A Career In Cyber Security Governance?

Uploaded on 2016-11-11 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Cyber security governance jobs are growing significantly faster than information technology jobs. However, this very exciting industry lacks the number of skilled professionals required to fill the available jobs.

Some common roles within cyber security include cyber security governance manager/consultant, information assurance, security analyst, forensics consultant, penetration tester and malware analyst/reverse engineering. With these types of opportunities available, new or aspiring cyber security professionals should focus on continually increasing their skillsets, because the cyber security industry is continually changing.

The path of an employee in an organisation may be vertical most of the time, but they also can move laterally or cross-functionally to different roles. This blog explains the possible routes that individuals can take from their first foray into the job market of the cyber security governance profession.

Why Cyber Security Governance?

Workforce Shortage: There is a severe workforce shortage of skilled, experienced and seasoned cyber security professionals in labor market. By 2021 there will be a predicted 1.5 million shortage of cyber security professionals worldwide, according to Symantec CEO Michael Brown.

According to the CSX Cybersecurity Fundamentals Study Guide, “There are an estimated 410,000 to 510,000 information security professionals worldwide, and jobs are expected to increase 53 percent by 2018 with over 4.2 million jobs available. However, recent studies and reports suggest that there are simply not enough skilled professionals to fill them.”

Role in Security Objectives: Governance plays a vital role in achieving the security objectives of organizations; not only for current needs but also to ensure well-drafted mitigation plans for future challenges from new emerging technology.

Nation-state-sponsored Attacks and Advanced Persistent Threats (APTs): Both public and private organizations need to define and implement strategies addressing adversarial threats related to their dependence on cyberspace. Cyber security governance professionals are needed to help organisations articulate their strategies for addressing the nation-state-sponsored attacks and APTs.

These professionals will use a framework to define levels of organizational preparedness, characterised in terms of the organisation’s perspective on, and/or assumptions about, the threats it faces.

Cyber security governance professionals assist in applying sound principles for information systems security governance and making effective use of standards of good practice for security management.

With a significant shortfall of cyber security professionals worldwide expected in five years, who will carry out these safety/security checks? For these reasons, there is great need for students, fresh graduates and professionals to key in to the cyber security profession now.

Cyber Security Governance Education and Career Path: As with most IT jobs, individuals working in cyber security generally hold at least a bachelor’s degree. Typically, a degree in an IT-related field and one or more of the following certification(s) is always required: Certified Information Security Manager (CISM), Certified in Risk Management and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP). Some employers prefer advanced educational qualifications, such as an MBA in Information Systems or a related field.

Career paths can vary. For example, someone who wants to oversee database security might first work as a database administrator. In a similar fashion, an individual who wants to work in cyber security governance might begin as an IT auditor, risk manager, compliance officer, IT control manager or internal control officer/manager.

No matter the chosen career, certain skill sets will apply. A cyber security governance professional must be organised and able to concentrate on complex challenges for lengthy periods. In addition, the ability to think like a hacker is invaluable, as is knowledge of the latest methods used in cyber-attacks.

Required Knowledge for Cyber Security Governance Professionals

  • Network Basics: Define types of networks (mixture of networks, infrastructure, general technology), OSI model, TCP/IP.
  • Techniques: IT audit risks, security risk assessment, assessing IT risk, designing IT controls, business process controls, general process controls.
  • Standards: Knowledge of COBIT, ISO/IEC 27001, NIST framework, SANS.
  • Regulations: US Sarbanes-Oxley, GLBA, HIPAA/HITECH, privacy and EU Data Protection Directive.
  • Taking the Next Step to Cyber Security Governance Profession

The Cybersecurity Nexus (CSX) Cybersecurity Fundamentals Online Course provides learners with principles of data and technology that frame and define cyber security. Learners will gain insight into the importance of cyber security and the integral role of cyber security professionals. The interactive, self-guided format will provide a dynamic learning experience where users can explore foundational cyber security principles, security architecture, risk management, attacks, incidents, and emerging IT and IS technologies.

The target audience for this course includes:

Zero to three years of cyber security experience.

Audit, risk, compliance, information security, government and legal professionals with a familiarity of basic IT/IS concepts who: Are new to cyber security; Are interested in entering the field of cyber security; Are interested in the ISACA Cybersecurity Fundamentals Certificate.
Students and recent graduates.

Information – Management:               Staff Training 'Not enough to stop most data breaches':

« The US Cyber Threat Against Russia
Pepper Keep’s Son Robot Dreams on Hold »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Sunday Cyber

Sunday Cyber

Sunday is a personal cybersecurity platform, built to protect the world’s top executive teams beyond the enterprise perimeter.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

Gotham Security

Gotham Security

Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services.

e-Safer

e-Safer

e-Safer's mission is to provide solutions and services that ensure a safer digital environment.