10 minute read
early careers
MAKSYM SZEWCZUK
GUIDELINES FOR SECURITY STUDENTS AND EARLY CAREERS
by Maksym Szewczuk, Safety and Security Design Manager at Western Sydney Airport
What do all of these people have in common; a security design engineer, a security guard, a national security policy analyst, a police officer and a cybersecurity threat manager? The answer – they all work in security, countering crime and terrorism. The depth and breadth of security careers is vast and becoming wider and more specialised with time. This article will seek to discuss transitioning into security careers with a focus on security students and those seeking to enter the industry.
Do you have an interest in security, have decided to study security, want to get into security or into a specific security-related job and are unsure what to do next? Hopefully this article will present a few good tips on navigating careers, jobs and security-related study.
It is OK if you do not know what you want to do, but try to have some idea of what you would like to do. Think about all the possible career paths you could consider, try to talk to people in those roles to discuss their duties and responsibilities and understand the reality of their jobs. Some jobs may seem glamorous, but the reality may be somewhat different. I have a passion for wine and I love the idea of being a sommelier but as someone who knows several professional sommeliers, the reality is long and demanding hours, often from Tuesday to Sunday with no weekends free. So I am happy to indulge my passion as a hobby and not a career.
UNDERSTAND YOUR MOTIVATION
Understand your motivations for a particular role. Is it work/life balance, job satisfaction, salary, title, company or job impact? You could be motivated by several of those aspects but many will have undesirable consequences: a high salary often equates to long hours and greater responsibilities. Government roles generally pay less than private sector roles, but offer greater job security and better work/life balance.
Increasingly, people hold multiple different roles throughout their careers, whereas a few decades ago
their path through life was often determined by the degree they had gained. You will likely have multiple roles and careers over your lifetime. This may be confronting for those who dislike change, but those willing to learn new things and adapt to the needs of an organisation and society have many opportunities to gain the skills and knowledge required to thrive in an ever-changing world. Often the best way to discover if a role is right or you is to go directly to people working in that role and discuss it with them.
The current low unemployment situation offers many choices of roles and many opportunities. However this is not the case for everybody, particularly for those in, or looking for, niche roles.
You might need to start in security adjacent roles where even an entry level role would require experience. Often those entering security management roles start in safety-related roles and are given security portfolio responsibilities.
Think of job and technology trends and what specific roles might be available when you graduate or are ready to switch fields. Do a Seek or LinkedIn search of jobs that might interest you. You might find the majority of ‘security’ roles are now cyber-related (cybersecurity, information security, etc). If you are interested in a niche security field, consider what adjacent roles may give you the experience to enter that particular field. Read deeply and broadly about your particular field of interest and determine what ‘over the horizon’ skills, experience and technology are emerging that will put you in a prospective employer’s sights.
CONSIDER NON-TECHNICAL SKILLS
There are many non-technical skills to consider as you study or start work. You will need to learn how to develop and maintain high-level stakeholder relationships, both within and outside your organisation. Consider asking for introductions, finding common interests or issues or just shouting someone a coffee to pick their brain. Learn the art of problem-solving. Be proactive, accept all opportunities and make opportunities. Accept uncertainty and change. Do not underestimate the soft skills and general principles associated with every security career. These skills include;
• Risk management
and the ISO:31000 risk
management process.
Risk management is the core of security activity, albeit with varying contexts. You need to understand what it takes to manage and articulate risk management, because in most cases risk cannot be eliminated. Nor is it feasible or economically viable to eliminate all risks. An understanding of how to manage risk is fundamental to security management in all its forms. • Understanding of security principles. These include defence in depth / layered security and the concept of ‘deter, delay, detect, respond’, to name but a few examples. All these security principles will be relevant to every security career.
The assets being protected (people, information, buildings or even gold bars) may change, but the fundamentals of protecting that asset remain the same. • Communication skills, written and verbal.
Solid communication skills are necessary for dealing with people and communicating written ideas. From a well-crafted email to a technical specification to a board paper documenting a recommended decision, clarity of ideas and the ability to express technical concepts to nontechnical audiences are key.
Try to understand the meaning of ‘security’ in the broadest sense: from a global, geo-political and strategic viewpoint to a technical, tactical and operational one. You need not be an expert in that whole range, but you should at least understand and have a working knowledge of a broad range of security issues to understand Australia’s strategic positioning, crime and counter-terrorism organisations’ roles and
responsibilities, national regulatory frameworks and guidelines, as well as technical aspects of your chosen field. This could be intrusion detection technology (digital or physical), crime prevention measures, etc. A broad knowledge of all aspects of security will allow you to think holistically about issues and engage with stakeholders in a deeper and broader context. A single threat control should not be used in isolation but rather as one in series of layered and complementary measures.
