Q&A with Tony Bryan, executive director, Midwest Cyber Center of Excellence
EDITOR’S NOTE: Tony Bryan, 37, was named to his post in February. The non-profit organization intends to address what are called unprecedented needs in the cybersecurity labor market projected by military, financial, health care, government and law enforcement agencies. The center’s founding partners include leaders from Southwestern Illinois College, Webster University, The Aegis Strategies Foundation, St. Clair County, Leadership Council Southwestern Illinois and Scott Air Force Base. Aegis formed a nonprofit group to serve as an umbrella organization for the center and has pledged money toward the salary of the executive director for the first two years.
IBJ: So how does an MBA guy fit into a role like you’ve got here?
Bryan: When the board members were doing their executive director search, they were looking in three categories. They were looking for a veteran; for somebody with nonprofit experience; and somebody who had cybersecurity experience. Out of 40 candidates nobody checked all three of those blocks. I had the nonprofit and military. I have experience working in the startup/social innovation space from my time at The Mission Continues (a veteran support group). This helps drive our initial conversations.
As a startup nonprofit, we are currently building a program and setting the foundation of what the center will do. This requires our team and board to have mission, vision, and values conversations to chart the path for our organization. As we grow, we will partner and find individuals who will bring cybersecurity expertise to our mission.
IBJ: Define for me what this cyber center is.
Bryan: Our purpose is to be the hub for everything cybersecurity in the St. Louis region. To do this we will focus on three areas; workforce development, information sharing, and youth education. Our primary goal is to create the next generation of cybersecurity professionals within our region. We believe by partnering with corporations and universities, we can ensure students who leave the academic setting acquire an industry specific certification. This makes them more employable and strengthens our workforce. We also want to make sure our partner employees can come and obtain certifications to further their career within their own employers. As the hub, we will ensure our website is constantly updated with real-time information on cyber. This provides value to not only our partners but to the community-at-large. Lastly, we are a Cyber Patriot partner. We will work with local schools to create teams who will eventually compete regionally with a hope to compete nationally in the Air Force Associations Cyber Patriot’s Cyber Defense Competition.
IBJ: Some of the genesis for this was the cybersecurity squadrons coming in to Scott Air Force Base, right?
Bryan: A lot of things were happening. That was one of them. And the federal government putting a focus on information security as a whole. Seeing that, the St. Louis Regional Chamber and Leadership Council Southwestern Illinois came together and funded a research study that showed there was a need for (a center like) this in St. Louis.
The big drive is to build a stronger workforce in cybersecurity. Several jobs are unfilled each year because of a barrier to certification or time in service to get those certifications. Our goal is to close that gap. With our workforce development program, we will have 40-hour bootcamp-style sessions where cyber experts come in and partner with us to provide that curriculum. The end result is they will leave trained-ready to pass an industry specific designation. There are several hundred that are out there.
IBJ: Several hundred designations?
Bryan: Oh, there are a lot. (Holds up sheets of paper). This is a list for just one of the companies, GIAC. Then you have CompTIA (a trade association) …. ISC2 (a security consortium) … Cisco. With a non-cybersecurity background, I was blown away to see this. It even gets down to specializations. Let’s say I want to be a cybersecurity person focused solely on social media. There are certifications out there that I could become an expert and hone my skills. I believe because of the ability to specialize in the field and into such specific categories it makes it difficult for companies to hire the critical staff they require.
IBJ: Is the idea to finance this center with grant submissions and contributions from the business community?
Bryan: It will be a combination of grant support as well as corporate support. We have filed for a grant with the Department of Labor, called Tech Hire. They’ve made available $100 million dollars across the country — $50 million for the demographic of 17- to 29-year-olds that have a barrier to employment; and $50 million for individuals with developmental disabilities. We’re applying for $3.9 million, which would allow us to put well over 400 folks through our tech program for workforce development in the next four years.
IBJ: Do you have a particular budget?
