Paramount Podcast: Episode 1: Careers in Cybersecurity
Welcome listeners to the very first podcast of Paramount Presents Cybersecurity for Beginners! I’m Remya Menon, the Digital Marketing Consultant at Paramount and also your host for these podcasts. For those of you who are familiar with Paramount, what I’m going to say now may seem like a story you have heard before, but for the sake of our new followers and listeners, here’s a little tidbit about us. We are the regional leaders in information security and we work with a whole gamut of industries, from hotels to Technology companies and even the banking sector. So since we have been around in the industry now for 25 years, we decided that the best way to celebrate this silver jubilee would be to get talking with everyone out there who is curious about cybersecurity, what it means for individuals and companies and why we should all really care about this.
In this first session, we are going to be talking a little bit about careers in cybersecurity. Now the reason we picked up this topic, was cos there has been a lot of interest around cybersecurity and everyday there is more talk about the cybersecurity skills gap. So we decided it might be a good idea to start asking these questions to our very own Head of human Resources, Divya and find out what it is that recruiters are looking for and also explore how you can stand out if your are looking to pursue a career in cybersecurity. So Divya, over to you now. Can you introduce yourself for our audience Divya?
Divya: Thanks Remya. Hello Listeners! My name is Divya and I’m the head of Human resources at Paramount. I take care of a lot of HR initiatives, including talent acquisition, employee engagement and anything really that brings a smile to someone’s face.
Remya: Can you tell us a little bit about this so called skills gap in Cybersecurity. Is this real? If so why do you think that is the case.
Divya: There is definitely a demand for cyber security professionals in this region. Today the customer advances faster than the rate at which cyber security professionals are advancing. That's we have a challenge. There is clearly a mismatch with the demand Vs supply of cyber security professionals.
Remya: Considering there is a need for cybersecurity professionals, Are there any specific courses you would recommend?
Divya: Good Question Remya.
A course or a certification in the domain you have chosen to explore should definitely help as long as it is just not for the sake of owning a certification without understanding the concepts. A better way to decide on the certification will be “what would you want to do or where would you want to invest your time and effort in the next 4 – 5 years?
To answer your question, CSX by ISACA is definitely a good starting point as it gives a fair view on the various aspects of cyber security. There is a compliance angle to it, there is a regulatory angle to it, a technical angle to it apart from many others. All of the new certifications like CSX Practitioner, CSX specialist or CSX Expert are aligned with globally accepted standards and frameworks, including the NIST Framework for Improving Critical Infrastructure Cybersecurity, ISO 27000, and the COBIT 5 framework, which makes it a good fit if you are thinking of taking your career forward in that direction.
If beginners get this understanding right, which ideally they should after pursuing CSX, the next question to be thought about is What would they want to be specializing in? If someone decides to be a technical specialist then the recommended certifications will be LPT, CEH, CISSP, and relevant certifications by SANS.
On the contrary, if someone decides to be a functional specialist, then it is recommended to get into the solutioning space like GRC, ORM, Risk management, enterprise risk management module etc.
Third could be the compliance bid like CISA, CISM, CGIT, CRISK /OTHERS. The point to be emphasized is certification alone can’t be a benchmark to anything though it may help. The concept of certification was for people experience a life cycle, get the understanding and then apply in real contexts. However, shortcuts to own certifications repudiate the whole purpose.
Remya: We have established corces and certifications. Now coming to the other big factor in recruitment. Skills. What kind of skill sets are common to the kind of people we recruit?
Divya: All skill sets today are short-lived. We have to change as everything around us have changed.
The technology around us has changed so the process and the approach around us also has to change. To elaborate, skill sets can be considered as soft or hard or a mix of both. Soft skills include communication, critical thinking, handling objections/others. Hard skills are quantifiable and teachable. They include specific knowledge and abilities required for a job. To state an example hard skills could be programming skills, accounting or analyzing skills. In most of the roles at Paramount, we look for a combination of both.
Remya: Okay now moving into something more job related as opposed to recruiting. How easy is it to progress in your career with cybersecurity?
Divya: This question is also a little subjective as this may also depend upon your association with the employer you have chosen to be with. You could decide if it makes sense to partner with big fours or an SME to make a sensible move in your career. It is vital to check if the organization has a vision to be in the space that you aspire to be. Most importantly learn and be in speed with the change. Progress will happen automatically.
Remya: Since we talked about progress, would you think the cybersecurity industry in UAE has matured compared to the other middle eastern countries?
Divya: Interesting question, Remya.
First of all, anyone wanting a high level of protection in information assets will need the right combination of People Process and Technology. The key is this combination. Do you have this combination in act?
Let us look at each of this unit. UAE traditionally has been a country that has been the best in attracting talent. When we go out and interview people, they will immediately accept an opportunity based in Dubai and AbuDhabi Vs rest of the GCC countries. So when it comes to cyber security, the most competent talent in cyber security in the region is in the UAE.
Then UAE typically has been a region where people have been eager in experimenting with technologies as a result of which technologies are high in demand. Because of these two aspects of UAE all the major vendors have focused in UAE and they have used this country as a base in spite of the fact that the volume of business have been higher in other regions. So UAE has the best of people, the best of technologies and process is because the govt of UAE has been mandating ADSIC compliance, ISR NESA. All the govt entities are ensuring to comply with these standards.
Even before the standards all the major govt entities were thinking ahead and they had endorsed ISO 27001.Which means that the balance of people processes and technology at its best exists in UAE and is certainly ahead from rest of the countries in GCC. The country has the advantage of bringing in that “experience” at a price to this region.
Remya: What do you think are the most common job roles that someone looking into a career in cybersecurity should prepare for.
Divya: Sales, Technology, Process, R & D
If you aspire to be in sales and if you have deliberately put your head in the sand hoping that the storm will pass, you will soon witness a sobering truth in the next couple of years.
Forrester is already forecasting that 22% of B2B sales jobs will be gone by 2020 and according to Gartner, 85% of transactions will be conducted without any human involvement by 2020. Sales people or any new professional really have 2 options as I see it: “shape up or ship out”. This clearly means investing in self is not a choice anymore. Train, retrain and re invent a new career path. The only way is to choose platforms to constantly upgrade your knowledge /skill, Get connected with thought leaders in social media or other channels,
Have a mentor and most importantly read. A customer today is no longer interested in engaging with a generic sales man while he has an option to buy from someone with a deep domain knowledge and better industry foresight.
For those keen on figuring out an option in technology or process side of information security, it is recommended to avail the courses spoke about earlier and dive deep into the areas/ domain of their choice. At Paramount, we have ample options for professionals aspiring specialization in network security, content security and Security incident and event management. Someone could start their career as a security engineer, choose to grow as a Subject matter expert in the respective domain and eventually get into a managerial role managing a big or small technical team OR eventually move into in architecting and solutioning role. The skill required for an SME is hard skills however a Solution Architect requires a combination of soft and hard skills with a strong commercial orientation. In fact we have witnessed competent solution architects learning the art of selling and moving into a full-fledged sales role. They undoubtedly are high in demand in the current market.
And finally there’s R&D. Today there are a lot of institutions doing important research and creating new products to meet the demands. This is a good option for someone with a research bent of mind.
Remya: That’s great information Divya. It’s good to note that the options are plenty and that you don’t need to restrict yourself to, say, five job roles. I think we have addressed a few of the questions pertaining to a career in cybersecurity. If you have any more questions, leave them in the comments. We will be happy to get the answers for you. And thank you so much for tuning into our very first podcast. Since this is our first session, I apologise for any hiccups along the way. Don’t forget to subscribe for more podcasts.
Until next time bye bye!