Jonathan Alphonse is a Haitian-Canadian-American with a myriad of cultural influences that has led him to his current career as an information security policy analyst. He shares in this inspiring interview how grit, perseverance, and strong values have led to his accomplishments such as passing the CISSP exam early on in his career. With deep roots in Haitian culture and faith, Jonathan is determined to continue giving back to his communities by developing effective technology risk management solutions and education.
Where were you born and raised?
I was born in Montreal, Quebec in Canada. I lived there for a few years and then I came to the States because my dad worked for the federal government. Initially, I relocated to Arlington, Virginia, and then to Fredericksburg. Many people think Fredericksburg is a small farm town in Virginia, but it’s a bustling suburb. The greater Fredericksburg city area has about 350,000 people and it’s mostly houses, community centers, and churches.
How do you think growing up in that community influenced you?
Growing up in that community gave me the opportunity to experience many different activities. Sports are big here, so I had the chance growing up to play basketball, football, and golf. I also had the opportunity to take music classes, so I did choir from middle and high school. Also, my faith and being a Christian played a big part in my upbringing as well. I volunteered a lot with the homeless shelter when I was in high school, and I still do a lot of food drives and help to collect clothing donations through my church. I also help deliver non-perishable goods like our annual turkey drive for Thanksgiving. One of the pros of staying in the suburbs is that it’s more low-profile, more mellow, and the pace is a bit slower, so I can take a step back and reflect on things like where I want to be in life in the next couple of years.
Do you have any memories of Quebec?
I moved to the States when I was very young but I had the chance to go back and visit since I have a lot of extended family members still there. I haven’t been since the pandemic, but it’s always fun returning because it’s a dual-language province. Sometimes I’ll try to speak French with extended family members since I speak mainly English and Creole at home. My parents are originally from Haiti, so I speak Creole pretty well and I took French in high school, but I wouldn’t consider myself proficient. It’s something that I would like to learn at some point to better understand my French heritage. I have a strong understanding of my Haitian culture, which is deeply influenced by France, but I’m less familiar with the French cultural aspects.
How does your culture influence you today?
I am a first-generation American, so I appreciate the trials and tribulations both my parents had to overcome to ensure I had an easier life growing up. My dad instilled in me to work hard, so growing up getting good grades was important and so was performing well in sports. I translated that mindset to my work today and I’ve always told people that being able to work is a privilege and to never forget that. I always challenge myself when I go to work to try to find new ways to learn and push myself to get better because you never know when you’re going to have to apply those skills. Coming from parents who came from the poorest country on this side of the world, I embrace being humble and I learned how to work hard for everything I have.
Who had the largest impact on who you are today?
I would have to say, my parents. Having an opportunity to have both of my parents in my life is truly a blessing. My mom is entrepreneurial, and she’s also a nurse. To see her work two jobs just to try to live the American dream made me understand that in this life if you want something, you have to go after it. My dad working from home also had a positive impact on me. It was important to me to have him there at home all of the time, especially during the summer. He was always there to challenge me. If he was reading a book he would encourage me to read it too or tell me about what he was working on so I would do something more productive than just playing video games all day. It meant a lot when I was in sports or choir to have both my parents show up and be there for me. Growing up, I think it’s very important to have your parents involved and you tend to appreciate that more as you get older. My parents are always there for me, it makes a world of difference.
Can you talk about your career path and how you arrived at being a policy analyst?
It’s interesting because I’ve always been open-minded and I have a tremendous amount of respect for risk management. I had the opportunity to take a couple of risk management and information security courses in college, but it wasn’t what I envisioned myself doing initially. I always thought of myself as a technologist and that’s how college was sold to me. If I wanted to work with computers, I had to get this degree and these certifications, and then doors would open.
After graduating right after the pandemic, I had a chance to work as a network administrator. I thoroughly enjoyed what I did and it allowed me to live out my dream as an IT professional. Unfortunately, after working there for a couple of years, I ran into some socio-economic hurdles that encouraged me to look for other employment opportunities elsewhere. The job search was long. Initially, when I was looking for jobs, I went to job fairs and applied online. One time I met a hiring manager for a technical security operations center role. He asked me what kinds of roles I was applying to. I gave him a list of roles that interested me and he told me that no one would hire me in governance, risk, and compliance because I don’t have experience in risk management. That challenged me to start looking for risk management roles, specifically roles like policy analysts. I was concerned at first about doing those roles. After all, I didn’t want to leave the technical skillset behind.
I decided I had nothing to lose since I was spending all my evenings looking for jobs anyway. I started applying to risk management jobs and within a month, I had a job offer and a start date. I used that hiring manager’s criticism as motivation and a sign to me to be open-minded and pursue this new path. Now, what I do day to day is talk to people educating them on security awareness and manage IT policies. During Security Awareness Month, I taught employees about the risk that GenAI poses. It is truly a blessing to have a job where I can have a positive impact and be closer to working as a cybersecurity professional than I was a few years ago as a network technician.
What is your greatest accomplishment so far?
I currently have eleven IT certifications. I’m currently working on my twelfth. One that really sticks out to me is the Certified Information Systems Security Professional (CISSP). It is the gold standard for cybersecurity professionals, think of it like the CPA exam for cybersecurity. Typically people take that exam later on in their careers, but my current employer encouraged me to take it sooner. Normally, you need at least four years of cybersecurity experience before you can achieve the credential, and I had zero at the time. When I took the test, I was only working as an information security policy analyst for a couple of months. The reason I feel like I was able to pass the exam was because up until that point, I had already taken about nine certification exams ranging in topics from networking, and general IT competency to IT service management. I had essentially spent years already studying and mastering the fundamentals so even though the CISSP exam was very difficult, I felt like this was an opportunity for me to say that I belong in this profession.
What is the biggest misconception you hear about cybersecurity?
The big misconception you can find on LinkedIn or other spaces is that cybersecurity isn’t entry-level. I’ve heard people say that if you have only a bachelor’s in cybersecurity, you’re not ready to work in the cybersecurity field. I disagree with this because this logic isn’t universal. So if someone has a bachelor’s in education or accounting they can’t be a teacher or accountant? It should be the same for every profession. Once you meet those basic requirements, you’re ready to enter the field. For some reason with cybersecurity, they like moving the goalposts.
I’ve had the opportunity to teach myself a wide range of technical IT skills. This past year, I volunteered as a Security Operations Center (SOC) analyst. I’m part of a program where I get to do SOC analyst work for free just so I can get the experience. In my opinion, as long as you have a degree and you understand basic networking, I could teach virtually anyone how to do this kind of work.
What is your mission for the future of your work in Computer Information Systems (CIS)?
I believe in the Information Technology Infrastructure Library (ITIL) framework, which embraces the idea that at the end of the day, everything involves the internet and technology. As a technologist, my goal is to take my technical skills to help develop new technologies and configure systems so that companies can thrive and meet their customers where they are. That’s how I see myself changing the world through my work as a technologist because something I learned when I worked in IT was that people get scared if their computer isn’t working properly. Some will even have panic attacks or are genuinely afraid to troubleshoot their computer, so having someone who’s there to do it for them is very important. Many people don’t feel comfortable with technology, so it is helpful to be able to talk on behalf of technology and explain it in a more personable way. This is how we can use technology to meet business needs. I’m not sure if I would go back to school, but if I did, I would get my master’s so I could teach. I believe that a profession that doesn’t invest in its future won’t thrive, so I would love to be put in a position where I could give back in that manner.
Jonathan Alphonse on LinkedIn