Bryan: Without the Department of Labor grant, we are slated for $650,000 this year, a combination of cash and in-kind. That’s still a fairly ambitious budget for a first-year nonprofit, but we’ve been very blessed. Logistics Management Institute — LMI, one of our founding partners — has pledged a $100,000 gift to us and Aegis Strategies has offered to donate our office space and training facilities.
IBJ: Are there other nonprofits in the country doing what you’re doing?
Bryan: In the research study there were several other cyber centers that they looked at as models. And they identified six buckets of things that cyber centers are doing — information sharing, workforce development, research and development, contracting, education, and public awareness.
Each of the centers are doing some or all of those things. But nobody’s start has been the same. For the Florida Cyber Center, for example, the state legislature gave $5 million, funneled through the University of South Florida to establish a master’s of cybersecurity program. It created a network for all the state universities in Florida to tie into and create a hub.
ACSC (Advanced Cyber Security Center in Boston) is similar to our beginnings. They have an information-sharing component where companies pay a membership fee. In return for that fee they are providing biweekly Cyber Tuesdays and quarterly informational sessions.
IBJ: How is your own model going to work?
Bryan: I haven’t seen anybody doing a training model yet, so I think we will be unique in that component. We have a beautiful training lab with 32 work stations here. We’ll bring in subject matter experts to answer questions, in a very tailored curriculum, with the end result being the certifications to help further their career. We will have memberships in which companies can join and collaborate with other organizations.
IBJ: What’s going to be the key to the success of your operation?
Bryan: Our value add is going to be the relationship side, I believe. So, really, engaging the business community in understanding how they can become more cyber aware. Break down some of the information, make it digestible so that CEOs of our largest employers understand the language so they can really engage in the conversation of cybersecurity with their chief information officers.
IBJ: You’re based at Aegis Strategies, which does a lot of contract work with neighboring Scott AFB. Why is Aegis so firmly behind this?
Bryan: Having conversations with Jason and Jim and Nick — the partners at Aegis — they truly have a servant’s heart. Their mindset is if we throw goodwill out to the world, it will come back to us tenfold. They saw a need and have the capacity to help support it.
IBJ: So, will you remain here until further notice?
Bryan: For the foreseeable future we’re here. We are looking at different spaces, being out and about with our peer group. Having a work station at OPO (Startups) in St. Charles. Having a work station at T-Rex (in St. Louis). Having a space here.
Our Department of Labor grant (application) truly has a regional focus. Within our educational partners, we have Ranken, Lewis and Clark, Webster and Lindenwood. The grant is really focused on the two-year colleges. As we get more sophisticated we’ll bring on some of those four-year programs. We’re lucky within the region that so many universities have taken cybersecurity as a focus. Fontbonne has a great curriculum they’ve put together for a master’s level. Webster has a great master’s program. Maryville and SWIC have great programs. We’ll partner together and help their students achieve more. Webster’s been generous. We have a work station to provide our trainings at their lab down on Washington Avenue (in St. Louis). So, we have two state-of-the-art training facilities for our workshops.
IBJ: Tell me about yourself.
Bryan: I’m a pretty boring guy (laughs). I’m an Army guy, I spent nine years active duty on the enlisted side as a military policeman. I transitioned out in 2007.
IBJ: So are you from the Midwest?
Bryan: Born and raised in St. Charles County. I’m married and have four children.
IBJ: Where did you go to school?
Bryan: I got my MBA at Webster University, and I got my undergrad at Columbia College.
IBJ: Where did the nonprofit background come from?
Bryan: I stayed in Fort Leonard Wood for a few years after I got out. My kids were getting older and it was time to either move back to the St. Louis area or stay. My wife and I had an agreement: If I found a job we’d move; if not we’d stay. I reached out to a few friends and was connected to Eric Greitens, the founder of The Mission Continues in St. Louis. They offered me a position. During my time there I had the opportunity to learn first-hand what makes an organization incredible and what it takes to have a transformative impact on something very specific. The idea of an organization that wants to change something for the better and spends time doing so is inspiring to me.