When we think of someone who works in cybersecurity, all too often the image we gravitate towards is perhaps a red teamer or a pen tester.
In reality, there are so many more options available to those looking to help protect others online. From malware analysts to security advocates, from business and risk strategy to bloggers, the possibilities are endless.
I think it’s really important to highlight not only the different types of roles available, but also the fact that so many of today’s cybersecurity experts found their way into the industry via non traditional paths.
For our latest eBook, “Diversity in Cybersecurity: A Mosaic of Career Possibilities” we asked a group of cybersecurity experts to answer the following question: “What was the path that led you into the cybersecurity industry?”
Their responses illustrate how many different paths can lead to a career cybersecurity. I can’t put it any better than one of our contributors, Ambler, who said.
“Cybersecurity is a very broad discipline, and the field is enriched by many different skills, capabilities, expertise, personalities, and backgrounds.”
Here are a few highlights from our eBook – more to follow next week. To read the full eBook, visit https://www.cisco.com/securitycareersebook
Christine Izuakor | CEO of Cyber Pop-up | @Stineology | (LinkedIn)
I still remember that moment. It’s very distinct. I was in school trying to become an eye doctor and realized very quickly that it was not the right path for me. And so I started taking different electives, really trying to explore and figure out what I wanted to do with my life and career.
I came across a cybersecurity class, and I’‘ll never forget the exact assignment when I knew. We had this task to decrypt a string of encrypted texts. Things like that can be a pretty tedious process. I was up until probably two or three o’clock in the morning trying to figure this thing out.
And I’ll never forget the adrenaline rush that I felt when I finally cracked it and got it right. It was almost like I had won a game or like I had solved a puzzle. I couldn’t help but think to myself, “Oh my gosh, this is what some people do for work. This is an actual job.”
The next day, I started looking at what the potential jobs could be in cybersecurity, what the potential salaries could be. I loved what I saw. Yeah, it still remains true today. There’s so much opportunity in the cybersecurity industry.
So that next day, I changed my major. Instead of focusing on security management, I went on to complete a Master’s in information security and eventually a Ph.D. in security engineering. I really began to build my career in the corporate arena and security. This eventually led to where I am today, which is starting my own cybersecurity company.
There was no “calling” moment. It just kind of happened that I realized I was part of the information security community.
When I started working as a nurse at a lot of different healthcare institutions, I didn’t have my own login codes. My colleagues were helpful insofar as they let me use theirs. I quickly realized how dangerous this shared access was; I could work under my colleagues’ names and use that access to change information in the stored medical records.
I also found out that medical devices were connected to the same PC, allowing me to control some of those products from that computer. It was around that time that I became curious. Could someone from the outside establish a connection with the PC? If so, what could they do?
I decided to contact the security team. At first, they were surprised (and suspicious) that a nurse showed interest in security. But they quickly saw that I really wanted to deepen my understanding and learn.
In no time, I received a lot of information and made contacts with many infosec professionals from all over the world who were ready and open to help me. They explained a lot to me, sometimes in too many details. They also showed me the tools that I could use to learn by myself.
I started with easy things, like http/https and SSL certificates. I used that research to investigate the websites of hospitals in The Netherlands. Soon after I completed this research, healthcare security and privacy in The Netherlands received more attention from the government.
I often lost myself in trying to find the meaning of every word I couldn’t understand with regards to using these and other tools. It was a lot. Many times, I got depressed thinking that I’d never be able to learn a subject, that I’d never be able to learn enough. But I didn’t give up. There was a lot of different stuff to learn. I wanted to find out where my place was in all of it.
By already knowing the medical side of things and by building my understanding of security, I was able to develop a deep and global picture of the security situation in healthcare. I’ve used that understanding to try to connect medical security and privacy and to help individuals from both sides hear and understand each other so that we can all work together.
Ambler T. Jackson | Senior Privacy Subject Matter Expert | (LinkedIn)
I knew that the cybersecurity industry was the right industry for me when I began working on assignments that required not only an understanding of the law and general business processes, but also the ability to understand an organization’s data governance practices and speak “security.”
My confidence with respect to my career path increased once I understood how my skill set obtained throughout my law career, coupled with my technical aptitude, transferred to the cybersecurity space and specifically to the data privacy and protection area of cybersecurity.
