• Not using MFA with online accounts
• Having no cybersecurity awareness training makes them more susceptible to social engineering attempts

What are your thoughts on companies looking to prepare for CMMC compliance? CMMC compliance is necessary for companies that provide IT services to the Department of Defense. It’s an actual requirement, so any company wishing to continue providing services to the DoD must obtain CMMC certification. Given the rise in cybersecurity attacks, the government is requiring higher security standards for all services provided.

If looking to get CMMC certified I would work with an organization that specializes in CMMC certification and compliance. These types of agencies have systems organized for understanding everything necessary for compliance requirements, which can be complicated at times.

What are your takes in response to the Log4shell incident?

The main takeaway is that the security of our logging systems is extremely important. With the Log4shell incident, the Apache logging service could be exploited and allowed for remote code execution. Eventually, hackers can achieve a shell, giving them direct interaction with the host OS. The potential breach was deep into the infrastructures and backend services and has affected big companies and even service providers such as Apple, Steam, Twitter, Cloudflare, and Amazon. Through the log4shell incident, we can see how important it is to have secure logging solutions.

Would you like to share any cybersecurity forecasts or predictions of your own with our readers?

Unfortunately, cybersecurity attacks aren’t going anywhere; they’re only becoming a larger threat, so the demand for trained network engineers and cybersecurity professionals will continue to grow.

However, there is also a big new trend happening right now around data privacy and personal data security. This trend highlights the importance of individuals owning their personal data so that it can’t be harvested for organizations to profit from. Along with this trend, there are also technologies being developed around IoT and mobile security, and data privacy. This tech enables our IoT devices to have zero attack surface and we will be able to create networks that can't be hacked, eliminating the need for firewalls etc. This new trend in the cybersecurity space could be the biggest new advancement in IT since the turn of the Cloud era in 2010.

If you enjoyed this article then why not check out our previous guide to what is Kibana used for? or our article explaining what is Cobit?