Skip to main content

Jumping the Pond: Making the sideways move into CyberSec pt. 2


Following on from my last article, here’s some more information on changing industries for managers. Hopefully I didn’t put too many of you off switching careers in my previous article, where I explored what managerial life would look like in the InfoSec world. As a continuation, this post looks at which certifications are best to get you the necessary managerial competence in the field to start your new career.

Some of these do include a certain amount of technical training in the course material, others just look at concepts instead. Should you choose one of those, I would recommend at least doing some research into the technical side of things. While exploring free, online learning resources might not cut it completely, they are better then nothing and will help give you a grounding for when you choose to complete a recognised technical qualification.

Certifications


This will be by no means a comprehensive list of certs, but it will be enough to get you started and pointed in the right direction. As you haven’t spent your working years within IT or Cyber Security, getting yourself certified is a good, and quick, way of getting up-to-speed with the industry, its standards, and where it sits in terms of organisations and the wider world.

ISO27001 Foundation is a highly recommended place to start. Its purpose is to provide a managerial overview of Information Security, how to provide and document an Information Security Management System. This is but the first of several certifications available relating to the ISO27001 Standard, which lays out best practice for InfoSec.

ISACA’s CISM (Certified Information Security Manager) is one of the most prized certifications in the industry today, and almost certainly a requirement for senior management and for IT-related C-suite posts. Working your way through this certification will help you gain technical competence, and how to bridge the gap between Cyber Security practices and the rest of the business.

CISMP is a foundational certification from the BCS, The Charted Institute for IT. It is purpose-designed for anyone looking to get into the management structure through InfoSec, covering a range of topics including CyberSec, legislation, security standards and business continuity. Given its broad subject area, and the fact that it is run by the BCS, the Certificate in Information Security Management Principles would be a personal recommendation to breaking into CyberSec management.

CISSP from ISC2 is also a highly recommended certification to hold and course to take, but is a little more geared towards industry-experience management. To see more, I have written about this cert in an earlier blog, but thought it worth mentioning here as an idea of where you might want to start looking for future development.

These certifications, and their associated courses, are a small, but recommended selection for getting started on the transition into CyberSec management, and not the be all and end all. While certain types of threats, concerns and vulnerabilities will stay similar over time, the landscape is ever shifting, and will require constant training to ensure you and your teams are prepared and armed to combat the latest disaster-in-waiting.



Comments

Popular posts from this blog

This is not a New Year’s Resolution

I'm not a one for resolutions or anything, I prefer to at least try to be a bit more practical than that. Instead, now that I've had time to consider what I want to do this year, here my list of upcoming projects. Let me know what yours are: 1) Re-evaluate the website and blog, and actually keep to a posting schedule. Might help if I started using artwork/photos. 2) Social Media application for my desktop: I'm getting a bit sick of having and average of 20 browser tabs open at a time, so lets see if I can't design an app, even if it's just a fixed browser thing, I can use to track my SM activity in one place so it's not clogging up my precious browser memory. 3) Stop wasting time with my writing projects: My biggest issue here is that while I can write some flowery prose or engage in worldbuilding like I'm Slartibartfast, I don't actually have a tale to tell. I need to adjust my focus here, and maybe I'll get something out of it. 4) Top Secre...

The Cultural Value of Algorithms

I am aware that there are misgivings amongst the musical community about Spotify's business model, and from the bits I know, these are perfectly reasonable. Unfortunately, it is useful and productive consumer model, and it's this I want to briefly write at you about. Spotify's catalogue is huge, an ever-expanding horizon that seems to want to engulf the soundscape in totality. It's easy to use, and you can usually find the album or artist you want to listen to. But it's true genius is in its algorithms, specifically the ones it uses to create the playlist it constantly nudges you to listen to. Now, because of how pushy it seemed, I avoided my Discover Weekly and Release Radar playlist like the plague for ages. This was a mistake. Or maybe, because I hadn't listened and followed enough, they just weren't right for me yet. Now, however, I spend a good two days paying attention to them, and then expanding my aural sphere to at least 3 of the recommend...

You and who’s party?

“I don’t care to belong to any club that will have me as a member” Groucho Marx Much of the past 17 years has been dedicated to fighting fundamentalist extremism, largely of the religious persuasion. This is understandable, as the religious mindset, certainly in those areas of the globe where faith is a majority holding, affects and informs the cultural values of society, and certainly in the West we have found ourselves at odds with extremist Islamic groups. Fundies of the Muslim persuasion have been at the forefront f these combative efforts, although we have also seen the dangers of the looming Christian theocratic state. It is fair to say while this will be an ongoing struggle, it is one we are coming to understand very well and are able to combat. But what of other types of fundamentalist creeds? What of political fundamentalism? This is, I fear, something we are neglecting to talk about, instead preferring to remain steadfastly tribalised to the point where discuss...