Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
Join us for our series featuring interviews with Community IT employees. In this series, we talk about nonprofit technology career paths, career resources, skills, and certifications. We will also touch on mentoring opportunities as you start out on your career and ways to give back if you are further along. If you are wondering what it is like to work at a place like Community IT, you can learn about it here.
In today’s interview, Carolyn talks with Matt Eshleman, Chief Technology Officer, who has been with Community IT over 23 years, about how his job has changed with the growth in the need for cybersecurity expertise.
Matt started at Community IT as a college intern in 2000. He’s seen a lot of changes over those years and shares some of his insight here.
We have really taken a relationship-driven approach to the technology support that we do. We’ve recognized that the actual technology piece of the work is relatively small. It’s super important, but it is relatively small. The big thing that we focus on is helping organizations use and adopt appropriate technology solutions. And that really involves a lot of planning. It involves understanding the organization, understanding their staff, how they use technology, and the tools that are available.Matt Eshleman, Chief Technology Officer
As the Chief Technology Officer at Community IT, Matthew Eshleman leads the team responsible for strategic planning, research, and implementation of the technology platforms used by nonprofit organization clients to be secure and productive. With a deep background in network infrastructure, he fundamentally understands how nonprofit tech works and interoperates both in the office and in the cloud. With extensive experience serving nonprofits, Matt also understands nonprofit culture and constraints, and has a history of implementing cost-effective and secure solutions at the enterprise level.
Matt has over 22 years of expertise in cybersecurity, IT support, team leadership, software selection and research, and client support. Matt is a frequent speaker on cybersecurity topics for nonprofits and has presented at NTEN events, the Inside NGO conference, Nonprofit Risk Management Summit and Credit Builders Alliance Symposium, LGBT MAP Finance Conference, and Tech Forward Conference. He is also the session designer and trainer for TechSoup’s Digital Security course, and our resident Cybersecurity expert
Matt holds dual degrees in Computer Science and Computer Information Systems from Eastern Mennonite University, and an MBA from the Carey School of Business at Johns Hopkins University.
He is available as a speaker on cybersecurity topics affecting nonprofits, including cyber insurance compliance, staff training, and incident response. You can view Matt’s free cybersecurity videos from past webinars here.
Carolyn Woodard has served many roles at Community IT Innovators, from client to project manager to marketing. With over twenty years of experience in the nonprofit world and marketing, including as a nonprofit technology project manager and Director of IT, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating.
Carolyn is excited to help manage Marketing at Community IT Innovators and is always looking for new ways to tell stories and reach people. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College. She thinks the best thing about being with Community IT Innovators is the people.
Carolyn Woodard: Welcome everyone to Community IT Innovators’ Voices interview. Today, I’m very happy to be interviewing Matt Eshleman. So Matt, would you like to introduce yourself?
Matthew Eshleman: Sure. Thanks for the intro, Carolyn. My name is Matthew Eshleman and I’m the Chief Technology Officer here at Community IT and actually as of this week which is in January of 2023, I’m celebrating my 21st anniversary as a full-time employee at Community IT.
Carolyn Woodard: Congratulations. So that’s my first question.
Matthew Eshleman: Sure. Even though I’m celebrating my 21st anniversary as a full-time employee, I actually started as an intern in the summer of 2000 as part of my university program at Eastern Mennonite University.
I was coming to DC to participate in a program that they called the Washington Study Service Year. That combined a year in DC living in a group house doing part-time volunteer work, and then taking classes part-time and living in community. My internship was at Community IT. I started a little bit early so I could kind of get a jumpstart on living in DC and just have that experience. I was able to get connected with Community IT and was able to combine part-time tech work. During that first year, I did IT support at a nursing home. And then I also taught after school computer classes at the Thurgood Marshall Center which was located in the YMCA, just off of U Street in DC.
Carolyn Woodard: It seems like a long way from starting as an intern to being Chief Technology Officer.
Matthew Eshleman: Well, no day is typical, and I kind of have a dual focused role in that I’m responsible for the oversight architecture and management of what we call our centralized services team.
At Community IT, we provide managed IT services to almost 200 nonprofit organizations that represent about 6,500 devices. I oversee the team that’s really responsible for managing the tools and technology that we use to handle all of those endpoints. That’s one big area of focus.
