A cybersecurity professional for over three decades, Shera Thackery Bake, ISSMP, CISSP, has had a lengthy career inspired by her father’s military service and early work on the space program.

My 35 Year Career and Being a CISSPMost of my early life was brought up with an understanding of the need for security. My father was in finance and accounting in the U.S. military and we lived in many locations in the U.S. and Europe following World War II.

After getting my Masters degree in mathematics, I was required to have a Top Secret and above clearance level in order to work on the Apollo space program. We used computers from many locations via phone line communications that were not readily available to most businesses. If fact, unless you had a huge budget your business did not use computers at all at this point.

The Evolution of Computing

With the advances of the space race and in computing generally, times and technology changed and brought about the notion of time-sharing and the arrival of smaller computers like those from DEC, GM and Honeywell for mid-size businesses. Time-sharing allowed small business to buy time from others, such as those with mainframes with unused capacity, to supply their computing needs. However, the security for protecting a company's data from others using the same machine was scant to non-existent at this early stage in what we now consider the modern era of computing.

I changed jobs to work for the State of Florida's Auditor General on a system being developed for State agencies to record their accounting transactions and then be used by auditors (both internal and external) to prepare information for legislative staff, along with state-wide financial statements for the federal government, which are audited by the Auditor General.

This system was in need of security procedures and methods, but software to assist with this was not yet available but being designed be vendors like IBM with RACF. Because of my background in this area. I was assigned to come up with solutions to the security problem. I was sent to a security conference sponsored by Computer Security Institute looking for ideas. At that time ISC2 was being established, creating a new certification, the CISSP, and looking for people with security experience to develop the certification exam. I got the forms and filled them out and was accepted. My office was thrilled.

CISSP Created Career Options

Becoming a CISSP was a door opener for me in my job as an auditor of IT systems. I was able to pitch to legislative staff the need for a security manager position within state agency IT support functions. Then, I worked to get Florida statutes written to require each agency to have a security manager and a CIO. We then set up a state organization with a state CIO and state security manager. This state group was required by Florida statute to provide guidelines, standards and rules for agency IT to use to protect IT resources and data. Later the law was amended to add a privacy officer.

Next, we started monthly meetings of all the agency CIOs and separate meetings for the agency security managers. Most of the people assigned to these positions needed help in understanding what cybersecurity was and what they needed to do. With the help of many great state employees, we eventually convinced the Florida legislature to provide training funds to be used for courseware and exam preparation for the CISSP exam. We also started a Y2K project in the late 1990s to ensure that switchover at the millennium went smoothly. It did, thanks to a multiagency project that proved successful. The presidential election in 2000 was a major challenge at that time and helped us get the attention we needed for investment and expansion. The events of 9/11 also proved to be a pivotal moment, that refocused attention and state investment on all things security.

Cybersecurity and Natural Disasters

In 2004 and 2005 Florida experienced many hurricanes. The lessons we learned from hurricane Andrew in 1992 changed our continuity of operations plan (COOP) plans and procedures assisting us through these events. Following these major incidents, the funds for additional professional development were provided and we started getting all our security managers and staff certified with CISSP.

Florida as a state government continues with a committed staff who provide cybersecurity for all types of services to its residents. The growth of computer usage by citizens has exploded since the desktop PC and internet connectivity became commonplace. We continue to grow in population and are grateful for the state officials who continue to see our vision of cybersecurity that began many years ago.

I retired after 35 years with the Office of the Auditor General, but still stay in touch with some of my colleagues who served to make the State of Florida such a great place to live. Many who earned their CISSP certification have also achieved advancement in their careers as a result.

Thank you ISC2 for 30+ years of work and support of the CISSP certification.