The Changing Landscape of Cyber Security
According to a report by La Trobe University, digital technologies will account for up to seven percent of Australia’s GDP in 2020. As a result, Cyber Security has emerged as a vital, rapidly growing field of employment with the number of available Cyber Security positions outpacing the number of qualified applicants at an unprecedented rate.
With the Australian Government recently announcing the creation of up to 500 new jobs in the Cyber Security field, we caught up with Phil Zongo, co-founder and director of the Cyber Leadership Institute, to find out what it takes to become a cybersecurity professional in our changing world.
A technology risk professional by training, Phil worked in consulting roles for groups like Deloitte and PWC for more than a decade before realising that Cyber Security was quickly becoming the fastest growing area in IT. It was this realisation that led him to partner with two industry veterans, Jan Schreuder (former partner at a consulting firm) and Darren Argyle (Global Chief Information Risk Officer of a global bank) and co-found the Cyber Leadership Institute – an enterprise that develops the next generation of Chief Information Security Officers (CISOs).
In this role, working with CISOs from around the globe, Phil is in a unique position to see and understand what the most pressing Cyber Security issues might be at any given point in time. In the current world climate, it’s no surprise that the impacts of COVID-19 have significantly altered the Cyber Security landscape.
“Businesses have had to rapidly adapt to conditions such as lockdown,” he explains. “This has forced many organisations to enable employees to work from anywhere, anytime. This situation has inevitably created a host of new vulnerabilities, some of which we are still to fully comprehend. The focus at this point is rapidly adjusting cyber resilience strategies in the face of constant change and ambiguity, striking the right balance between security and convenience.”
The Cyber Security sector is rapidly evolving and staying up-to-date of the relevant studies or qualifications one might need to transition into a Cyber Security career can be challenging. According to Phil, Cyber Security certifications such as, ISACA’s Certified Information Security Manager, Certified Ethical Hacker or Certified Information Systems Security Professional are great pathways to grasp the foundations of Cyber Security.
How to Become a Cyber Professional, from a Professional
According to the La Trobe University report, the rapid growth of cybercrime means that Cyber Security can no longer be isolated to IT departments – it needs specialised attention across all functions of an organisation or business. So, what’s involved in becoming a Cyber Professional?
“To become certified, cyber professionals need to achieve the minimum required work experience. However, passing the exam is an important first step. It demonstrates a passion for self-improvement to potential employers and can differentiate one from their peers. That said, certifications alone do not guarantee a cybersecurity role. Aspiring professionals should join professional networking associations. In Australia, the ISACA Chapters meet monthly and provide a great opportunity to connect with industry insiders and hiring managers. More importantly, I encourage aspiring professionals to set up home labs and break into their own devices. They can also compete in ‘capture the flag’ competitions and start sharpening the required technical skillsets. Opportunities come to those that are ready.”
This advice reflects a theme common to many industries. Success often arises from more than just technical skills or qualifications. It arises from a combination of skills, experience, qualifications and personal attributes. According to Phil, curiosity, determination, and a constant drive to self-educate are some of the key drivers he looks for when hiring Cyber Security talent.
“It’s vitally important to show not only what you have done, but also what you can do. A motivated professional with the right attitude will research topics relevant to their chosen role, not because it is required, but because they choose to. That same person will grow his or her profile by blogging, posting insights on LinkedIn or Medium and a host of other channels. Personal resilience, the ability to think outside the box and the ability to collaborate is also key to success in cybersecurity.”
Evolution of Cyber Security
Like most areas of the security industry, Cyber Security has undergone a great deal of change in recent years.
“Cyber resilience has become a significant priority for the senior leaders and boards within most large organisations. The focus now is on much more than just protecting data. People have come to understand that Cyber Security has clear implications in a wide range of areas including the success of new products, customer retention, business growth, the cost of capital, regulatory compliance, geopolitics, the integrity of financial markets and the like.
“We are also seeing the role of the CISO entrusted with increasing levels of responsibility. Many CISO’s now report directly to the board of an organisation, with increased budgets and more organisational clout. We are also seeing tremendous efforts being made to correct historical gender imbalances, with more women taking up cyber roles and senior positions. We have a long way to go in that space, but I am hopeful existing efforts will keep gaining momentum.”
Future of Cyber
On the topic of future directions, we asked Phil where he felt the Cyber Security industry was going in the next few years.
“I think technology, especially the combination of big data, machine learning and cloud, will play a key role in combating cybercrime. It seems cyber teams are finding it almost impossible to keep pace with the barrage new and emerging threats. I believe technology will play a fundamental role in isolating bona fide threats from noise, alleviating pressure and enabling teams to work on other strategic matters. But again, technology is a double-edged sword. As we have seen in the past, those same technologies can be repurposed by malicious actors intent on causing harm such as manipulating elections, perpetrating fraud and a range of other risks not yet foreseen. To be truly successful in cybersecurity, you must be vigilant, curious, hard-working and a self-starter.”
To read more articles like this or to stay up to date with industry, subscribe to the Security Focus Newsletter and receive monthly updates.