Within the modern IT organization, everyone needs to be a cybersecurity professional. Plain and simple. Every technology worker needs to serve as the first line of defense against threats to data, networks, infrastructure, and, most importantly, people. Through adopting this mindset and remaining open-minded about your consulting career, you can capitalize on the many opportunities that currently exist in cybersecurity.
A Bright Future for IT Workers in Cybersecurity
No, we are not suggesting that a company needs a 1:1 ratio for dedicated security specialists and employees. Still, in a time when cyberattacks are common, consultants should understand what the threat looks like and how to handle it. If they don’t, it might be time to implement new programs or begin constructing a talent pipeline that embraces the opportunity to develop cybersecurity skills.
An organization may look to Senior Security Engineers to secure all networks (especially during and after an attack), but who should be relied on to reduce the frequency of security breaches in the first place? Dare we say, the consultant?
Rather than view this as an additional burden or responsibility, we see an opportunity for consultants to learn and further make an impact on their engagements. And beyond learning, we view cybersecurity skills as a value driver for consultants, providing companies with a solution to the ever-increasing talent shortage of security professionals — in addition to the current lack of IT workers. (the U.S. is on pace to hit a half-million or more unfilled cybersecurity positions by 2021.)
As IBM CEO, Ginni Rometty, said back in 2015 — in this security article by Forbes:
“Cybercrime is the greatest threat to every profession, every industry, every company in the world.”
Three years later, most IT workers understand just how accurate this comment was at the time — a time when cybersecurity job openings reached 209,000. In contrast to the estimated 350,000 opportunities as of 2017 and the staggering prediction that this number will rise to 3.5 million vacant positions by 2021, it’s clear that every IT consultant has an opportunity to either refresh their skills or begin a new journey.
The numbers reinforce the industry-wide belief that opportunities in information security (infosec) are growing at a staggering rate, with salaries not far behind. And although more four-year degree programs are available, traditional education isn’t mainstream. In other words, don’t let the daunting idea of another degree be the reason you miss out on developing security skills.
Most consultants would agree, training and personal development programs are equally as important as projects themselves. From negotiating your next engagement to identifying new growth within your current role, here are a few factors to consider with regards to cybersecurity:
- Partner with your client’s infosec team to learn the effects of your work on theirs and vice versa
- Complete certifications to compliment your current IT skillset, i.e., GIAC, Security+, GSEC, CEH, CISM, CompTIA Security+, or CISSP.
- Set aside 30-minutes per day, learning how your current specialization can benefit from understanding cybersecurity best practices; applying these to your projects
- Practice early adoption of platforms and tools within your scope of work, seeking out new technology and understanding how it can add value to your work
- Update your resume and portfolio every six months, adding certifications and descriptions of projects that show your new skill set and active learning
Being such a dynamic profession, you may be surprised to hear how current leaders began their successful careers in cybersecurity — hint: you won’t find a cookie-cutter approach. And understanding how easy it is to dismiss your background or candidacy for a project involving security skills, we recommend reviewing the following non-traditional examples for expanding your consulting career.
Employees are the Best Defense Against Cyber Attacks
Understanding the basics of cybersecurity is invaluable, whether your goal is to strengthen your resume or simply to acquire new knowledge. The first step is to define why employees are the most vulnerable.
Workforce vulnerability is defined as the nature of a “connected device” being connected to the internet introduces risk in the form of a virtual doorway, offering a point of access or exit; how you view and care for your online presence has a significant impact on the safety of a company’s information and systems, as well as your identity.
A mindset we aim to share with every consultant, every time you access the internet, ask these two questions:
Once I have access, what can I do? What damage can be done? Asking these questions puts you one step closer to leveling the playing field against attackers. Or, at a minimum, increases your chances of identifying a threat before it compromises you.
Now that we explained why risk is present when using a connected device (anything that accesses the internet), how can you identify a threat by its appearance? If there’s one detail NEVER to forget it’s this one: of the three controls commonly associated with cybersecurity (people, processes, and technology tools), people are the most vulnerable. The wild card… The weakest link.
Whether a security breach is the result of a targeted effort, opportunity from unpatched systems, or improper use of methods and tools, the people factor remains the most susceptible — but not indefensible!
