2010 graduate working as cybersecurity expert
Royce Davis, 35, graduated from Dakota County Technical College in 2010 with an Associate of Applied Science (A.A.S.) in Information Systems Management. Today, Royce works as a principal red team engineer for ServiceNow, a $6 billion enterprise software company based in Santa Clara, California. With 6,200 customers worldwide and more than 12,500 employees, ServiceNow delivers a cloud platform that helps companies manage digital workflows.
“I was always interested in computer hacking,” Royce said, noting that his early perspective stemmed from a more mischievous, rule-breaking frame of mind. “Actually, Larry Dunn, one of my teachers at DCTC, allowed me to give a couple of hacker demonstrations/presentations in class. Larry eventually introduced me to a connection of his who ran a pentest [pentration testing] practice in Minneapolis. I landed an internship there back in 2010 and have been working in the field ever since.”
Judy Suddendorf, one of Royce’s former information systems management teachers and 2020 DCTC Instructor of the Year, is proud of his accomplishments in the field of cybersecurity.
“Royce is a great example of how far a two-year degree can take you if you put in the time and effort to develop marketable skills,” Judy said.
Royce worked as a consultant for six years, which meant he did plenty of traveling, providing cybersecurity assistance to clients across the United States, including Fortune 100 companies as well as small businesses with a single “IT guy.” Along with his A.A.S. degree, he is also an Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) and GIAC Certified Web Application Penetration Tester (GWAPT).
In his role at ServiceNow, Royce leads, executes and develops adversarial attack simulation campaigns—red team engagements—targeting business critical assets and infrastructure. He works from his home office in Frisco, Texas, a city of 117,000 residents in the northeast part of the state.
Royce added that working in the cybersecurity space, particularly in penetration testing and adversary simulation, is a very rewarding career choice. “This is a booming field that has allowed me to take really good care of my family,” he said.
In cybersecurity, a penetration test involves ethical hackers trying to break into a computer system, with no element of surprise. The blue team (defending team) is aware of the penetration test and is ready to mount a defense.
A red team goes a step further, and adds physical penetration, social engineering, and an element of surprise. The blue team is given no advance warning of a red team, and will treat it as a real intrusion.
A red-team assessment is similar to a penetration test, but is more targeted. The goal is to test the organization’s detection and response capabilities. The red team will try to get in and access sensitive information in any way possible, as quietly as possible.
— Source: Wikipedia
More about Royce…
Originally from Tomah, Wisconsin, a town of 9,000 residents on south fork of the Lemonweir River, Royce will have been married 10 years this July. His wife, Emily, is a stay-at-home-mom and home-school teacher. Royce and Emily have two daughters, Lily, 8, and Nora, 6.
In his free time, Royce enjoys astrophotography, chess, and playing guitar and piano. When asked what kind of music he likes best, he said, “Anything really, but on guitar I like John Mayer a lot. On the piano, I like Jamie Foxx and Brian McKnight.”
Royce noted that people who enjoy exploring the night sky are in basically one of two camps, visual observers and astrophotographers. As an astrophotographer, Royce tracks and photographs deep-sky objects along the celestial grid, which requires a decent telescope with a sturdy mount and an excellent camera, typically one designed for this specific purpose.
“Plus, you need computer electronics to calibrate and remotely control everything unless you want to stand outside in the cold,” he said. “Many backyard astronomers have an entire observatory with a robotic rotating dome roof as well as all the required cabling, electricity, Ethernet and even climate control. These setups get up over six figures easily. I have my setup permanently pier mounted and bolted into a 10 x 10 cement slab I poured in my backyard. This allows me to shave off a good hour each imaging night ‘polar aligning’ my mount.”
Royce is also interested in studying Taekwondo or Wing Chun. “I’ve always wanted to learn martial arts,” he said. “I’ve only just recently started my long journey. I’m a total newb, but I enjoy it! My oldest daughter, Lily, on the other hand has been training for four years and is now two belts away from her 1st degree black belt in Taekwondo. I’m extremely proud of her and motivated by her to train and get my black belt one day.”
Royce astrophotography gallery
One word that best describes your experience at DCTC:
Royce Davis • Q & A
How did your education at DCTC help prepare you for your career?
DCTC’s IT lab infrastructure was the first real enterprise network I ever got to “play” on. The teachers in the IT program were supportive when I notified them of things like default passwords on Cisco devices and missing patches on Windows lab boxes.
What traits do you need to be a competent penetration testing expert?
You have to be naturally curious and a bit mischievous. Penetration testing requires you to think like an attacker. You have to ask questions like what does this do? What is that for? What happens if you do it a different way?
What are the most interesting aspects of simulating a cyberattack on a company?
Without question, breaking in! Taking control of an enterprise network is kind of like the scene from Die Hard when the hacker cracks the final lock, and the vault door swings open and classical music starts playing. Just without the terrorists and the machine guns and explosions.
