Cars, televisions, watches — even water bottles and coffee mugs — are now collecting data on our daily activities, actions, and preferences. Cybersecurity specialists work to minimize and mitigate potential risks to individuals and organizations and to ensure confidentiality, integrity, and availability of information.
No linear path
Troy Romanowski '07 graduated as a history major and moved on to law school, never considering that his career journey would land him at New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) at the New Jersey Office of Homeland Security & Preparedness.
The NJCCIC is a tech-focused organization that is the state’s one-stop shop for cyber threat analysis, incident reporting, and information sharing in an effort to make New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices. Romanowski is a cybersecurity legal analyst, working in a team of over 50 full-time staff members — not all of which stem from computer science or cybersecurity. He is currently the only one on his team with a law degree. He and his team work collaboratively with agencies aiming to implement new technologies safely and securely.
Since graduating from law school over 10 years ago, Romanowski has spent most of his years in public service. Prior to his role at Homeland Security, he worked for the Department of Treasury as the State of New Jersey’s technology licensing officer, negotiating terms with vendors. Many of the contracts he negotiated were software as a service (SaaS) agreements, so he was challenged to learn quickly about the subject of cybersecurity and the risks of using SaaS products within an organization.
Romanowski has recognized that many cybersecurity careers begin like his — outside the cybersecurity focus. However, understanding risk assessment in the virtual world is a necessary knowledge base that no private or public organization can avoid.
“Fewer and fewer services don’t have a technology component to them,” he notes. “Everything is internet connected, and there are many opportunities for bad actors to utilize things like ransomware, malware, and denial of service attacks to steal data, interrupt business, and otherwise undermine an organization’s mission and daily operation.”
Smart tech, smarter security
“Government and technology work hand in hand. It would be hard to do effective government work without utilizing cutting-edge technology, but there are measures that can be taken to do that in a safer way,” Romanowski says. His work ensures that appropriate security controls are in place with solid contracts for new technology. He serves departments like Labor, Transportation, Health, Human Services, Taxation, and Children and Families, including protecting the confidentiality of their most sensitive data.
Some of these measures include doing security reviews on prospective vendors and making sure appropriate contract provisions exist. He confirms data will be stored securely and within the United States, ensures encryption requirements are met, and obtains appropriate background checks and screening of vendor employees working on New Jersey state projects.
Romanowski notes that new and cutting-edge technology is great, but it can’t be a total replacement for people. Trained people aware of appropriate technology use need to be well placed in organizations alongside the technology.
People remain the focus
Romanowski has seen many people subscribe to the belief that most problems can be solved quickly and easily simply by utilizing a new technology solution, but he recommends further education because more automation brings more risk and exposure.
In NJCCIC’s efforts to make New Jersey and its people more resilient to cyberattacks, it provides important communication to constituents, including cyber alerts and advisories, cyber tips, and best practices for effectively managing cyber risk. Other services include threat briefings, risk assessments, incident response support, and training.
Intersection of passion and skill
When he was a student at Lehigh, there wasn’t a dedicated cybersecurity degree, but Romanowski is sure he wouldn’t have considered it. “If you had told me as an 18- to 19-year-old student at Lehigh that this is what I’d be doing, I’d have laughed in your face. I didn’t realize it was a potential career option, or more so, one I would see myself in.”
Regardless, Romanowski does remember an adviser who once said Lehigh prepares students for their last job, not their first job. “You should expect to change jobs a few times during your career, and a Lehigh education will help you to find the intersection of what you are passionate about and what you are good at.”
Romanowski says Lehigh instilled in him a strong set of critical thinking skills, reading and writing skills, and a love of lifelong learning. He’s always expanding his knowledge of emerging cybersecurity trends and staying aware of related stories in the news. Election integrity monitoring and election fraud, Tiktok and China, Russia’s targeted cyberattacks on critical infrastructure in Ukraine before Russia’s ground invasion, appropriate use of AI (including its role in college admissions essays!): Romanowski cites these as hot topics in cybersecurity that we need skilled minds to navigate, and the educational journey is continuous.
“In this field, you need to keep learning.”