For Information Technology Infrastructure alumnus Lee Vang, internships were the key that unlocked his career in cybersecurity incident response

Lee Vang was almost done taking his general undergraduate courses and was considering his degree options. He thought he wanted to go into computer science, because he was interested in working in the tech field. But he wasn’t sure how to get started. 

Vang’s advisor suggested he look into the Information Technology Infrastructure program in the College of Continuing and Professional Studies. Once he saw the possibilities of a career in cybersecurity, which he was able to study as part of the security sub-plan of the ITI bachelor’s degree, he jumped in with both feet. 

In this Q&A, Vang shares how the ITI program prepared him to become an information security consultant, what that job entails, and what guidance he got from peers that worked in his favor.

How did you find the Information Technology Infrastructure program?

I really love technology and I saw myself working with computers. But I wasn’t sure about all the areas one could pursue. I was only aware of computer science and expected to have to do a lot of programming. I didn’t really want to go into writing code, I just wanted to work with technology. And that’s where my advisor stepped in and steered me to the ITI program. I reviewed the curriculum and the different tracks in the ITI program and learned about what each entailed. I quickly found that cybersecurity was the most interesting for me and aligned with my career interests.

Once I got into the program, I believed I had found myself right where I belonged. I loved the courses and cybersecurity was everything I expected.  

What do you do at work?

Lee Vang facing camera with Washington Avenue Bridge and Minneapolis skyline  in background

I’m an information security consultant for Securian Financial, a financial services company. I work in incident response, so one of the things I do is monitor our networks to make sure that nothing bad makes it through the firewall. Because, if a malicious file or exploit attempt gets through undetected, it can cause a lot of trouble for the company. 

For example, in December 2021, we learned of a possible threat for which we didn’t yet have protection, affecting the Log4j framework. This is an open-source logging framework that allows software developers to log data within their applications. It was deemed one of the most critical vulnerabilities, since most of the companies around the world use this Java programming language in their systems and applications. The vulnerability was also easy to exploit. This was one of the situations where the incident response team would have to build and put detective controls in place to be alerted to malicious attempts in the environment while a fix is being developed by the vendor.

And if something does get through, we want to make sure our preventative and detective security controls are working. So another part of my job is to do an analysis of our security controls to identify whether there are any gaps and ensure we have visibility if there are any.

The third component of my job is called cyber threat awareness, where I have to report on what’s happening to others in the company. For example, when there are malicious activities occurring in the wild—meaning anything outside my organization—I have to know what it is and whether it has affected our company. I then need to communicate what I know—and what we’re doing about it—to senior leadership.

Did the ITI program give you communications training?

What I loved about the ITI program was that the courses taught us to communicate from both technical and nontechnical standpoints. Not everyone will understand certain technical terms. ITI did a great job at teaching students how to translate those terms into a more simplified way so that others, such as senior leadership, can understand what is being communicated.

What career guidance did you receive at CCAPS?

I had a lot of support from my instructors in the program. I got to see that there are two sides to cybersecurity, the technical and the nontechnical, and they really pointed me in the right direction of the area I wanted to go into. 

At the same time, some graduates of the program suggested I do internships over the summer. They told me it would put me in a better position to get a job because it can help you start to build your resume. Because, even with an entry-level job, it’s very competitive, so you want to show that you have more than one skill to offer. Companies want people who have some work experience in addition to their classroom experience. 

To help me find internships, I used Career and Internship Services. Through them, I got my first internship, which was with Hennepin County, and another internship with the National Football League. They were looking for interns to help with their IT operations leading up to and during the main event for Super Bowl LII in 2018. I applied and got hired right away.

How did your internships help advance your career?

In my first internship with Hennepin County, I started as a project manager. I let my supervisor know of my interests, and she helped me find cybersecurity-related projects to work on. 

That helped me get into my next internship, which was in cybersecurity with Minnesota IT Services, the state’s IT office. After that internship ended, I got a full-time job on the same team after graduating from the ITI program in 2019. 

Would you recommend the ITI program for students seeking a career in cybersecurity?

Lee Vang facing camera with Washington Avenue Bridge and Minneapolis skyline  in background

Yes. The program had such a great impact on me that I decided, once I graduated, I would pursue a graduate degree right away. There’s another program here at the U called the Technology Leadership Institute (TLI), where I earned my master of science in security technologies. The ITI courses were great and also prepared me for my career. I easily adapted to my past and current jobs due to the fact that I already know what to expect. I excelled at my job thanks to what I learned.

The ITI program laid a lot of the groundwork to prepare me for the master's program. Some of the concepts were familiar to me from the ITI program, such as security policies and incident response. But others were new. The ITI program helped me do well in all the courses I had in the security technologies program and played a big part in my current career. If I had to start all over again, I would still choose my current path. 

Visit the Information Technology Infrastructure program website for more information about the degree, including related minor and certificate programs.