The ability to connect the dots between varying business practices, the confidentiality requirement, and global data privacy and protection regulations is important for every organization and government entity because we live in a data-driven economy. I’m grateful that my career experience allows me to easily make that connection regardless of the industry or sector.
Amanda Honea-Frias | Head of Product Security, Cisco | @pandaporkchop | (LinkedIn)
I never had a “calling.” Not in a divine sense where this is where my destiny is. However, what did shape my views and ultimate transition into the cybersecurity world started up when I was young.
I was a child when my parents had me studying biblical and historical texts. (I think these texts were even read to me in the womb.) In the second grade, I was placed in college math and English, but a few years later, I was taken out of public school to be homeschooled.
During this time in the late 80s and early 90s, homeschool was not as evolved as it is today. In my boredom, I happened to discover bulletin board systems (BBSs) and, subsequently, the Internet. I quickly adapted to manipulating software and hardware to do things they were just not made to do.
Eventually, I tested for my General Equivalency Diploma (GED) and started working in carpentry. I wanted to create things. This career was over quickly, however, as I was injured about a year into my apprenticeship. The only skill I had to fall back on was my knowledge and curiosity for tech. So that is what I did.
Fast forward a few decades, and I continue to make my way into an area where it just feels like a natural fit for me.
Tazin Khan Norelius | Founder of Cyber Collective | @techwithtaz | (LinkedIn)
The moment that I realized the security/privacy industry was right for me was when I made my own path in it. I quit my job at a consulting gig and then developed Cyber Collective.
I was able to make the safe space that I was looking for in the security industry that I didn’t necessarily have for myself and for my peers outside of the security industry.
I think that dialogue needs to reach everybody. When I realized that I could turn security into something creative that benefits people, that reaches the empaths and into people’s ethos and pathos, that’s really when I realized that security was my calling, that this was something that I could do.
I studied journalism at university with a focus on magazines. I loved in-depth features that really got into the nuts and bolts of an issue, as well as literary nonfiction. I had my sights set on a career in investigative journalism, and I wrote stories around personal privacy, individual rights, and security issues for campus publications while finishing my degree.
While I had touched on cybersecurity in my writing, my first brush with it as a career came when I graduated during a recession. I took an entry-level tech support job at a cybersecurity company, all the while expecting it would be temporary while I looked for a writing gig.
In demonstrating that I could write, I was moved into a role writing knowledge-based documents. Eventually, I took on a position within the company’s threat research group where I wrote virus documentation based on notes from cybersecurity engineers.
I don’t think I looked back after that. Researching threats had a very similar vibe to the investigative journalism work I wanted to do. I felt very satisfied with the day-to-day.
Check out Ben’s “Threat of the Month” blog series: cisco.com/go/threatofthemonth
Mary Aiken | Professor, Forensic Cyberpsychology, University of East London | @maryCyPsy | (LinkedIn)
I first encountered AI when I was working in the Marketing and Advertising Services sector in the United States in the 90s. A colleague had been working on an AI project and was about to launch his ‘Chatbot’ (www.jabberwacky.com) on the Internet.
I was captivated by this AI software that could simulate conversations with humans. Immediately, I began to think of applications for the elderly, the lonely, people suffering from mental health conditions or social isolation, and children with specific challenges or learning difficulties. (Cyber-utopianism and naïve optimism dominated at the time.)
That being said, I was concerned. What if this form of sophisticated social AI was deployed as an attack vector? The prospect of a dystopian future in which sophisticated AI could engage with or even deliberately target some of the most vulnerable people on the planet was an extremely disturbing prospect.
I decided to engage and requalify as a Cyberpsychologist, which was an emerging discipline in the early 2000s. Some years later, I embarked on a completely new career in the cybersecurity and cyber safety sector. All of this was inspired by a brief but illuminating encounter with a Chatbot.
Jihana Barrett | @iamjihana | Senior Threat Intelligence Analyst, Verizon Enterprise Solutions | (LinkedIn)
If you would like to learn about other people’s journeys into cybersecurity, download our “Diversity in Cybersecurity: A Mosaic of Career Possibilities” today.