To find some answers to these questions, Cisco asked numerous experts in the field of cybersecurity to answer the following question: “If given the chance, what advice would you give yourself when you first joined the industry?” Their insights help to reveal a number of resources that they wish they would have drawn on early in their careers. Provided below are their responses.
Martijn Grooten | Researcher, Writer and Security Professional | @martijn_grooten | (LinkedIn)
Security likes “rock stars”, that is, people who have very good technical skills or who are loud, very present, and can tell a good story. When you’re new in the industry, as I once was, it’s tempting to look up to them and try hard to be liked by them. This might give you a short-term career or confidence boost, but in the long-run, I have learned it is much more important to look out for people who are kind and who have a good moral compass.Jason Lau | Chief Information Security Officer, Crypto.com | @JasonCISO | (LinkedIn)
Like many others, my cybersecurity career didn’t really have a clear path, and it was through many side- channels and industry events that I met peers who ultimately gave me some great advice.Looking back, I would have told myself much earlier on to focus on the human element of cybersecurity. I was one of the earliest to dabble with eLearning in the days when the Internet was first gaining popularity before the Dot Com boom. This was when it was being used and tested in university courses where I was teaching engineering.
Given the success of eLearning, I would tell myself to continue in this space since there was already so much focus on technology, systems and software in the early days of cybersecurity and not enough on the “people” side of things, which is the initial cause of many incidents. Focusing on this topic could have made a much bigger impact on the early days of the security awareness training industry.
Fortunately, it is not too late now! I have been lucky enough to continue teaching cybersecurity at many universities as well as to conduct corporate security and privacy training to help improve the awareness for all. I feel this is a critical part of any industry. Cybersecurity is a shared responsibility, so the more sharing we do, the safer we will all become as a whole.
Phillimon Zongo | Chief Executive Officer at Cyber Leadership Institute | @PhilZongo | (LinkedIn)
There’s certainly things that I could have done better. Now that I have spent a lot of time mentoring people, I would say it would have been better if I had looked for a highly experienced mentor from day one. That would have accelerated my career trajectory in those five years that I’ve been pushing myself.I wouldn’t say it’s a big disadvantage. The path that I took was of self-discovery. I trained myself, I bought books and I scribbled everywhere. I just studied over time. But it’s true that persistence and resilience and never giving up are important because writing is very frustrating. For my first article, it took me about three and a half months to write a three-page article. That’s when I was aiming for quality. Eventually, I got it published in an international journal.
However, I would say if I were to go back, there’s not much that I would change because this formula is working for me now. I’m just continuously pushing myself, setting goals towards things that I’m afraid of doing. That’s what I do. Before I start doing something, I ask myself, “Am I scared?” If I’m not scared, then I don’t do it because it is through doing things that we are afraid of that we grow the most.
If there is one critical piece of advice that I’d give to aspiring cybersecurity professionals, it is that cybersecurity has become a product business issue with implications to the global economy; to the business value chain; to customer retention, business growth managers, and acquisitions; as well as to strategic business imperatives. If you can place yourself as someone who can communicate persuasively and with impact, who can simplify that critical message and push it to the wider business community, you’ll be able to differentiate yourself. Every time I mentor people, I see people doing the same old thing. They get certification after certification but forget that maybe 10 million people look like you. How are you different? What is something different that you bring to the table? I would say writing is something that you should strongly consider.
Ambler T. Jackson | Senior Privacy Subject Matter Expert | (LinkedIn)
If I had an opportunity to go back to the beginning of my career, I would have dedicated some additional time to learning about the technical considerations of data governance first. While I later studied data governance, what you learn from databases, data models, and data management helps to provide the big “forest-from-the-trees” picture for understanding why and how organizations capture data and how data elements move throughout the data lifecycle. I wish that I had obtained the formal education at the outset, as it would have helped to set the stage for fully understanding the lifecycle of a data element early on.Amanda Honea-Frias | Head of Product Security at Duo, Cisco | @pandaporkchop | (LinkedIn)
I am not one to wish for a time machine in general. I believe each success and failure has made me who I am today. I do not want to sound like I have had a perfect journey and that I have achieved all that I have intended to accomplish. Quite the contrary. My life is a continuous journey, and my occupation is just a part of that journey.Katie Moussouris | CEO of Luta Security | @k8em0 | (LinkedIn)
If I were to go back and give my younger self advice, I would probably aim myself towards early ventures that accumulated a lot of capital, a lot of cash. And the reason for that is not that everything comes down to money, it’s just that money makes a lot of things easier, such as making your ideas come to light and to fruition.When you’re a minority woman in any industry, I think it’s a challenge for us to be taken seriously early in our careers, mid-career or late in our careers. I think that having access to capital and the means to make some of our ideas come true is important. That would have been the advice I would have given myself back then.
Mo Amin | Independent Cyber Security Culture Consultant | @infosecmo | (LinkedIn)
If you can, try and find a mentor. There are more avenues and channels now than when I was starting out. When you find someone, make sure that you play your part in the relationship. You need to put the effort in, too. Also, remember to be patient with yourself. You can’t know everything at once. Pick an area that interests you and try to become the best that you can be in it.Richard Archdeacon | Advisory Chief Information Security Officer, Duo Security | (LinkedIn)
It’s about people. We have to understand the technology. But the most important skill is communication. No matter how strong our technology controls are, we will get nowhere unless we can explain the “what” and the “why.” Otherwise, we will become an obstruction and not a help.Our colleagues do not come to work to do security. They come in to carry out their tasks in their own departments in order to fulfill their roles. We need to ensure that they feel secure at work but not hindered from carrying out what they see as urgent.
An essential element of any change program is to articulate a vision and a set of objectives. This was a fundamental part of every IT transformation I have undertaken. However, all too often, technology solutions drove security. So, we have had to learn to build a network of the human sort in organizations as well as to ensure they understand the need and benefit of secure working. This has been the biggest change in security. Those CISOs who have succeeded have managed this aspect of their role well.
Want to learn more about what budding security professionals can do to advance their careers? Download Cisco’s eBook today!