Joshua Tannehill isn’t the type of superhero who wears a cape and mask. Instead, he dons shorts and a T-shirt while defending the country and its inhabitants from cyberattacks.

“It’s a true story and a funny one,” he said about how he first began his career. “My uncle basically told me I had no other choices and pushed me into the Air Force, which I don’t regret. It was divine intervention, though, because I was 17 years old and the year was 1995 and I chose to take an IT job within the Air Force. Operation Desert Storm and Desert Shield had just started and computer technology seemed like the best position to ensure I wouldn’t be shot.”

He said he had his mind set that he would do four years in the Air Force and then use the GI Bill to pay for his college education.

“I just wanted college help, career training and to get out,” he said.

Tannehill shipped out of Monroe to boot camp in September of 1996 and ultimately remained on active duty until 2005. From there, he joined the Alabama Air National Guard, later transferred to the Louisiana Air National Guard and served a combined 20 years of military service before retiring in July of 2019.

“The beauty of the National Guard is you do part-time Air Force and full-time whatever your day job is,” he said. “When I started the National Guard in 2007 my day job was doing cybersecurity for the military and then my part-time job was cybersecurity for the Air National Guard,” he said. “When I transferred to Louisiana Air National Guard my day job was cybersecurity for a defense contractor who supported the military and then in 2014 I started working for CenturyLink and my day job was doing cybersecurity for a national internet company and my part-time weekend job was cybersecurity for the Louisiana National Guard.”

He said this long transition time gave him time to assimilate to civilian life.

“When I joined the Air Force in 1996, cybersecurity wasn’t even a word,”  he said. “Around the year 2000 is when I first heard the word cybersecurity and since then it’s changed so much. If you look at industries, cybersecurity is an infant. Carpentry is one of the oldest industries since the beginning of time  — Jesus was a carpenter — and it’s a very mature industry. In Louisiana, specifically, oil and gas plant work has been around for many decades. Cybersecurity as a career in which you can actually go to school and learn how to do cybersecurity engineering has only been available in the past five years.”

Something else that has changed during his career, is the frequency in which hackers attack cyber networks.

“Mainstream and local media are now covering cyberattacks so frequently that the world is almost getting numb to it,” he said. “We went from not reporting on it at all because people didn’t understand it to now reporting it in the news all the time. Overexposure to it, I think, is causing some people to let their guards down.”

Tannehill said there is a parallel between cybersecurity and privacy.

“The crossover is data and who can see it,” he said. “With social media being so prevalent, people freely give up their data all the time. They’re giving up their own privacy. People are freely giving out sensitive information about their home life, their address, their date of birth, all of this sensitive information that can be pieced together to make you a victim of identity theft.”

Tannehill said that’s why people like him are trying to raise awareness and protect sensitive data.

“When I see someone on Facebook answer ‘How Well Do You Know Your Mother?’ surveys in which you answer 10 questions about your mom like what’s her maiden name and where was your mom born, I’ll privately message them on the side and tell them I know the quiz was fun and you don’t mean anything by it but you need to be aware. The answers to these quizzes are the secret questions asked to access online bank accounts.”

Tannehill said he developed a passion for preventing cybersecurity attacks when he was appointed to the Air Force Network Operations Center to protect military information from being hacked.

“My job was to protect all Air Force bases from different cyberattacks and that was so cool to me,” he said. “I’m this little ol’ guy from small-town Monroe and I’m protecting the entire U.S. Air Force’s computers from attacks from China. It was so cool to me. It opened more doors for me in understanding more about cyberattacks and it deepened my passion for helping people. I love my country, I love helping people and I want both to be protected.”

Tannehill said cybersecurity is what he knows and loves and it’s his best way to give back to his community,  founding or voluntarily lead five different cybersecurity organizations in Louisiana that are free for anyone to join — NELASEC in Monroe, DEFCON Acadiana in Lafayette, SWLA Cyber Krewe in Lake Charles, InfraGard – Louisiana Chapter and Cloud Security Alliance – Louisiana Chapter.

He also teaches cybersecurity part-time at Louisiana Delta Community College.

“I’m not a good carpenter, I can’t build things,” he said. “I’m not good at electrical work, I can’t rewire your home. I’m not good at a lot of things but what I’m good at is knowing the risk in cybersecurity attacks and how to protect your business from cyberattacks and how to protect your homes from cyberattacks.”

As the senior manager of the Trust & Safety Team at Lumen Technologies, he now partners with the FBI on their cyber investigations concerning child sex abuse material.

“Lumen fosters a culture of volunteerism and allows me to do this work for Lousiana in addition to my full-time responsibilities with them, he said. “Through those partnerships with the FBI, I started learning about InfraGuard, which really is about protecting critical infrastructure — oil and gas, food, agriculture, water, communication, health care,” he said. “The FBI wants to protect those so they partner with local businesses and industry to create a two-way communication and keep their ear to the ground for possible threats.”

Tannehill now volunteers with InfraGuard to lead community informational meetings around the region on how businesses can better protect themselves.

“The world has become so dependent on computers,” he said. “There was a cyberattack on the Colonial Pipeline and that created gas shortages. There’s ways to hack your vehicles, pace makers, cell phones, digital wallets. Our livelihoods are so dependent on computers.”

How to stay safe

Tannehill said there are two steps people can take to better protect themselves from cyberattacks.

“One is MFA — Multi-Factor Authentication — and that’s when you try to log in to your bank account and you are required to submit both a password and a one-time code that’s sent to you before you can access the account. Multi-factor just means more than one thing; two or more things you have to do to prove who you say you are. Not everyone wants to go through those hoops and leave that off, but it’s a minor inconvenience up front to prevent major inconvenience and having all your money stolen.”

He said people should enable MFA on any account they care about.

“Not necessarily your calendar, but your bank account, stock market account, health care account need MFA,” he said. “It’s the quickest, easiest and most effective way to protect themselves.

The second tip is to assume every email received is fraudulent.   

“Gas station clerks automatically assume your $20 bill is fraudulent,” he explained. “They put the bill up to the light then they run the marker over it. I want everyone to assume the same things about their emails until you do two minor checks: use your cursor to hover over the email address and see if the email address matches the display name and then look for clues for fraud like grammar errors or asking you to do tasks that that person has never asked you to do. Doing those two things would dramatically drop these email hacks and fishing attempts and make it much more difficult for the hackers.”