As OPM’s Deputy Chief Information Officer, Melvin Brown II, a recognized thought leader, oversees a $100+ million IT portfolio and 216 employees. Awarded the 2023 Federal 100 by Federal Computer Week, Melvin drove a 12-point improvement in OCIO’s FY 2021 Employee Viewpoint Survey score, emphasizing collaborative design and the Employee First principle. Appointed in October 2021 into his current role, Melvin’s extensive leadership spans the Small Business Administration, Department of Homeland Security, and Federal Aviation Administration. Melvin holds a Master of Science from George Mason University and a Bachelor of Science from Strayer University. A Marine Corps veteran, he served as an adjunct professor at the University of Phoenix for 14 years.
Recently, in an exclusive interview with Digital First Magazine, Melvin shared the favorite aspect of his role as the Deputy Chief Information Officer for the Office of Personnel Management, insights on the future of cybersecurity landscape, the top skills required to become a successful cybersecurity professional, significant career milestone, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi, Melvin. What part of your current role do you enjoy the most?
In my role as the Deputy Chief Information Officer for the Office of Personnel Management, the aspect I find most gratifying is witnessing my team consistently surpassing our set goals and expectations. Collaborating with exceptionally talented and forward-thinking professionals in our field is a true privilege. Every day, I am inspired by the ingenious solutions they devise to tackle some of the most intricate challenges, often in the face of resource constraints. Their dedication and creativity underscore the remarkable capabilities within our team and reinforce my enthusiasm for the impactful work we undertake.
You are also a board member at FinOps Foundation. Can you please tell us about this foundation and your role in it?
The FinOps Foundation, operating under The Linux Foundation alongside entities like the Cloud Native Computing Foundation, is committed to advancing individuals practicing cloud financial management. This commitment is realized through the promotion of best practices, education, and standards. With a robust community exceeding 12,000 members, representing over 3,500 companies, the FinOps Foundation is a driving force in this discipline. The Foundation’s Governing Board (GB) and Directed Fund actively support the Technical Advisory Council and the Practitioner community. Comprising professionals from both industry and government, including practitioners, vendors, and cloud providers, this Board plays a vital role in steering the foundation’s initiatives. I am honored to serve as the exclusive government representative, leading the adoption of the FinOps Framework across federal, state, and local government. This effort is facilitated through our Government Special Interest Group, a subcommittee of the governing board.
According to you, what will cyber security look like in the next 5 years?
Predicting the exact future of cybersecurity is challenging, but several trends are gaining prominence and will continue to shape the landscape in the next five years. The adoption of Zero Trust security models, which assume no trust by default, is likely to grow. This approach focuses on continuous verification of entities and devices, regardless of their location. AI and ML technologies are increasingly being employed for threat detection, pattern recognition, and automated response. This trend is likely to continue, with more advanced and integrated AI solutions becoming a standard in cybersecurity. As the Internet of Things (IoT) continues to expand, securing a growing number of connected devices becomes crucial. Ensuring robust security measures for IoT devices will likely be a priority to prevent large-scale vulnerabilities. With organizations continuing to migrate to cloud environments, the focus on cloud security will persist. Security measures tailored for cloud-based infrastructure and applications will be refined and expanded. With the growing number of remote and mobile devices, securing endpoints will be a priority. Endpoint detection and response (EDR) solutions and other technologies will continue to evolve to meet this demand. Finally, cyber adversaries are likely to continue evolving their tactics, techniques, and procedures. Advanced persistent threats (APTs) and ransomware attacks may become more sophisticated, requiring enhanced defense mechanisms.
What are some of the challenges with cybersecurity and risk assessment right now that you see no one is talking about?
While many well-known cybersecurity challenges and risks are frequently discussed, there are also some lesser-known or emerging issues that may not receive as much attention. Here are a few less commonly discussed challenges and risks that IT Leaders and Security Professionals should be aware of: The increasing complexity of supply chains and dependencies on third-party vendors can introduce significant security risks. Organization’s need to assess and manage the cybersecurity posture of their entire supply chain to prevent potential breaches or disruptions. The increasing use of biometric authentication introduces new challenges related to the secure storage and handling of biometric data. Ensuring the protection of this sensitive information is crucial, especially as biometrics become more prevalent in various industries. While quantum computing is not yet widely deployed, its potential to break current encryption standards poses a significant threat. Organizations need to start preparing for quantum-resistant cryptography to secure sensitive data in the future. While the shortage of skilled cybersecurity professionals is acknowledged, the impact of this shortage on an organization’s ability to effectively defend against evolving threats is a significant concern.
What are the top skills, both technical and soft skills, that are greatly needed as a cybersecurity professional in the current digital landscape?
In the contemporary digital landscape, cybersecurity professionals require a diverse set of skills to effectively navigate the complex and ever-evolving threat landscape. On the technical front, proficiency in areas such as network security, penetration testing, and incident response is paramount. Cybersecurity experts should possess a deep understanding of encryption protocols, secure coding practices, and vulnerability assessment techniques to safeguard digital assets. Additionally, expertise in cloud security is increasingly crucial as organizations migrate to cloud environments. Knowledge of emerging technologies like artificial intelligence and machine learning is also beneficial for proactive threat detection. Equally important are the soft skills that enable cybersecurity professionals to excel in their roles. Communication skills are essential for conveying complex security concepts to non-technical stakeholders, facilitating collaboration, and articulating security risks and strategies effectively. Critical thinking and problem-solving skills are vital for analyzing intricate cyber threats and devising innovative solutions. Cybersecurity professionals must be adaptable and continuously update their skills to stay ahead of evolving threats. A strong ethical mindset is imperative, as cybersecurity experts often handle sensitive information and play a critical role in maintaining trust. Teamwork and collaboration are essential for building a cohesive security culture within organizations, fostering cross-functional cooperation, and responding effectively to security incidents. Lastly, a keen sense of curiosity and a commitment to continuous learning are crucial for staying abreast of the latest cybersecurity trends and technologies.