The other area of focus is more client-facing in terms of working with larger organizations to help them plan and architect more sophisticated technology solutions that may be required for their organization. In that role, I really work a lot more closely with our IT business managers and the projects team to develop requirements and figure out the best technology solutions that would be appropriate for those organizations.
Matthew Eshleman: Yeah. I think it’s something that’s unique that Community IT does. Early on, we have really taken a relationship-driven approach to the technology support that we do.
We’ve recognized that the actual technology piece of the work is relatively small. It’s super important, but it is relatively small. The big thing that we focus on is helping organizations use and adopt appropriate technology solutions. And that really involves a lot of planning.
It involves understanding the organization, understands their staff, how they use technology, and the tools that are available. That IT business management role was really developed and created as a separate entity within Community IT a number of years back. Because what we found is that there’s really some specialization that’s required to operate networks.
We have centralized services that’s really focused on consistency and operating at scale, so we look at our network as 6,500 devices in 200 sites. We really want to take a consistent and automated approach to supporting them.
We have engineers who are very good at projects and really great at technology.
And then we have this whole separate role of IT business managers who are really focused on working with our clients to understand their budgeting cycle, their financial requirements, their operating requirements and then relate those specific requests back to the different teams so that we can get the right people playing the right roles at our client.
Carolyn Woodard: That makes a lot of sense.
Matthew Eshleman: Well, I really like the fact that I get to work at a tech company that has lots of great employees. I think we’re almost at 50 staff right now, and I think we’ve got great people, great employee owners working at Community IT, who are really dedicated to their job. They’re experts and they’re always willing to share what they know. I think that’s great to feel like I’ve got the support of a huge bench of tech staff.
And then I really enjoy the client work that we get to do. Working with so many different organizations, seeing how they’re using technology to support their mission or get it out of the way so that they can really focus on their work is really energizing to me.
And to see how many different organizations we get to affect. Whenever I see clients in the news or hear them on the radio, I really love knowing that Community IT has played a role in getting that organization to where they are.
Carolyn Woodard: I know, it’s such a great feeling when you’re like, we help them, we support them to do that cool stuff.
It sounds like you were interested in technology even as a college student and you knew you were going to have a technology career.
Matthew Eshleman: Well, it helps to figure out what you like and what you’re good at. And I was really fortunate in that the college experience I had included that internship element. I think without that internship element, I wouldn’t have ended up at Community IT certainly. It may have taken me a lot longer to end up at a place where I really felt comfortable.
For me, having some kind of internship or volunteer experience is really helpful. I was a computer science major. I have a math minor and a degree in Computer Information Systems. And so I knew I wanted to be in the tech space, but it wasn’t until I came to DC and had that internship experience when I realized that the things that were really appealing to me were working with end users doing some of the network administration side.
And it wasn’t the coding and development that was appealing to me. I’m an outgoing person. I like that social interaction. Meeting and interacting with clients, going from place to place, that was all really energizing to me.
If all I had was a background in coursework, doing coding projects, I don’t think that gift of being connected with people would’ve been realized. I do think for folks that are starting out, finding ways to get connected with volunteer opportunities or internships or other services as a way to do some self exploration, to figure out what you like, what you’re good at, what you have talents in is really an important way to start.
The certifications and all of that stuff can come later. Technology is one of those fields where you don’t necessarily have to have a tech degree background to get started. I think that may be shifting a little bit, but I look around at the colleagues that I have at Community IT, and some of the most talented people don’t have a tech background. They don’t have a tech degree, but they have aptitude for it, and they’ve cultivated it over time. Maybe they’ve supplemented that learning with some additional certifications which again can always be added on later.
Carolyn Woodard: That makes sense. I’m guessing that cybersecurity was not as big a part of your role when you started 23 years ago. That is definitely something that’s changed a lot.
Matthew Eshleman: Yeah, when I started at Community IT back in 2000, there wasn’t a whole separate discipline around cybersecurity. We certainly had best practices for how we would expect to set things up and good practices that we would follow. But that really has changed over time. Certainly there wasn’t the same scale of cybercrime that exists now. You see that certainly in the FBI reports over time. That’s something that’s really accelerated a lot just over the last five to 10 years. And so there wasn’t the same degree of threats. We’ve always had antivirus on our networks that we supported. We’ve always encouraged clients to have good passwords.
