When Jamy Casteel sought to create a local cybersecurity meetup group, membership never grew beyond two — Jamy and one of his good buddies. Jamy lives on the outskirts of Ardmore, Oklahoma in a small rural town of about 5,000 residents. Jamy’s quaint hometown, situated between Dallas and Oklahoma City and more than 100 miles from each, is an unlikely destination for those seeking a fast-paced cybersecurity career. However unlikely, Jamy, a senior security consultant at Kroll, is thriving. Jamy works remotely for Kroll, a global company that provides proprietary data, technology, and insights to its clients, including delivering end-to-end cyber security services worldwide.
Jamy, a husband and father of three, is a proud 2022 graduate of SANS Technology Institute’s master’s degree program in Information Security Engineering. Here, he talks to us about his experience with the SANS master’s program and offers advice and insight to others considering a similar path.
Note: Since this profile was published, Jamy was promoted to the role of Vice President, Offensive Security – Cyber Strategy and Risk Consulting at Kroll.
Q. How did you get interested in cybersecurity?
A. I’ve always been drawn to computers. At the age of 19, armed with an associate degree in Information Systems and a few certifications, I landed my first IT job. My employer hired a consultancy to come in and speak to staff about securing our organization’s infrastructure and perform, what I now know to be penetration testing. I was fascinated. I was hooked.
Q. Prior to attending the SANS Technology Institute, what was your educational background?
A. I received an associate degree in Computer Information Systems from Murray State College in 2005. Further, I was awarded both a bachelor’s degree in Computer Information Systems in 2014 and a master’s degree in Business Administration (MBA) in Management three years later from Southern Oklahoma State University.
Q. What do you like most about cybersecurity?
A. Despite what my high school teachers might say, I love challenges. Every client, every project, is different. There is always a need to learn something new or change up an existing process. There is no time to be bored with cybersecurity.
Q. How did you learn about SANS Technology Institute?
A. A co-worker of mine heard about SANS when listening to a podcast. This same colleague took a class and then told me I had to take the course too. I immediately requested the course through my company and was approved. The rest is history.
Q. Why did you choose to enroll in SANS Technology Institute’s master’s degree in Information Security Engineering program? And how does SANS.edu differ from other programs you looked at?
A. I had no intention of looking for a second master’s degree. However, when I took SANS’ GCIH certification course, I genuinely enjoyed the delivery of the materials and the hands-on technical aspects of this high-caliber class. Once I learned of SANS.edu advanced degrees, I knew I wanted to continue with my SANS education – not because I wanted another degree, that was just icing on the cake. I wanted to increase my technical knowledge and both hands-on and soft skillsets. I wanted to give myself a competitive advantage in my career.
Before investing in the SANS.edu program, I did look at a couple of other degree programs. The overall quality was incomparable. The coursework, the curriculum design, the relevance of the materials, and the real-world experience is what sets SANS.edu apart from other programs of its kind.
Q. What did you find most valuable about the program?
A. The courses and the professors, who are experienced cybersecurity professionals, were stellar. This industry is everchanging. It is hard to find an expert in any one area who is familiar with advanced real-world issues. I also enjoyed the group projects. It is so valuable to work with others in high-stress situations with time constraints. It gave me an authentic look into what a career in cybersecurity is all about.
Q. Did you take classes online or at live events?
A. I took my first SANS.edu class in person. It was this class that prompted me to fully commit to the SANS degree program. All other classes were taken online. For me online classes were not an issue. I have no problem staying motivated. I like to follow my own timeline, especially since I work full time and have a lot of family commitments.
Q. What is your current position and how has your SANS.edu degree impacted your career trajectory?
A. Currently I am a senior security consultant at Kroll. I am a penetration tester, conducting web application, API, and red team engagements on behalf of Kroll clients. I am charged with assessing the security posture of various controls of my clients’ networks to help deter opportunistic and targeted attacks that could compromise sensitive data.
The knowledge learned from SANS.edu has helped in all aspects of my work. It has given me a greater understanding of technology defense and offense, as well as the business and soft skills critical for continued success no matter the path I choose in the future.
Q. As part of your SANS.edu program, you authored a well-received research paper. How did you choose your topic and what did you learn from the process?
A. My paper was titled Content Security Policy Bypass: Exploiting Misconfigurations. Content Security Policy (CSP) is increasing in popularity as a defensive mechanism to help prevent injection attacks. I conceived of the topic because I perform a fair amount of web application penetration tests and will occasionally need to exploit misconfigurations to bypass the control.
I learned quite a lot from the process. I had written blog posts and small write-ups, but I had never authored a research paper. The meetings with faculty advisors were helpful to stay in-scope and to progress successfully through the process. Overall, it was something I hadn’t done before, but I enjoyed the experience and knowledge gained.
Q. What advice would you offer someone considering applying to SANS Technology Institute?
A. Do your due diligence. Understand your motivation. Think about what will benefit your career 5 to 10 years from now. If you are not just looking for a degree but want to grow your technical skillset and your cybersecurity knowhow, then SANS is an amazing option.
Q. What’s next for Jamy Casteel?
A. While I am finished with formal degree programs, I do plan to focus on securing additional industry certifications. I was a featured speaker at the North Texas ISSA Cybersecurity Conference in September. I want to continue to amplify my industry visibility and increase my volunteerism by speaking at conferences and mentoring those starting out in the industry.
Secure Your Future
Ready to apply? We look forward to learning about you and your cybersecurity career goals.