How do you think we can attract more young people to this field?
Attracting more individuals to the field of cybersecurity requires a multifaceted approach that addresses both awareness and accessibility. Here are some ideas to encourage more people to pursue careers in cybersecurity: Collaborate with educational institutions to establish cybersecurity awareness programs at the high school and college levels. Offer workshops, seminars, and hands-on experiences to introduce students to the exciting and challenging aspects of cybersecurity. Actively promote diversity and inclusion within the cybersecurity community. Encourage underrepresented groups, including women and minorities, to explore and pursue careers in cybersecurity. Establish mentorship programs to support individuals from diverse backgrounds. Organize or support cybersecurity competitions and challenges at various levels. These events provide a platform for participants to showcase their skills, learn from experienced professionals, and develop a passion for cybersecurity. Forge partnerships with industry leaders, cybersecurity companies, and organizations. These partnerships can lead to internships, apprenticeships, or sponsorship programs that provide aspiring professionals with real-world experience and exposure to the industry. Finally, establish scholarship programs to support students pursuing degrees or certifications in cybersecurity. Financial incentives can attract more individuals to explore and commit to a career in the field.
What has been your most career-defining moment that you are proud of?
A pivotal moment in my career occurred when I achieved membership in the Senior Executive Service within the Federal government. This accomplishment paved the way for what I consider my most gratifying achievement – the initiation of our intern program. Designed to offer college students nationwide valuable internships that could potentially transition into permanent roles within the federal government, this program has been a source of immense pride. In its inaugural year, we welcomed 18 interns, and I am pleased to share that, as of the article’s current date, six of them have successfully transitioned into permanent positions.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
Throughout my life, the presence of mentors has been a source of great fortune, and this privilege continues to shape my journey. The wealth of wisdom I’ve accumulated is extensive, posing a challenge to distill into a singular piece of advice. Nonetheless, a set of guiding principles defines my career journey. Firstly, I strongly advocate for nurturing one’s aspirations, acknowledging that the champion of your career journey must first and foremost be yourself. Secondly, I firmly reject the imposition of limiting beliefs from others, recognizing that life’s constraints are often self-imposed. My commitment lies in embracing the limitless potential within my career. Thirdly, a valuable lesson from my mother underscores the significance of finding contentment in achievements while maintaining an unwavering appetite for growth. Her encouragement to fearlessly undertake challenges, even those deemed difficult by others, has been pivotal—a driving force inspiring me to confront challenges and push my own boundaries. The proverb “See thou a man who is diligent in his business, he shall stand before kings and not mean men” (Proverbs 22:29) succinctly encapsulates the essence of my journey.
What are your passions outside of work?
My dedication to community service and leadership is a fundamental part of my identity, extending beyond my professional obligations. Collaborating with my fraternity and church, I actively participate in initiatives addressing the pressing needs of the less fortunate in our community. Through hands-on activities such as organizing food drives and distributing clothing, I aim to make a tangible impact on the lives of individuals experiencing adversity. Serving as a High School Baseball Umpire and Volleyball Official in my leisure time complements my dedication to community service. Beyond officiating games, I see these roles as opportunities to contribute to the growth and development of young individuals within the community. Through fair play, sportsmanship, and mentorship, I aim to instill values that extend beyond the playing field. It’s a nongame about the rules of the game; it’s about imparting life lessons that contribute to the character and resilience of these aspiring athletes.
Where do you see yourself in the next 5 years?
Aligned with my core values and principles, my strategic vision for the upcoming five years involves a thorough exploration of the upper echelons within my federal career. I aspire to reach new heights and conquer challenges that will test and enhance my professional capabilities. This pursuit is driven by a commitment to excellence and diligence in my business endeavors. During this period, I plan to immerse myself in diverse experiences within the federal sector, understanding the full scope of its potential and limitations. By delving into various aspects of my field, I aim to gain comprehensive insights that will not only enrich my skill set but also provide a solid foundation for future endeavors. Beyond the federal landscape, I foresee a transition into the private sector as a natural progression in my career journey. This move is motivated by a desire to confront novel challenges, broaden my perspective, and further refine my business acumen. Embracing the dynamic nature of the private sector will not only expose me to different operational frameworks but also present opportunities for innovation and growth. The overarching goal remains unwavering – to be diligent in my business pursuits. This commitment extends beyond mere career advancement; it encompasses a dedication to excellence, ethical conduct, and the cultivation of a resilient and adaptive mindset. Through continuous exploration and adaptation, I aim to foster a professional environment that reflects my values while contributing positively to the ever-evolving landscape of both the public and private sectors.
What advice do you have for anyone who is in a CISO role?
Reflecting on my experiences, there’s a crucial piece of advice I’d like to impart to the IT community: accumulating a decade of experience in the same role doesn’t equate to a decade of diverse experiences. It simply indicates proficiency in a singular task due to repetition. A fulfilling career involves engaging in various roles, seizing numerous opportunities to acquire fresh skills and insights. The IT landscape is in constant flux, demanding adaptability. Failing to evolve may render one qualified for positions that are becoming obsolete. Therefore, the key is to embrace continuous learning and perpetual growth, ensuring relevance in an ever-evolving industry.