Three words that describe you as an information security expert:
TACTICAL. METHODICAL. FOCUSED.
What are the greatest cybersecurity threats to companies and organizations?
I’m hard pressed to pick just a few and say they are the greatest, but off the top of my head I would say too many internet-facing systems with weak authentication mechanisms, meaning no 2FA [two-factor authentication].
Another huge problem is surprisingly rapid growth of the business. Security is often an afterthought. People like me uncover systemic architectural design flaws (security flaws, that is) all the time in technology that has been implemented for years and now generates millions of dollars in revenue for the business.
When we say, “You need to take this down and rebuild it to be more secure,” that message is rarely met with positive enthusiasm.
What is your strongest takeaway regarding the suspected Russian cyber infiltration on U.S. agencies and companies?
No comment regarding the suspicion—I have no clearance or information to certify those claims one way or another. I will say that it wouldn’t surprise me to learn that Russia and/or other countries have penetrated U.S. computer networks. I suspect the same is also true the other way around.
What advice would you give students thinking about making penetration testing and information security their career path?
Learn about attack methodologies and practice discovering network vulnerabilities and attack vectors. I’ve written a book called The Art of Network Penetration Testing that covers in detail my four-phased approach to performing an internal network penetration test targeting a modern enterprise. The book comes with a free lab environment that would be a great place to start.
The Art of Network Penetration Testing:
How to take over any company in the world
By Royce Davis
Network penetration testing is about more than just getting through a perimeter firewall. The biggest security threats facing a modern enterprise are inside the network, where attackers can rampage through sensitive data by exploiting weak access controls and poorly patched software.
Designed for up-and-coming security professionals, The Art of Network Penetration Testing teaches you how to take over an enterprise network from the inside. The book lays out every stage of an internal security assessment step by step,showing you how to identify weaknesses before a malicious invader can do real damage.
After setting up a virtual environment to use as your lab, you’ll work step by step through every stage of a professional pentest, from information-gathering to seizing control of a vulnerable system.
What are the best ways individual PC, Mac and mobile device users can protect against cyber intrusions?
Without question, use a password manager to create unique randomly generated passwords for everything. It doesn’t matter which one; I make my wife and kids use LastPass, but there are several other great options.
If you’re an individual user, attackers don’t really care about you unless they know you personally and are targeting you specifically. Your major risk is that a company you do business with gets hacked and your username/email/password, etc., become exposed.
So, if someone hacks Facebook, for example, and you use the same password and email address to do your online banking, now the attackers could potentially drain your checking or savings account. So, whatever you do, do not reuse passwords, ever.
Where do you see yourself in 20 years?
Hopefully no longer working but instead just living, traveling, spending time with my wife and spending time with my kids maybe even grandkids by then.
What person has influenced you the most in life?
My dad, Steven Davis. He passed away 14 years ago. I’m not a religious person, but he was. Shortly after he died, I decided to go to college at least partly because that’s what he wanted me to do. It wasn’t something I was considering before then. I chose DCTC because I thought I could get accepted, and I thought I could afford the tuition.
More about Information System Management at DCTC…
This interdisciplinary program combines courses from Networking Administration, Software Development and Information Systems Management to teach a unique blend of networking, programming and management skills. Graduates are prepared to function in small business firms as the sole computer resource person. Equipped with entrepreneurial knowledge, they can start their own computer consulting firms.
Information systems managers experience a high level of social interaction on the job, where they use well-developed analytical skills. Job duties generally keep them indoors, and they typically work a regular business week.
Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems.
The median annual wage for information security analysts was $99,730 in May 2019.
Employment of information security analysts is projected to grow 31 percent from 2019 to 2029, much faster than the average for all occupations. Demand for information security analysts is expected to be very high, as these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or causing problems for computer networks.
Royce Davis • 12 Answers
- Favorite sport or physical activity: Martial arts: Taekwondo and Wing Chun
- Place you would most like to visit: Japan
- The most exciting thing you’ve ever done: Becoming a dad
- Three things you would do if you won a $1 billion lottery: After doing everything in my wildest dreams, I’m not sure what I would do with the remaining $990,000,000; So just off the top of my head: 1) Something with AI 2) Something with cryogenics 3) Something with human neural hacking
- Favorite TV show you’re watching now: Travelers
- Best movie you’ve seen lately: Jurassic Park (finally got to watch it with the kids)
- One thing you most want to accomplish in life: Retire early and wealthy
- Your national bird if you were your own country: I hate birds—I have an irrational fear of them
- Dream occupation: Astronomer
- Person you would most like to meet: Neil deGrasse Tyson
- Skill you would most like to learn and master: Wing Chun
- Most important issue or problem facing humankind: Widespread denial of scientific information
Learn more about Information Systems Management, Networking Administration and Software Development at DCTC by contacting:
Information Systems Technology Faculty
Information Systems Technology Faculty
Information Systems Technology Faculty
Information Systems Technology Faculty