A Realistic View into the Cyber Security Profession

The New Hampshire High Tech Council recently welcomed cyber security professional Candy Alexander as the guest speaker for their monthly TechWomen Power Breakfast. Awareness of the need for cyber security has increased year over year as news of security breaches has become more frequent, prompting an eager audience for this highly relevant topic.

Candy Alexander started working in the information security field many years ago, growing up with the profession, and now serves as a consultant and “virtual” CISO (Chief Information Security Officer).

Cyber security was first recognized as a job in the public sector 35 years ago. Primarily, it’s been an inherently “reactive” effort in that security professionals generally react to breaches into computer systems and try to figure out how they happened. Candy believes this has preempted the industry’s ability to create proactive approaches to the problem.

It’s been commonplace for senior management and other business people to balk at most security measures, such as changing passwords frequently, which can make implementing security measures challenging.

There’s currently a lot more attention on cyber security, and most larger companies and companies that are regulated, such as those in the financial sector, have made efforts to hire security professionals. However, most small and mid-sized companies, despite being just as susceptible to security breaches, rarely have a security professional on staff, making them much more vulnerable to attack. For information on security procedures for small businesses, Candy recommends the Small Business Administration and the New Hampshire Business Review.

At the same time that security professionals have been engaged with defending their information systems, the people who set about to breach systems – hackers – have over time become more sophisticated, devious, and ubiquitous. Many security professionals now believe it’s not a matter of “if” you will be attacked, but “when.”

Staffing Problems are Career Opportunities

Candy then brought the conversation around to career opportunities in the field. A report from Cisco (PDF) estimates there are more than one million unfilled cyber security jobs open, with further growth in this field expected.

Opportunities are especially attractive for women in the field, as many companies are seeking to increase their staff’s diversity. The Women’s Society of Cyberjutsu (WSC) reports that women comprise only about 11% of the information security workforce.

The difficulty in filling open positions has been compounded by the fact that universities have not been offering degree programs in cyber security until the past five to ten years. In addition, many university and training programs can offer only a limited view of the field, so actual hands-on experience is vital to an effective workforce, putting experienced professionals in great demand.

Candy speculates that the skills gap might be compressed by training professionals who are already experienced with information and have related skill sets, such as business analysts and program managers.

Many executives do not fully understand the role of cyber security and its importance to business, which Candy said may be frustrating to professionals in the field, and something that those considering a career in the profession should keep in mind. According to a recent survey (PDF), more than half of security professionals state that the skills shortage results in an increased workload on staff.

Be Proactive With Building Your Career

In closing, Candy offered the following tips to those interested in breaking into and succeeding in the cyber security field:

  • Grow your knowledge with up-to-date online resources such as Cybrary, ALISON, and YouTube.
  • The most effective training courses tend to be those that focus on specific cyber security topics.
  • Develop well-rounded skills. In addition to technical knowledge, develop business knowledge and great communication skills.
  • Find mentors, whether through formal programs or informally, such as your colleagues, or your organization’s consultants.
  • Gain practical experience, such as through volunteering.
  • Join professional organizations.

The TechWomen Power Breakfast series is an initiative of the New Hampshire High Tech Council, serving professionals enthusiastic about technology and supporting the efforts of girls exploring STEM as a career or area of study.

Candice Benson is an internationally recognized management consultant and CEO of Benson Consulting Inc. She specializes in change management, process improvement, and program management, leading companies to operational excellence. Candice is on the Board of Directors for the New Hampshire High Tech Council, serving as Chair of the Tech Women|Tech Girls Committee, and is the Regional Director for the Boston network of the professional association, Women in Technology International (WITI). Connect with her and her blog here.

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.