2 minute read
WHAT STANDS IN THE WAY BECOMES THE WAY
by Marise Alphonso, Information Security Professional
I have heard innovation defined as “fresh ideas that add value.” In cybersecurity, ideas that add value are necessary because we need innovative, automated and sometimes out-of-the-box ways to improve cybersecurity practices; as individuals, organisations and governments. ISO/IEC27001, the international information security standard, even has a clause titled ‘improvement’ that outlines the requirement to constantly enhance security practices.
The cybersecurity profession is diverse and dynamic in the skills, knowledge areas and personal attributes of the individuals who work in it, and is ever-changing because of the nature of cyber threats, technology and societal needs. Diversity is indeed required if we are to ensure our information is secure, our business operations run as we expect and if we are to understand how changes in technology can impact regulations with which we must comply.
The diversity of individuals working in cybersecurity could be increased by lowering the barrier to entry into the profession. Some worthy initiatives that help do so are listed below, in no particular order.
• ISC2’s One Million Certified in Cybersecurity Program. ISC2 is offering free Certified in
Cybersecurity training and exams. This training provides a technical foundation in key cybersecurity domains such as access control, incident response and security operations.
• SANS New to the Cyber Field Manual. This excellent guide is jam-packed with useful resources and tips for those looking to start or transition to a career in cybersecurity. It includes details of useful webcasts, books and approaches to getting started in cybersecurity.
• OneInTech. This is an ISACA Foundation with the vision of creating a diverse and inclusive global community of cybersecurity and IT audit professionals. It provides scholarship opportunities. Its SheLeadsTech program focusses on building a gender diverse and inclusive cybersecurity workforce. ISACA stages global events and offers a supportive community, making ISACA membership a worthwhile investment that provides access to professional development, networking opportunities and thought leadership resources.
• Cyber Leadership Institute With training programs and the Cyber Leadership Hub the
Cyber Leadership Institute is on a mission to develop visionary cyber leaders and assist cybersecurity professionals to attain leadership positions. Cybersecurity leaders require a range of skills beyond technical skills if they are to have an impact, and the programs offered aim to equip cyber leaders to succeed in executive level positions.
• Australian Women in Security Network (AWSN) mentoring. Mentoring is a powerful mechanism to encourage individuals into the cybersecurity field. There is tremendous value in having conversations on career growth and development, and in learning from the experiences of others. AWSN’s mentoring program provides a fantastic opportunity for mentees to ask questions and build relationships with mentors in the cybersecurity industry.
No single method represents the best way to encourage participation in cybersecurity. A combination of technical, leadership, networking and relationship-building opportunities provides a multi-dimensional approach to increasing skills and setting the foundations for diversity in the profession. The initiatives listed above make a difference by encouraging individuals to enter, transition into or grow in cyber careers. The cybersecurity industry must continue to work to advance and sustain the cyber profession, and heed the warning from Marcus Aurelius: “What stands in the way becomes the way.” www.linkedin.com/in/marisealphonso
