Becoming a Well-Rounded Cyber Security Professional – Tips from Cyber Security Instructor Ali Khan (CISM, CISSP, CISA).
Ali Khan knows a thing or two about cyber security—he is a senior Information Technology, Cyber Security, and Risk Management professional with years of experience in the industry. He also holds CISM, CISSP, CISA designations and even NATO Secret Clearance. With this wealth of knowledge and experience, Ali Khan helps to prepare the next generation of cyber security experts as an instructor in YorkU’s award-winning Cyber Security program, offered through the School of Continuing Studies.
In an earlier interview, Khan shared his insights on how cyber security would become a pressing need for businesses and corporations around the world. This time around, Khan is sharing his insights on what makes a cyber security professional stand out from the crowd, tips on how to prepare to enter the field and what employers are looking for in their cyber security hires.
Based on your experience in the industry, what are the characteristics of a well-rounded cyber-security professional?
One of the most valuable skills for Cyber Security is to have the ability to “think like a bad guy.” To recommend and build proper defenses, a well-rounded cyber security professional needs to be able to think like those who want to break the rules and systems that exist—they need to see how a threat could penetrate and persist within their environment. Seeing a problem through the eyes of the corporation is helpful, but seeing the problem through the eyes of those trying to break through the system is even more important.
To this end, it is crucial to have a strong academic background that assists in understanding the finer details of a security program, as well as the business requirements. To execute these plans effectively, cyber security professionals need strong communication skills—whether they choose to stay in the technical or the business side of things.
Finally, cyber security professionals need to be able to build a strong network and build relationships in the industry. This is a small, yet rapidly-growing field, so networking is essential to stay abreast of the latest topics, threats and strategies. It is also very important to achieve one’s career goals more effectively.
What skills are employers looking for in a cyber security specialist?
Cyber security is a field that is broader than people expect. Not all roles are technical in nature—there is currently a shortage of executive and management staff who can understand risk and cyber security, as well as a great need for analysis and process-related professionals.
Some of the key skills needed to stand out as a candidate include:
- The ability to think in multiple layers and to understand how these layers inter-connect with each other;
- Posses a desire, passion or ambition to grow in the field;
- Be articulate and a good communicator, to develop the skills to explain complex cyber security issues in simple terms to non-technical staff or senior managers;
- The ability to “think like a Black Hat.”
What are some career tips to enter the field of cyber security?
There are many avenues to enter the field of cyber security, but there are a few ways that candidates can stand out as exceptional hires. One of them is to have strong education credentials and to establish one’s expertise through formal recognition of a higher education program that is reputable in the field.
It is also very important to pursue or maintain relevant industry certifications that align with your path within cyber security. Whether you decide to stay in the technical side, the management side, the auditing side, or the risk side, all these pathways have professional certifications that ensure that individuals are being held to an industry standard and that they will continue their professional development.
Finally, it is important to have good references—and this comes from being involved and building a strong network with professionals in the field.
What are some of the “hot areas” within cyber security? What specializations or paths can cyber-security professionals pursue in their careers?
Cyber security is always growing, because more and more devices are becoming powered by data and technology. There are many fields of specialization within cyber security and some of the “hot areas” in the industry include:
- Threat intelligence
- Security Information and Event Management (SIEM)
- Security Analytics (e.g. predictive threat modeling, machine learning, sentiment analysis and user behaviour analysis)
- Compromise assessment / Penetration & vulnerability testing
- Cloud Security
- IoT (Internet of Things) Security
- Operational Technology Security (e.g. Industrial Control Systems (ICS), SCADA)
- Vertical specializations (e.g. healthcare, finance, energy & resources, fraud, etc.)
York University’s Cyber Security Program was awarded the 2018 CAUCE Program Award of Excellence. The program was developed in collaboration with the Lassonde School of Engineering and it consists of two part-time certificates with a curriculum that is aligned with the body of knowledge of the (ISC)2 Certified Information Systems Security Professional (CISSP) designation. To learn more about York’s Certificate in Cyber Security Fundamentals and our Certificate in Advanced Cyber Security, please visit: https://continue.yorku.ca/programs/cyber-security/