Army Lieutenant Colonel uses certification to pursue and support his cybersecurity passion

Joseph Marty, Lieutenant Colonel

Joe Marty took an early "obsession" for cybersecurity and turned it into a career in the United States Army, blending multiple degree programs and industry-recognized certifications in pursuit of lifelong learning and cybersecurity excellence.

Please share a bit about your personal and professional background.

I first got interested in computers around the age of 11 or 12 when my friend’s family got America Online, and my mom also purchased a computer. A few years later, I read 2600: The Hacker Quarterly, and cybersecurity and hacking has been a hobby and interest of mine since then.

I attained my undergraduate degree in computer science from North Georgia College & State University, now called University of North Georgia. When I joined the Army in 2004, I was a field artillery officer, and it was my Master of Science in cyberspace operations at the Air Force Institute of Technology that really set me up for my current path. I began my military cyberspace operations track out of the Army Cyber Protection Brigade and now I’m working at US Cyber Command at the strategic headquarters, while getting multiple certifications and continuously learning. Each day has multiple opportunities to teach colleagues how to apply different real world techniques and methodologies for both defensive and offensive cybersecurity that I’ve learned through both of my degrees and all of my certification courses.

What made you want to get certified?

I wasn't aware of the importance of technical certifications until one of the senior NCOs at the time encouraged me to get a Certified Information Systems Security Professional (CISSP) certification from (ISC)². Fortunately for me, the cyberspace operations master’s degree curriculum at the Air Force Institute of Technology is almost perfectly aligned with the CISSP domains, so I just went and passed the exam without additional training. After getting the CISSP, I learned that the Cyber Protection Brigade had training funds allocated to SANS courses and I signed up for all the ones that they would allow me to do, one after another, because I saw the value that the certifications would have outside the Army.

Over time, I’ve learned that there are key benefits of having the certifications while you're operating in uniform, too, because when you're working with external organizations and mission partners that support the DoD, they recognize the credibility that certification carries. When they see your credentials, then they trust your abilities.

To date, I’ve earned the:

• Certified Ethical Hacker (CEH)
• (ISC)2 Certified Information Systems Security Professional (CISSP)
• GIAC Penetration Tester (GPEN)
• GIAC Global Industry Cyber Security Professional (GICSP)
• GIAC Python Coder (GPYC)
• GIAC Response and Industrial Defense (GRID)
• GIAC Certified Windows Security Administrator (GCWN)
• GIAC Certified UNIX Security Administrator (GCUX)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)

I am currently pursuing the Offensive Security Certified Professional (OSCP).

Describe some of the unique challenges you faced while attempting to get certified on active duty.

The main challenge is simply setting aside the time to commit to earning a certification. They don't always limit how many courses you can take, so people need to be aware of how much work is involved in taking them. The courses are usually one week long and live (whether in-person or remote) and it’s like drinking from a firehose. They immerse you in knowledge, so it’s important to ask questions and take advantage of the instructor time while you have it. Some of the courses utilize remote learning at your own pace with a window of time to complete the course material. For that format, I have to commit my own personal time outside of work to do it because I’m too busy at work. Trying to balance multiple courses is definitely a challenge, which is why I don’t start courses at the same time if I’m taking more than one.

Can you describe your study process?

I go back through all the course material to take scrupulous notes. I try to frame the notes by putting myself in the exam developers’ shoes. “If I wanted to test somebody's knowledge base, what kind of questions would I ask?” The other tip I have is to take any practice exams that are available to you.

There’s an old phrase that I’ve kept with me since college, which is “practice makes permanent,” or as they say in the military, “train as you fight.” When I take a practice exam, I try and set up my workstation exactly the way it will be during the test. Then, after I finish the practice test, I go back and review all the questions again to make sure that I've actually understood what I missed and why.

What recommendations do you have for Service members who are just starting their certification process? Are there particular study and preparation tools and techniques that you recommend?

Figure out what you’re interested in or obsessed with. Identify what your road map is in order to achieve that expertise, and then jump on it, especially if you are not paying for it. You might surprise yourself with how much you like the certification process and, if nothing else, at least you'll learn something. The reason I got as many different certifications as I did is that GIAC certifications are designed around a whole core pathway, starting with one particular course and building towards expert-level certifications. There’s always more to learn and pursue, even if you reach the end of a particular pathway, because the end of the documentation doesn’t mean the end of the knowledge.