Skip to main content

Jumping the Pond: Making the sideways move into CyberSec


So far, a large portion of this blog has been dedicated to helping people begin their careers within the Cyber Security sector from the beginning, i.e. straight from college or university. This week, I’d like to explore the options for those looking to make the move from other career paths, specifically with an eye to those looking at managerial positions. If you are already coming from an IT background, this post might have one or two things you might find useful, but you’ll probably have access to other resources that might be better suited to your needs.

I want to note here that while this will guide you through some of the options and a few certifications that will help move into CyberSec, some technical competency is a must. A good level of understanding of the technologies and principles underlying those technologies is unavoidable in this field, as you’ll see below. My suggestion would be to look at my earlier blogs and some looking around, as I won’t go into depth about technical knowledge here, as the same technical certifications and knowledge from those blogs apply.

N.B., You will notice that I use the terms ‘Cyber Security’ and ‘Information Security’ interchangeably. While these two terms have different definitions, in this context both do apply. See here for a good definition of both terms, and their differences.

This week, I’d like to give you a general overview of what is expected of a manager in the CyberSec, on top of leading a team to its fullest potential. This is to give you an idea of what to expect, to give you a better idea of what is involved and if it is for you. Next week, I’ll go through a few of the certifications that will boost your CV and your chances of moving into the field.

Roles and Responsibilities


As a Cyber Security manager, your title will cover various, diverse duties, all of which are crucial to aiding the company avoid risk and exposure. This position isn’t just about managing staff, evaluating their performance and justifying your department’s budget and existence: it requires full engagement with the organisation on different levels. The following are amongst the most important responsibilities that come with the role:

Monitor all operations and infrastructure – This will be the bulk of your team’s daily duties, and it is important you understand the role of your analysts and operations staff. Going through the security and event logs can be a tedious task, but it’s also the point at which breaches, risks and vulnerabilities are likely to be found.

Maintain security tools and technology – Almost certainly a joint effort with your organisation’s security office, it is important to keep these up-to-date and in compliance with your policies.

Monitor internal and external policy compliance – Writing and enforcing security policy, as well as auditing and renewing it periodically, is an important aspect of the role – making sure that both your company and its external vendors are complying to your security policies.

Monitor regulation compliance – This might be an aspect of your role you may want to delegate, particularly if you handle lots of personal identifiable data, particularly considering GDPR. With the large fines involved in failing to comply with legislation and regulation, this is one area that requires extra care.

Work to reduce risk – Designing training and writing reminder memos and emails are just some of the measures you can take to help bring everyone in your organisation up to speed with security practices.

Implement new technology – Investigation new technologies and evaluating their risk factors and the mitigation techniques you need to take to roll that technology out.

Ensure cybersecurity stays on the organisational radar – This one speaks for itself. You will be required to ensure that everyone knows that security is everyone’s responsibility, and it needs to be pro-actively kept on top of.

Detail a security incident response program - Every organization should have a well-defined, well-documented response plan to be executed if a security incident does occur. The plan should detail each team member’s roles and responsibilities in such an event, as well as the guide to how to proceed in the aftermath of an incident, i.e. gathering evidence, reporting to the correct authorities, what the priorities are in terms of business continuity. It would also be advisable to have those involved run through some simulated incidents, so the plan is smoothly executed if needed.

Labels:

Comments

Post a Comment

Popular posts from this blog

Logical Fallacies - Why do they matter?

I came across a wonderful poster image by a talented artist, Michele Rosenthal , which depicts a robot debate: Granted, these aren't all the logical fallacies that exist, but it covers the most obvious, and most abused ones. But why are they important? We currently live in an age where we have access to more information that at any other point in history, and yet somehow we still think that arguing from emotion, or with our cognitive dissonance blinders on, is both right and acceptable: it isn't, not by any stretch of the imagination. Postmodernism may have a place, but not here. Yes, you absolutely are allowed to feel they way you want to, but debates are places for facts and ideas that need to be scrutinised rigorously, not with playground threats and character assassinations. "I feel" is not an argument that belongs in a debate - your feelings are valid for you, yes, but you can not simply refute the evidence-based assertion of vaccinations work with the st...
Post a Comment
Read more

The Ancient and Venerable Art of Google-fu

Other titles considered for this post: How Not To Piss Off Entire Forums and Facebook Groups; Avoiding the Banhammer; Stop Being Lazy and Look it Up Yourselves. Before you can embark on a career in, well, anything even vaguely IT related (or do practically anything), you must master one crucial skill: information searching. In the days of yore, and even rumoured to still exist despite budget cuts, there were in of cult of specialists in this area, who guarded their domains jealously: the librarians. These knowledge-fanatics could divine what you were looking for from the ridiculously poor and mumbled explanation you gave them, then translated that into a secretive code which led you to a shelf in a library, and then to the book you were after. Just like magic. These days, while librarians are still a vitally important part of cataloguing knowledge, we also have another, less mystical, tool at our fingertips: the Search Engine. Unfortunately, very few people have bothered to le...
Post a Comment
Read more

It's all about the angles

I could describe the surroundings for you perfectly, down to the way the grain went on each of the wood panels on the floor, I could talk to you at great length concerning the cobwebs knocking at my door or the baying crane flies attacking the windows, baying for the bleeding luminescence seeping from the screen. I could go so far as to describe each and every instrument playing on the track I was listening to, the perfectly clear Irish lung-pipes of Cara Dillon’s songbird vocals. But I won’t, because none of that matters, at least not in this context, or perspective. It all comes down to angles you see. Not the angles of everything around us, but our angles. The tilt of the head to listen more intently, the hunch, or straightening of the back to become comfortable. The adjustment of glasses to see an image properly, or in this instance, to see the image no-one else may have seen. It doesn’t take much to shift your physical perception of anything, but it opens up a myriad new worlds, ...
Post a Comment
Read more