Pathways in — Education and professional certification should not be discounted, particularly in technical fields. Certifications demonstrate tested knowledge and technical competence, but neither education nor certification is a substitute for experience. If you find yourself losing out on opportunities try to get feedback as to why, and consider writing a semi-formal skills assessment and mapping gaps and pathways to addressing these. You can check job advertisements for similar roles to understand what skills, experience or education might be required to move forward. Focus on transferrable skills, and do not forget that attitude and confidence are paramount: ‘fake it till you make it’ if you need to.
Many large firms offer formal mentoring programs, and finding an industry mentor is also a great step to getting helpful and practical advice. You may even find student mentorship programs available if you are still studying or not yet in full time work.
Networking and professional societies — As a security student or early career entrant, networking and professional societies are paramount to building professional networks, gaining exposure and becoming a frontrunner when organisations are searching for new hires. Many professional societies such as Engineers Australia and ASIS International have complimentary or discounted student memberships, making them accessible to students who may not be in full- time employment. Students will often be hired for their ability to socially integrate into a team rather than solely for their technical ability. Furthermore, many roles are not advertised, because it is easier and quicker to hire known professionals, especially in constricted labour markets.
Getting a job — Landing your first security role can be hard, but there are a few things you can do to stand out and, hopefully, start your career in security. Researching the organisation and the role you are going for is key. Go into the interview prepared to frame your skills and experience in the context of what you can bring to that organisation and how you can assist in solving known problems.
You may also want to check your potential manager’s LinkedIn history to see where they have come from and indicate your desire to learn from them based on their experience and career path. Check if any known issues affect the organisation through open source searches or discussions with existing staff and frame your words around how you can assist in resolving such issues. For example, if information security is
your thing, perhaps you can assist with resolving useability and change management issues around multifactor authentication.
Volunteering in all its guises is a fantastic initiative through which early career or student practitioners can expand their networks and gain experience, exposure and recognition. Examples of possible professional volunteering include internships, writing research and analysis articles for industry magazines, attending conferences and volunteering to assist with professional societies’ activities. Increasingly, personal branding and an active and detailed LinkedIn profile also help.
Most importantly, try a variety of roles and duties to see what you like best. This will change over time and with experience, but a list of possible security careers could be:
Government and defence
• State police • Counter terrorism • Intelligence analyst / manager • Crime prevention • Cybersecurity • Federal police • Defence (army, navy, air force, civilian) • Protective security / force protection • Defence security agency • ASIO / ASIS • Intelligence officer • Protective security (ASIO T4) • Corrections / prisons security • Sergeant / sheriff • Fraud/ anti money laundering / CTF (eg APRA,
AUSTRAC) • Security vetting / clearance checking • Diplomatic security • Security technology research • Border Force • Department of Home Affairs
Security policy
• Crime prevention specialist — crime prevention advisory, typically with police or councils. • Criminologist / researcher — academic research, publishing. • Researcher / analyst — security related, key policy and national security function assessment • Strategic / foreign policy (eg ASPI, academia) • National security policy advisor (government) • National security policy / crime journalist • Lawyer – specialist in cyber, security, terrorism • Corporate security policy manager — write organisation security policy
Protective security
• Security project manager — manage security projects • Governance, risk and compliance officer • Private/corporate Investigator / surveillance officer • Uniformed security officer / concierge – security guarding • Security investigations – specific security related investigations. also common with financial crime. • Security systems administrator — coordinate and manage access control, keys, CCTV. • Resilience, risk, assurance — enterprise-wide risk management • Project / facility security officer / manager — implementation and maintenance of all protective security measures • Security director — delivery of the agency’s security plan, policies and procedures.
Security advisory
• Security consultant — advise on all aspects of protective security, risk management and security controls/systems. • Emergency and crisis manager / consultant
• Safety manager • Safety and security coordinator / manager • Countering Violent Extremism Research / Advice • Security regulations / assurance / governance • Security systems engineer / designer • Safety consultant • Financial crime and compliance • Defence industry security advisory
Cybersecurity and information security
• Application security administrator • Artificial intelligence security specialist • Blockchain developer / engineer • Governance compliance & risk (GRC) manager • Chief information security officer (CISO) • Cloud security architect • IT security architect • Information security analyst • Cyber intelligence specialist • Security operations center (SOC) analyst • SCADA (supervisory control and data acquisition) security analyst
Corporate operational security
• Corporate security manager — manage security within a given asset. • Aviation utilities • Casino / events critical infrastructure • Health education • Chief security officer (CSO) — head up all physical/
info/cybersecurity • Assets / facilities manager — building management • Security risk advisor — security risk administration and advice • Security design / security projects — security
SYSTEMS design and project management. • Enterprise risk manager — risk management for organisation. also known as governance compliance and risk (GRC) manager.
Security business roles
• Security sales — sales and product solutions. • Security technician — repair and service of security equipment. • Security operations / guarding — guarding, response services. • Security ops team leader / manager – guarding
MANAGER. • Security business account manager – new
BUSINESS development, solution and product development. • Regional / general manager — grow and lead a security business. • Security business manager — manage and oversee the delivery of security services to clients.
www.linkedin.com/in/maksymszewczuk