But the scale and complexity of what is considered cybersecurity certainly has expanded. I do think in reaction to the rise of cybercrime as a financially motivated activity to break into networks and either try to deploy ransomware or just straight up dupe people or con them into buying gift cards or updating wire transfer information. There has needed to be a really separate and added focus on protecting an organization and protecting their data.
I think it came out of our approach of having good IT practices. And then those certainly have evolved to keep up with the attacks that we see across the networks that we support.
Carolyn Woodard: When you expressed an interest in taking this on, or becoming our internal expert in this, how did Community IT support you in that? I’ve been interested, over these interviews, that people don’t stay stuck in [a role]. If you start on a help desk, you’re not necessarily on the help desk forever.
Matthew Eshleman: Yeah, I started as an intern working 20 hours a week. And of that only maybe 8:00 to 10:00 was actually doing tech work. I was what we called back then, a Network Administrator, so a tier one technician. After about a year or two, I was promoted to Network Engineer. Back in those days, every tech had a stable of clients they were responsible for. We didn’t have any centralized management. I moved up as an engineer, and then I had the clients that I supported, and I did everything from technical escalation from the tier ones that I was responsible for to the projects of the client. That became more specialized and I became a team lead responsible for a number of techs.
I think we have been developing the business over time. Community IT of 2000 looks a lot different than Community IT of 2023 in that there are jobs and responsibilities and titles that just never existed back then. We have done a lot of that business innovation along the way to figure out what jobs need to be done to support our clients, what positions may need to be created to encourage and take advantage of the skills that our staff have.
I think my first more senior level title was completely made up. I think I even wrote my own job description. I said, I’m going to be the Director of Professional Network Services. That sounds like a cool title. Has director in it, has professional in it. I don’t know that it made sense outside of any context, but in working with the leadership at Community IT, they’re like, okay, sure. We see that you’ve got some skills and talents in the planning and architecture area.
As we were growing and evolving as a company, that was a role that was okay to move into. The same way, the CTO [Chief Technology Officer] position never existed before. I essentially wrote the job description and talked to Johan, who’s now the CEO, and said, hey, I really think I’m the CTO. That’s a role that I think I’m doing already. Here’s the job description; let’s figure out a way to make that transition happen.
A lot of it was evolving over time and creating new job titles and new responsibilities in reaction to where we were as a company and the needs of our clients and the skills and talents of our staff. So, we have some unique job titles at Community IT, because it has been largely an environment where we tend to hire a lot of junior staff and then cultivate them and grow them up. We have not hired a lot of outside senior level techs from other organizations. It’s felt like a very solid and organic growth plan that we’ve had that’s really had strong leadership built in over the years.
Carolyn Woodard: Since you are a cybersecurity expert, while I have you here,
Matthew Eshleman: Yeah. The less glamorous truth is a lot of cybersecurity is not all hackers and hoodies and what’s the most sophisticated thing we can do to protect ourselves, and how are we going to hack back the people that are getting us?
That’s why we’ve taken a pretty measured and deliberative approach to cybersecurity. I don’t get super excited or distracted about what’s the latest security breach to come out, because if organizations have good foundational plans in place, whatever the next breach is shouldn’t actually impact their plan.
The plan all organizations need to follow is really grounded in foundational elements such as having an IT acceptable use policy for your organization. Having clearly communicated standards about the technology that we use at the organization, here’s how it’s expected to be deployed. Here are the information systems we have, here’s the sensitive data that we have to have. We don’t want to collect more data than we actually need to use.
We’re going to provide security awareness training for our staff to help educate them. Because as much as the buzz is around sophisticated hackers finding some website vulnerability and penetrating their way into the network through sophisticated zero day attacks, the fact is most attacks are originating through email tricking staff into clicking on links, giving up their password, even maybe giving up their multifactor authentication, and then breaking in that way.
