Student Spotlight: Matthew Cowan Brings Knowledge Management to Cybersecurity
Featured Student: Matt Cowan
Location: Knoxville, Tennessee
Education/Career Background: I finished undergraduate in 2014 at the University of Alabama, where I studied geology. Between then and now, I worked largely in real estate and hospitality.
Why information sciences?
I came to the School of Information Sciences because I realized there’s such a gap in how many people understand so many processes and how they have access to those processes – I was interested in that blend of resource development and resource deployment. I’m a generally curious person, I like learning and I like when learning is easy, and finding things to facilitate that was appealing to me. Having a career where I could really use my curiosity and use the fact that I’m a novice at most things and leverage that to say, “How can we make this as easy and accessible as possible?” – both at the organizational level and with a piece of content itself, was really appealing.
What pathway are you interested in?
I was part of the CALL group that started in fall 2020, but with this job and the financial situation with COVID, I needed to accelerate my program and graduate this fall. The CALL program was all about servicing the information needs of scientists and researchers, which is really what led me to cybersecurity, because so much of the scientific research is dense and unreachable by the public.
I became really interested in the technology aspect of that – hearing about the scale of data and information and all the different parties involved along the lifecycle of a project, there’s a lot of avenues to get in on this. I have been, in a really naïve way, interested in computer science and technology for a long time because I didn’t understand it for quite a while. So I decided to pursue some certifications in cybersecurity. I passed the Security+ exam this summer, which is an entry level cybersecurity certification. I think I chose cybersecurity as the direction I wanted to go because there’s so little layperson information out there about it. It’s so increasingly relevant, there’s so much room for people to get into it.
What is your current job?
I work for a Security Information and Event Management (SIEM) company. We basically develop and sell tools for our clients to analyze their traffic, endpoints, and user behavior so they can stay on top of who is accessing what and how it’s being accessed in order to detect, recognize, and respond to security incidents, or hacks. We build the tools and provide all the supporting informational needs for them to use them but we don’t monitor their systems ourselves.
I work on the training and enablement team, right now I’m a generalist. I started as an intern this summer focusing on knowledge management, and through my work there I ended up getting hired full-time. Basically my job is to understand all the different information assets and moving parts and connect people to them when they need them. I interface with my internal organization a lot, but we also have a community platform that is like a forum for our clients.
Right now I’m running a knowledge management audit to really pinpoint what’s the current lay of the land, where our subject matter experts are within the company, who has the information – some of them slip through the cracks. At the university, it’s easy to find the experts because they have a PhD, but at a company like this, someone may be super knowledgeable and not everyone realizes it. So this is about understanding who those people are and setting up ways to offload that information either in documentation or in a video so people can constantly be learning without having to take time out of someone’s day. It’s also about recognizing where our resource gaps as a whole are, things move quickly in technology so we have a lot of documentation and teaching to stay up to date on.
Helping manage the community is another project; if our researchers have found a solution to a zero-day hack (which means it is an unknown hack), I work with engineers, and as they develop solutions and tools, I edit those and share them with the community. We also have a specific release calendar for more organized content. That’s been a big goal recently, we want to get our operations pretty tight so we have some extra space to pursue more diverse content types and host more events.
Obviously we have an internal resource bank for people who work there and need certain types of information, and then our clients need another type of information and they access that differently. The community side is almost like a little private forum message board.
One thing that we’re really focusing on is, if we find a theme or specific tool, really pushing some curation in our content. We are trying to be self-organizing and having it be less reactionary and more proactive. As the engineers are developing something and solving these really difficult problems, I’ll help with the writing and publishing for them so it’s not all on their plate.
How did you end up in cybersecurity?
I was looking around for cybersecurity internships and saw one for community and knowledge management and I thought, that’s a perfect fit. It’s based out of Colorado and the internship and the job are remote work. The knowledge management side of the company, which is slightly more where my efforts are focused, is new. They started a formal effort towards that in the past year and though it existed on some level – more by department and team – it was less focused on overall operations. My direct supervisor is the first person to hold the position and he really championed to have a more unified effort for knowledge management.
My boss’s title is community and knowledge manager and I’m a generalist under him. A competitor recently posted a job with the exact same title, so clearly this is a growing part of the field. Especially with cybersecurity, it’s a unique context because everything is pertinent, because it’s about the cracks and where things could slip through, it’s all pertinent and could be time-sensitive.
Did the MSIS program provide skills you use at your current job?
Definitely. We had some guest speakers on the CALL grant that discussed resiliency around soft skills and that helped because I do a lot of outreach. Digital outreach is like feast or famine, you send an email and crickets, then send another and you have a lot of response.
I also took professional writing over the summer and it was really helpful, and I’m in information architecture right now and I’m finding it very useful because it’s focused on online information architecture.
Dr. Wang’s data visualization class was really useful, especially with things like – I use a lot of data but it’s very much in line with bibliometrics, I use data to communicate relationships as opposed to just quantities.
Why the School of Information Sciences at the University of Tennessee, Knoxville?
I was really attracted to the flexibility and it has a great reputation. It seemed like they were really willing to push the boundaries of where information sciences could be applied. The CALL grant was an attraction, and generally I looked at the curriculum and thought that it’s a nice blend of information sciences theory, specific applications, and also some more specific contexts that were really interesting to me.
What would you tell an MSIS student to do who is interested in cybersecurity or any specialized field?
I would tell people who are looking to enter it, because it’s such a growing industry, there’s room to find a place. More than worrying about specific subject material, if you can learn about tech operations, that’s something that can help you speak the language in a job interview. I’m still learning so much about operations and how these tools are actually developed and deployed, that’s something that I could have come in with more knowledge on. Keep up-to-date in current events, and the certifications can come later. If I was trying to be a knowledge manager for a manufacturing company and did not speak the language that manufacturers speak, I would not be as competitive a candidate as someone else.
A big takeaway from what I’ve learned at SIS and what I do at my job now is to be specific with your intentions at your job. I had this big broad idea of the types of job I wanted to have, but you have to treat it as a project and break it down and say, “Where do I start?” And go ahead and start there. If you’re about to graduate and looking on the job market, be thoughtful about “What are these people looking for and how can I get that?” Get online, network, used LinkedIn, the world is a competitive place so don’t be afraid to play ball.
Take the baby step approach, where you find some very colloquial material if you’re brand new to it, like listening to podcasts, and learn the language. Once you’re confident in the language and knows what it means, you can start learning neåw, more advanced material.
I had very vague career ambitions for a long time, but the knowledge management part is really a nice synthesis of what my goals were. So once I found it, I thought, “How do I get there?”