A cybersecurity professional who helps safeguard hundreds of power plants, Ali Elnaamani enrolled in Saint Leo's online cybersecurity degree program to advance in this high-demand field.

During a project meeting for Siemens in San Diego, Saint Leo alumnus Ali Elnaamani experienced first-hand the chaos that ensues when a major city loses electrical power.

Dubbed the 2011 Southwest Blackout, it was the largest power failure in California history. Approximately 3 million people lost power, including nearly 1.5 million people in San Diego.

While the cause was human error and not a cybersecurity attack, the result was the same. Traffic lights stopped functioning. Airports shut down until generators could be started. Pumping stations failed and more than three million gallons of raw sewage spilled into the ocean. Radios and televisions went silent, and businesses closed.

"You don't realize the impact of not having power until suddenly it's down," says Ali. "It crippled the city."

A national imperative

Signed by President Obama in 2013, Executive Order 13636 – Improving Critical Infrastructure Cybersecurity states that the cyber threat to the nation's critical infrastructure represents one of the country's most serious national security challenges.

"The national and economic security of the United States depends on the reliable functioning of the nation's critical infrastructure in the face of such threats."

Ali is on the front line in protecting one aspect of that critical infrastructure: the national power grid.

Ali has worked at Siemens for eight years and for the past three, has served as Siemens Energy's NERC CIP cyber security and compliance lead specialist, protecting Siemens' power plants against cybersecurity risks and providing compliance support for power plants to meet NERC CIP requirements.

NERC – the North American Electric Reliability Corporation – is the international regulatory authority that assures the reliability of the bulk power system in North America. NERC develops and enforces reliability standards for Critical Infrastructure Protection (CIP).

Ali, who earned both a bachelor's degree in computer information systems and an MBA with an information security management concentration at Saint Leo, has held a variety of specialized IT positions within the organization and plans to become a chief security officer in the near future.

That goal prompted him to pursue a third degree at Saint Leo – the online master's in cybersecurity.

Protecting critical assets from external threats

"My main focus is to mitigate the risk of a security disaster caused by an intruder or malware to any of the Siemens power plants in the United States or Canada," says Ali. "I also handle sites in South America and Europe."

Some of Ali's responsibilities include the on-site technical implementation of vulnerability assessments, penetration testing, security GAP analysis, security hardening, and other security responses to incidents and disaster recovery. He reviews all cybersecurity proposals, and he works closely with systems development teams on new cybersecurity features that meet ever-evolving NERC CIP requirements.

"Keeping up with the continuous flow of cyber threats to our critical infrastructure is a challenge," says Ali. "New security advisories are released daily, and providing immediate response to customers and system owners is critical. Continuously improving the network architecture and software security to mitigate daily threats is one of the most time-consuming aspects of my job."

A rewarding cybersecurity career

Ali's job requires a lot of time on the road: he has visited more than 80 power plants and customer sites around the world. But travelling the globe is nothing new for him.

Born in Riyadh, Saudi Arabia, Ali came to the United States as a Lebanese citizen and to Saint Leo as an international student-athlete to play on the university's tennis team. His two younger brothers, Sam and Mohamad, also attended Saint Leo for undergraduate and MBA programs and they, too, were members of the Saint Leo tennis team.

"I have always been intrigued by computer systems, and, in my opinion, Saint Leo has one of the top CIS bachelor's degree programs." Ali says his undergraduate study provided a solid foundation that prepared him well to specialize in information security management through the MBA program.

Those degrees, coupled with industry experience as a network systems engineer and a research support analyst while he was in graduate school, helped Ali land an initial position at Siemens as a technical support engineer. Four years later, he stepped into his current position as a senior software engineer/cyber security & compliance lead specialist – one that suits him professionally and personally.

"Seeing safely running power plants that provide electricity to cities and keeping cyber intruders and cyber terrorists from gaining access to any of our power plants is very rewarding," he says.

"We tend to take for granted the efforts behind flipping a light switch at home or in the office. I come from a country that had long suffered a shortage of power. Still today, the government only supplies power for approximately six hours a day to the entire country. So I tend to be among the percentage of people who appreciates flipping a light switch and seeing the light go on."

Saint Leo online cybersecurity degree program: relevant training

Ali believes that adding a graduate degree in cybersecurity to his resume, combined with eventual CISSP certification and experience, will enable him to reach his ultimate career goal as a cybersecurity officer.

Just starting his second term in the program, he says that he has already found the curriculum to be relevant in his field. The course in software security, for example, complements the compliance aspect of his job as well as reinforces skills he uses in vulnerability scanning, security hardening, and penetration testing.

"The demand for cyber security specialists has grown tremendously over the past few years, and is expected to grow even more," says Ali. "There will always be a shortage for such skill set as cyber threats get more and more sophisticated. And I believe that Saint Leo's cybersecurity program, because it is highly technical and industry-relevant provides the specialized knowledge and training needed in this critical field."

Are you working in cybersecurity? Could a master's degree help advance your career?

National Cyber Security Awareness Month

Department of Homeland DefenseNational Cyber Security AllianceStaySafeOnline.org

Image credits: Courtesy Ali Elnaamani