For organizations that can educate and help train their staff, that’s a great resource. And then on top of that, making sure every account has good passwords protected by an app-based multi-factor authentication so that if that password or when that password is inevitably taken, you’ve got that additional layer of multi-factor authentication control in place.
In the work we do, we certainly encounter really sophisticated attacks, so there may be more that some organizations need to do. We work with organizations to implement a lot more sophisticated controls.
But when it really comes down to it, having staff who are engaged and aware and know what to do whenever they see something that looks strange, that’s an important foundational step.
And having good strong passwords with multifactor authentication, that’s another critical step.
Making sure computers are up to date and protected with a good antivirus package, that really gives you some good building blocks to make sure that your organization is protected against what the most common attacks are going to be.
Carolyn Woodard: I know that a lot of people have stereotypes around technology and people who work in technology, and some of them are fair, some of them are not fair.
Matthew Eshleman: Yeah, I think that’s a good question. I would say over time, Community IT has become a better place to work for people with different types of skills.
In the early days, because of the way we worked, everybody was kind of their own island and responsible for doing all the things. If you were extroverted and/or a good problem solver and really detail oriented, those were the kind of people that were really successful at Community IT.
Over time as we develop more specialization, it creates opportunities for people with different skills and abilities to join Community IT.
Like I mentioned, I’m responsible for our centralized services team. They don’t ever really talk to clients at all because they’re really back end focused. I think people there tend to be more introverted, but they have a high degree of responsibility and ownership over the platforms that they support. So even though they’re one step removed from engaging with our clients, they still have that core connection to being open, sharing the knowledge that they have and feeling a high degree of responsibility.
I think folks who are on our service desk and are answering phones tend to be really detail oriented, really personable and have that friendly, engaging demeanor so they can react and respond to people who are having frustrating technology challenges and just need to get it fixed.
And then, we’ve got this whole IT business management team that really is a less technical role. They’re not necessarily fixing the most detailed problems, but the folks on that team are client facing. They may have more gifts and capabilities around strategic planning or requirements analysis.
Over time, one thing that I’ve really appreciated at Community IT is that we’ve been able to create some different specializations and get people into positions where they can play to their strengths. They can do things that they are good at and they enjoy and then that provides value to our clients.
Taking that strengths-based approach has been good for Community IT and given us the long employee retention that we have. People come to Community IT and they tend to stay a long time because it’s a great place to work. We get to work with a lot of really fantastic organizations, and people are in jobs where they’re good at what they do and they’re not beat up for weaknesses that they have, but they’re put into positions where they can use their strengths to be successful.
Carolyn Woodard: That is one thing that in these interviews I’ve found – there’s a lot of job satisfaction and a lot of work life balance as well.
This is a question I often ask people and I get asked as well.
Matthew Eshleman: I first start with just, we provide IT services to nonprofit organizations. That’s kind of the baseline. And depending on the response from there I would go on. People who work at really large organizations don’t quite understand that. I think people who work at small organizations or particularly nonprofits are like, oh yeah, then the conversations go from there, talking a little bit more about our outsource IT services.
Cybersecurity has become quite buzzy in the last couple years, so talking about how Community IT supports organizations from a cybersecurity perspective often will continue the conversation and get a lot more interest.
Carolyn Woodard: Thank you so much, Matt, for taking this time to talk to me and letting me know all about your 23 years at Community IT. Congratulations again, and thank you.
Matthew Eshleman: Great. Thanks, Carolyn. It’s been really fun talking with you about this and talking about Community IT and just thinking about the last 23 years and all the growth and evolution that’s happened over that time.
We hope you enjoyed this Community IT Voices interview with Matt Eshleman. Community IT is the right place for you if you find fulfillment in helping others succeed and love mastering new technologies.
Our employees stay and grow with us, and over half of our staff have been with us for over a decade. Community IT is an employee-owned company with a positive, sustainable workplace that promotes professional development and a healthy work/life balance. We have been 100% employee-owned since 2012. Check out careers with us here.
Join Matt Eshleman on Wednesday, April 19 at 3pm Eastern, Noon Pacific for a presentation and Q&A on real emerging threats and a practical approach for nonprofit cybersecurity.
Fill out the form below to request a quote. We’ll be in touch shortly to discuss your needs and take the first step toward better nonprofit IT.