Snohomish County CISO on What Makes Great Cyber Professionals

As cyber threats grow more sophisticated, the demand for skilled defenders has never been higher. The technical aspects of cyber defense can be learned in college, but there are additional traits that mark you as a top job candidate and drive your career growth.  

We asked Doug Cavit, Chief Information Security Officer of Snohomish County, about the key characteristics he sees in successful cybersecurity professionals. In addition to technical skills, Cavit values critical thinking and curiosity. Professional networking is also essential in all stages of a cybersecurity career– from your first job to every subsequent level. 

The Power of Critical Thinking 

Critical thinking is an indispensable skill for cybersecurity professionals and Cavit strongly believes this should be taught in high school and college – especially now in the age of AI. Artificial Intelligence can generate seemingly authoritative answers and it’s easy to accept them without fact checking. However, cybersecurity practitioners must develop the ability to question, analyze, and verify. This equips them to spot anomalies. 

Cavit advises knowing more about AI than just good prompt engineering. Students should learn how it works behind the scenes. A person with good critical thinking skills can then investigate the quality of a Large Language Model (an LLM) based on data structure, training methods, and data integrity. 

As another example, when using low-code and no-code tools to build a software solution, the Application Interface (API) may request more credentials than it really needs. A person with critical thinking skills won't hand over those credentials without first investigating who will be responsible for keeping them secret and how they will do so. The curious person asks questions such as the reputation of any third party that will be handling your internal credentials and will ask about (or suggest) policies surrounding this scenario. 

Technical Skills: Tools vs. Concepts 

While many students focus on mastering specific security tools, Cavit advises a broader approach. He looks for candidates with experience using Security Information and Event Management (SIEM) systems, regardless of vendor. The key isn’t the brand but the understanding of how to use such tools effectively. 

It’s also important to “know what normal looks like.” Then, when analyzing logs or investigating suspicious activity, you’re better equipped to spot a potential breach. 

"The tools are a means to an end," he explained. "They’re used for protecting your systems. But, along with the tools you need a human who understands how the underlying systems work. Only then can you find meaning in what the tools are telling you." 

Instead of memorizing compliance checklists, students should focus on grasping core security principles, recognizing patterns in logs, and understanding authentication mechanisms like Active Directory Federation Services (AD FS), Kerberos, and cryptography. 

A Scientific Mindset: Curiosity and Ingenuity 

Curiosity is another key trait Cavit values. He describes great cybersecurity professionals as those who "don’t stop at the obvious answer but dig deeper until they fully understand the system." He appreciates the person who is driven to test and break systems – not in a random way, but methodically, recording the results after each test.  Scientific curiosity and a drive to discover are the attitudes that propel great cybersecurity professionals. 

He illustrated this with a pun: "I don’t just want a SOC puppet. I need someone who can think. Not someone who just pushes buttons to see what happens. Rather, someone who creates ingenious tests to systematically discover faults and weaknesses." 

This mindset, often associated with ethical hacking, involves approaching problems from an attacker’s perspective, anticipating security flaws, and proactively defending against them. 

The Importance of Networking and Mentorship 

One of the most overlooked aspects of cybersecurity success is professional networking. Cavit highlighted that he dedicates at least four hours per week to engaging with peers in the CISO community. Whether through ISC2, ISSA, or informal meetups, networking keeps him informed about industry trends, new threats, and best practices. 

"Community matters," Cavit stated. "Getting involved in professional groups is crucial because that’s where you really learn and get strategic insights from other critical thinkers." 

For students and job seekers, networking can open doors to internships, mentorships, and job opportunities. Cavit encourages students to start building these connections early in their academic journey. Find a mentor and stay engaged with them. Join meetups, conferences, and competitions to build your network. Many jobs spring from these relationships.

Internships and Real-World Experience 

Snohomish County regularly offers cybersecurity internships, usually a 16-hour-per-week position. The projects vary from year to year; thus, the type of students he seeks changes accordingly. Cavit examines the course list taken by students and considers the reputation of the college they’ve been attending. This background matters more to him than the level of degree the student is earning. 

Cavit values hands-on experience and looks for interns who are eager to take on meaningful projects such as MFA upgrades and network security assessments. The past careers of candidates also sway the hiring decision. Someone with a municipal background has a better chance of being hired than another candidate with the same college degree. 

Final Thoughts on Becoming a Great Digital Defender 

For those aspiring to cybersecurity careers, Cavit offers this advice: “Treat your job as though you are a paid consultant. Make sure you’re performing and pulling your weight. When you do make a job change, be sure that it’s an upgrade. If I see a resume with too many lateral moves, I conclude that the person is not making progress and that indicates problems that I’m not interested in dealing with.” 

Success in cybersecurity involves more than building a checklist of credentials—it requires developing a mindset of curiosity and a pattern of life-long learning. For students in Washington’s Community and Technical Colleges, embracing these principles will set them apart as they enter this dynamic and rewarding profession.