As a user of interconnected technology tools and systems, think of the potential for your data to be stolen, disrupted or altered every time you log in or log on — malicious parties will target you at some point this year, and likely this month.
As the FBI reported previously, on average, 4,000 ransomware attacks have occurred daily since 2016. The odds aren’t in your favor; by increasing your knowledge of detection tactics, you can become an invaluable asset to your team and employer.
As it pertains to daily monitoring habits, business email compromise (BEC) — a form of social engineering — is a continuous threat to nearly all teams of employees. By becoming successful at identifying and diminishing the impact it can have on a company, you can quickly become an invaluable resource for others to consult. How many email phishing attempts did you catch this month?
Defined by TechTarget, social engineering is a planned method of tricking people into breaching security procedures using human interaction, often well-planned email, text, or mobile communication to deceive the message recipient. Unfortunately, these recipients are usually employees or consultants who can also be strategically targeted by scams and exploited through impersonation.
Special Agent Martin Licciardo, a veteran organized crime investigator at the FBI’s Washington field office, explains,
“BEC is a serious threat on a global scale, and the criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims.”
So, if people continually work to trick you into revealing information, shouldn’t you be learning how to prevent their success? As we explain in Social Engineering, A Driver for Cybersecurity Awareness, you don’t have to become a victim. A little education, practice, and awareness are all that’s required to protect yourself and your employer. The company will surely thank you for it.
A valued perspective shared by Forbes, today’s consultants rest assured that the best security professionals have well-rounded experience in tech. Head of Cyber Intelligence at Infoblox, Sean Tierney had this to share on the topic:
“The thing that will make you good at security is that you are great at something else first.”
With cybersecurity professionals earning $55.77 per hour (on average), now is a great time to increase your value to current and future employers through leveraging your aptitude for security practices.
Cybersecurity Professionals Have a Future in Almost any Direction
Career mobility. We all want it, yet only a few know how to obtain it –consultants are often among these few. Becoming well-versed in cybersecurity practices provides the opportunity for IT consultants to remain in control of the projects they work on and the companies they work with. In-demand skills rise to the top, especially when shortages pressure management to find new solutions, quickly.
As Kate Savage, Vice President and North America People Supply Chain Leader for Capgemini explains,
“Enterprises focus on more than implementations; they are looking for end-to-end solutions, go-to-market solutions. Having someone on board who understands their business and can manage multiple technologies will offer the most help.”
Knowing the ins and outs of security practices is the perfect auxiliary skill to have. Furthermore, understanding and even championing security procedures can help solidify the future engagements you want versus what’s available in any given industry.
With demand for cybersecurity skills increasing exponentially, understanding the opportunities in multiple professional fields ( especially ones experiencing talent shortages) opens the door to new environments, keeping your career fresh, or dare we say, unique. After all, isn’t this why you became a consultant in the first place?
Capgemini’s Kate Savage also points out,
“Consultants are sought out to solve problems. Clients might think it’s one problem, but it always ties into something else.”
A correlation we are monitoring continuously through discussions with company leaders, this “something else” often relates to cybersecurity.
Especially true for technology projects, things change quickly, and the people working on these things must adapt at an equal pace.
Showing both industry and application expertise is a great way to communicate that you can be relied upon to tackle daily challenges across the business and won’t back down from an unforeseen challenge. Consultants who display their awareness and aptitude for security practices are viewed as self-motivated, collaborative, and open to change — valuable soft-skills nearly every C-suite wants for their teams. Most importantly, these traits represent a person that is likely to perform well across industry and in similar markets — a person in control of their craft and worthy of looking to for advice and direction.
As a consultant, coexisting with the added challenges of cybersecurity means coordinating with the business to protect the brand. Unique to our current digital-first world, cybersecurity is now a pivotal threat to every company, and every worker is part of the battle, whether they acknowledge it or not.
It’s essential to recognize that challenges that often limit a person’s candidacy for a role (e.g., cybersecurity skills) can also be indicators for growth opportunities, both in professional status and compensation. To decide whether our perspective aligns with your professional outlook, answer the following questions:
Do you have communication skills?
Are you collaborative?
Are you a problem solver?
Are you open to working across the business?
If so, why not get started on a certificate or training program in cybersecurity. You won’t regret it.