Fresh Out of College
Three years ago, fresh out of college, I began my path into the corporate world. After graduating and taking a few months off for the summer, I started my search for work and applied everywhere on LinkedIn, Glassdoor, and Handshake, thinking that one of these applications would mark the start of my new professional journey. With a degree in Business Information Technology, I was presented with various avenues to start my career. Unsure what I wanted to do after college, I began researching potential jobs and talking to classmates who had graduated before me. Many of them worked in the field of Governance Risk Compliance.
That’s how I learned of Fortreum, a company I had never heard of before. Fortreum was then a fledgling FedRAMP Third Party Assessment Organization (3PAO) that had only been founded the prior year. After a few interviews and some research on the company and its culture, I accepted my very first job offer. I was employed by Fortreum as a vulnerability management analyst in the dynamic world of the Federal Risk and Authorization Management Program (FedRAMP).
When I first joined the Fortreum team, I was met with an array of acronyms and terminology that appeared strange to me. FedRAMP? SAR? RET? JAB? 3PAO? etc. It was entirely new territory. Keeping up with conversations and listening in on discussions didn’t make much sense at first. However, with the help of other team members and managers, I was able to learn and grow within the realm of FedRAMP.
Professional Growth
Starting my career at a “smaller” organization offered me numerous advantages. Working on a small team allowed me to become fully immersed in projects and take on some tasks from the very beginning as well as get direct guidance from supervisors and managers, which would help enhance my professional growth.
One of the first things I learned was the value of shadowing. I spent my first few weeks observing various projects, attending meetings, and obtaining as much information as I could while also becoming acquainted with the various vulnerability scanning tools available so that I could bring value to this team.
Having never used a vulnerability scanner before, I had no idea what I was meant to be looking at. Little did I know that within the next year, I would have worked with multiple scanners, teams, and Cloud Service Providers (CSPs), and that I would develop an instinctual understanding of scanning tools and their exports.
Initially, before being able to run the vulnerability assessments myself, I was in the background, taking notes and assisting wherever I could. Since the team was still growing, there were numerous tasks I was able to take on, such as creating templates and “how to” instructions for team members to assist in streamlining the process and increase my understanding of the workflow. The hands-on approach not only taught me practical and technical skills, but it also instilled confidence and responsibility within me.
Improve and Progress
With so much freshly acquired knowledge in my first few months, it seemed like there was always an additional thing to learn. I was committed to learning and developing in my role. I was aware that they had taken a chance on me, and I did not want to disappoint anyone. I recall the early conversations I had with my manager. Always asking when I’ll be entirely confident in what I’m doing, and continually asking where I should improve and progress. Just give yourself three to four months, and you will learn a lot, would always be his response. Back then, I thought he was being overly optimistic about this.
As time passed, I learned and accepted that this is an ever-changing field, and I would have to adapt to constantly learning and not having all the answers at once. When I crossed my one-year mark at Fortreum, I reflected on the prior year and everything that had happened. I was aware that I still had much to learn, but I was surprised to see how far I had come. Conversations that used to make my head spin, as well as reports that needed to be triple or quadruple checked, were now a part of my daily work life. I became more efficient and spent less hours stressing about preparing for a new project. By now, I had worked with around ten, if not more, different clients and a variety of tools. I found myself no longer being the “new hire” on the team, but rather someone other colleagues turned to for advice and assistance with their own projects.
New Challenges
The confidence and time given to me on the job to pursue additional certification and education in this sector made me realize I could do more. As time passed, additional projects and clients were added to my plate, and rather than feeling overwhelmed, I became enthusiastic about the opportunity to work with new CSPs and tools. The unknown became a new challenge that I eagerly anticipated, knowing that it would allow me to develop and learn. Now that I’ve been at Fortreum for more than two years, I’ve seen a lot of college hires enter the organization. I usually give them the same advice: “don’t be afraid to ask questions, even if they seem “silly” because it’s normal to feel unsure and not have all the answers. Over time, without you even recognizing it, the initial sense of uncertainty will disappear.”
About Fortreum:
We started with a mission to simplify cloud and cybersecurity challenges for our customers. With an extensive track record spanning nearly a quarter of a century across Public and Private Sectors, we possess a keen dedication to solving our customers complex cloud and cybersecurity challenges. Our industry commitment extends to supporting and fostering the development of future cybersecurity experts within our communities. We encourage you to investigate our services further to learn how leverage to cybersecurity as a business enabler.
Should you have questions about your cloud and cybersecurity readiness, please reach out to us at Compliance@fortreum.com or Contact Us at https://fortreum.com/contact/