Originially published by RSA Conference on October 26, 2017
Collegiate Associate Professor of Integrated Security
I want to share something with you that may not be apparent based on content statistics alone—the Internet is more than just cat videos. It stores and connects much of our lives, our livelihoods, and yes, even our livestock. That, of course, means there’s important stuff on there that needs to be protected from all manner of online threats, fraud, and pranks—including cyber cow tipping.
Unfortunately for cats and cattle (and other stuff) around the world, there simply aren’t enough skilled cybersecurity professionals available to give them the protection they so desperately need. Will you avert your eyes, pretending not to notice as you walk on by or will you answer the call and join the cause?
That’s right—the Internet wants (needs!) you to consider a career in cybersecurity!
Now, you might be thinking “but I haven’t even passed my CISSP yet,” or “I’m new to security,” or “I’m not even in the field.” “I can’t help the Internet!” If that’s where you are, I have a message of hope for you (and us): “Yes you can!”
I know this because I used to be in your shoes. I didn’t get a degree in information security or computer science or electrical engineering or any other subject that sounds even remotely cyber-y. I majored mostly in “baseball” and got a degree that has Environmental Management somewhere in the title. My first “real job” was working at a pulp mill operating screw presses to clean water before it went back into the river. This is why I find that whole “Equifax’s CSO had a music degree” kerfuffle a few weeks back absurd. It doesn’t matter where you were or where were you are; just where you want to go.
But how can you get there from where you are now? That’s a great question and one I’ve been thinking on a lot lately in my new faculty role at Virginia Tech. I’m responsible for developing a graduate-level, business-focused cybersecurity curriculum for MBA and M.S. of IT students—many of whom do not have a security background. A resource I’ve found very helpful in that endeavor is the National Initiative for Cybersecurity Education (NICE) Framework.
Led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, NICE is a partnership between government, academia, and the private sector that seeks to promote cybersecurity education, training, and workforce development. The NICE Framework serves as a reference resource for describing cybersecurity specialties and roles along with the knowledge, skills, and abilities (KSAs) needed to complete common tasks associated with them. In describing cybersecurity work in this manner, there are three basic ways the NICE Framework can help get you where you want to go.
- If you’re already a cybersecurity professional, but want to specialize, my advice is to browse the 32 Specialty Areas defined by NICE to find which one or two most closely align with your current work. Within those, next choose the appropriate Work Role(s). Then find the Specialty Areas/Work Roles you’d like to move into. Finally, compare the list of KSAs for your current role(s) to your target role(s) to identify what’s missing. That will give you a list of things you can begin picking up through reading, training, playing, or schooling.
- If you’re working in another field, but want to get into cybersecurity, my recommendation is similar to that above. Review the Specialty Areas and Work Roles to see if any of them are similar to what you’re doing now. Don’t assume this is a dead end; there’s a wide variety of specialties and roles included in NICE and you just might find what you’re doing now is closer to “cyber” than you think. Even if you don’t find something, I promise it will be useful for discovering roles that interest you and draw on your existing experience and skills. Refer to the list of KSAs for those, and make a plan for filling in the gaps. There are many resources to help you with this…not the least of which is a visit to the RSA Conference!
- If you’re a student, and want to prepare yourself for the job market, consider yourself fortunate. Back when I was walking uphill both ways in the snow to school with no mobile device navigating my path, there was no such thing as cybersecurity programs. Heck, we didn’t even have cat videos on the Internet! Use the NICE Framework to find Specialty Areas and Work Roles that sound interesting to you. Review the associated KSAs and compare them to the courses taught in your program or those you’re considering. Try to select courses and programs that will prepare you for those roles. But even if you’re in a program that doesn’t provide such courses, don’t fret. Just laying a strong foundation of basic cybersecurity concepts will put you in a great position to land a good job—especially if you use some of your free time to add those missing KSAs to your repertoire.
Wherever you fall according to 1-3 above, another resource I think you’ll find helpful is the CyberSeek tool(http://cyberseek.org/index.html). It has an interactive map of cybersecurity job openings as well as nifty career pathway visualization that may help your planning. And NICE is a contributor/supporter, so it will draw from your perusal of that framework.
Bottom line – the Internet needs your help. You’re its only hope. You have what it takes…will you heed its call?