Five Questions is a series about MISO employees – the women and men who empower our success every day. Meet April Morelock, lead, Cyber Security Operations, Carmel, Indiana.
What inspired you to pursue the field of Cyber Security?
My entire life I’ve had an innate curiosity about everything. I was always wanting to learn more, dig deeper. Since the start of my career 22 years ago, I had so many interesting things I wanted to learn – from computer system design and application testing to business continuity and disaster recovery. Over time, my focus turned to compliance with a heavy focus on information security.
My interest hasn’t waned – it’s as exciting today as it was 10 years ago when I took my first information security role.
Part of my excitement is that I get to access, work with and learn about all the inner workings of our systems … how they interact with each other … how they’re architected. I then get to solve the problem of how to protect them.
One day I’m looking at a UNIX command line while another day I’m learning more about how our email system works. When you add the satisfaction of doing something that has real impact – keeping our systems up and running, stopping attackers and troubleshooting system problems – it never gets boring.
The people I work with are smart, amazing people full of ideas and solutions. The possibilities and opportunities get my blood pumping.
How did your journey to MISO begin?
I started at MISO in March 2012 with the Cyber Security and Networking team as a compliance analyst. I had the chance to work Steve Wegrzyn and Ron Duplessis through the 2012 audit where I learned more about the inner workings of Networking in six months than I’d learned in the previous 12 years in IT. Between that and the knowledge I had of cyber security, I knew I’d found a place where I could grow my career and become a worthy contributor.
What exactly do you do at MISO?
I lead the Cyber Security Operations team. Our mission is to stop attackers in their tracks with our skills and technology. We do this by keeping our skills sharp and our tools and processes primed and optimized.
This requires that each team member be knowledgeable about the tools we use across the enterprise to protect our various systems as well as the different attack vectors that can be used. Day in and day out we monitor those critical systems, troubleshoot, analyze and act as the first touchpoint for cyber security. We take the information we get, identify possible cyber events, do the initial analysis and work with the Cyber Threat and Hunting team to ensure critical cyber events are investigated for possible Cyber Security Incidents.
In my role, I work with my team to pave the way for what they need. I’m always asking the questions – do we have the right tools, techniques, processes and people to handle what may come at us? I also work with project managers, incident response, crisis management, the IT executive team and others on compliance and security concerns so that we can properly communicate with our regulators and others on critical issues of concern.
What is the most rewarding aspect of your job?
Knowing I’m making a difference. It’s one of the reasons I stay at MISO and the reason I love coming to work in cyber security every day. I’m not an engineer or a doctor or a very good teacher – but every day I can do something that only a small number of people in the world can do — I can protect our data and systems from bad guys.
It’s even better when I consider that because my team is here and we’re doing this hard work, that I have a small part in keeping the electricity on for people like my stepfather, who rely on oxygen, or for any one of the children at Riley hospital (in Indianapolis) who need treatment. I may not be able to cure disease or end world hunger but I can do this.
What would you say to future students interested in the field of Cyber Security?
Don’t let the subject matter scare you off. Start with learning the basics of information technology (coding, system architecture, application design or networking), take some coding classes, learn a security framework like NIST 800-53, and most of all don’t get overwhelmed. There’s a lot to learn. Pick something that interests you and begin to study and read all you can about it.