Natalie Sjelin joined UTSA over 30 years ago as an entry-level administrator. Today, she is the associate director of training for the UTSA Center for Infrastructure Assurance and Security (CIAS), where she helps communities across the nation prepare for cyber threats and trains them in cyber resilience.
Sjelin also serves as the director of support for the ISAO Standards Organization, which works with information sharing organizations around the country to develop standards and guidelines to protect the critical cyber information.
The CIAS is also a member of the National Cybersecurity Preparedness Consortium (NSPC), which provides research-based, cybersecurity training, exercises and technical assistance to local jurisdictions, counties, states and private companies. As the organizational lead and as a principal of the NCPC, Sjelin develops and delivers cybersecurity courses.
This semester, Sjelin became faculty member. She’s now a lecturer in the UTSA Department of Information Systems and Cyber Security, where she is teaching a network security course.
Sjelin has also co-authored a book with CIAS Director Gregory White, “Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM),” and she’s written eight white papers covering a range of topics, from high value assets to community incident response.
Sjelin sat down with Sombrilla Magazine in 2024 to discuss her time at UTSA and how the CIAS has evolved over the past 20 years. The following Q&A has been edited for length and clarity.
What attracted you to UTSA 30 years ago, and what did you hope to accomplish here?
UTSA was attractive to me because it was a growing organization with lots of opportunity. I was hoping to find a place where I could make a difference and build a career I could be proud of. Looking back over the years, I know I found both.
My first position at UTSA was in the Faculty Academic Center for Technology Transfer (FACTT). I started in November of 1993. I found that I loved helping faculty with their technology needs. We helped faculty computerize their transparencies by turning them into PowerPoint presentations. This is where my love for technology really began. I found that computer programs engaged my problem-solving skills, and technology changed often enough to continually present new challenges, which never got boring.
I advanced my career at UTSA by transferring to the Carlos Alvarez College of Business’ (ACOB) Center for Professional Excellence (CPE), where I helped establish the Executive MBA program. This exciting program continues to be an important offering at UTSA.
And, working at the university encouraged me to continue my education. While working full-time, I’ve earned an associate degree in business administration and a bachelor’s degree in computer information systems. Most recently, I proudly crossed the stage in 2022 with a UTSA Master of Science in Information Technology (MSIT) and a concentration in cybersecurity.
How has the CIAS evolved over the years?
The CIAS has had such a pioneering role in many cutting-edge cybersecurity initiatives. When I joined the center in 2002, there were just three employees — myself included — focusing on community exercises. However, over the years, we have formalized and honed three specific areas of focus: competitions, gaming and training. These programs have garnered national and international recognition. The CIAS has reached thousands of people all over the world and continues to find new ways to make an impact.
What are some key efforts that you’re most proud of at the center?
I’ve been able to try and accomplish many different things at the CIAS. The first major initiative I was involved in was called Dark Screen. It was the first community cybersecurity exercise in the nation, and it was held in San Antonio. There were more than 200 participants.
Dark Screen highlighted the notion that a single organization’s breach could impact the greater community. To deliver that training, we expanded our exercise portfolio with eight sector-based exercises, 30 community exercises, six state exercises and others. This led to the development of the Community Cyber Security Maturity Model, which persists today at the CIAS to help communities develop viable and sustainable cybersecurity programs.
The CIAS has also been instrumental in igniting research at UTSA. We have worked with faculty from many different colleges and have funded cybersecurity initiatives across the university.
How has the CIAS used gaming to enhance students’ understanding of cybersecurity and prepare them for careers in this growing industry?
While the CIAS has core focus areas, one of the things that makes it unique is our ability to collaborate on projects. As an example, we collaborated on incorporating a game or simulation into a cybersecurity preparedness training course. This simulation provides students the ability to learn about a cybersecurity framework, specifically the NIST Cyber Security Framework, and use it to plan an organization’s cybersecurity program on a limited budget, allowing for meaningful, relatable conversations among technical and non-technical participants. This simulation shows how a single organization can be impacted by a cyber-attack and how that organization may or may not impact the rest of the community.
This training has received overwhelmingly positive feedback from professionals and students. One student in my network security course commented that they originally thought cybersecurity had limited application and impact but after playing the game now realizes a cyber-attack can have damaging impacts that expand much more broadly, affecting a whole community and possibly a region.
Are there specific skills or qualities that are crucial for success in the cybersecurity field?
Cybersecurity is such a broad field; it can be both non-technical and technical. You will find cybersecurity aspects in policy, business, technology advancements, auditing, law, insurance, manufacturing, critical infrastructures and so much more. No matter what your skills are, there may be a cybersecurity path for you.
The most crucial quality you should have to succeed in any cybersecurity career is passion. Find the area you are passionate about and give it your all.
