A Career In Cyber Security Governance?

Cyber security governance jobs are growing significantly faster than information technology jobs. However, this very exciting industry lacks the number of skilled professionals required to fill the available jobs.

Some common roles within cyber security include cyber security governance manager/consultant, information assurance, security analyst, forensics consultant, penetration tester and malware analyst/reverse engineering. With these types of opportunities available, new or aspiring cyber security professionals should focus on continually increasing their skillsets, because the cyber security industry is continually changing.

The path of an employee in an organisation may be vertical most of the time, but they also can move laterally or cross-functionally to different roles. This blog explains the possible routes that individuals can take from their first foray into the job market of the cyber security governance profession.

Why Cyber Security Governance?

Workforce Shortage: There is a severe workforce shortage of skilled, experienced and seasoned cyber security professionals in labor market. By 2021 there will be a predicted 1.5 million shortage of cyber security professionals worldwide, according to Symantec CEO Michael Brown.

According to the CSX Cybersecurity Fundamentals Study Guide, “There are an estimated 410,000 to 510,000 information security professionals worldwide, and jobs are expected to increase 53 percent by 2018 with over 4.2 million jobs available. However, recent studies and reports suggest that there are simply not enough skilled professionals to fill them.”

Role in Security Objectives: Governance plays a vital role in achieving the security objectives of organizations; not only for current needs but also to ensure well-drafted mitigation plans for future challenges from new emerging technology.

Nation-state-sponsored Attacks and Advanced Persistent Threats (APTs): Both public and private organizations need to define and implement strategies addressing adversarial threats related to their dependence on cyberspace. Cyber security governance professionals are needed to help organisations articulate their strategies for addressing the nation-state-sponsored attacks and APTs.

These professionals will use a framework to define levels of organizational preparedness, characterised in terms of the organisation’s perspective on, and/or assumptions about, the threats it faces.

Cyber security governance professionals assist in applying sound principles for information systems security governance and making effective use of standards of good practice for security management.

With a significant shortfall of cyber security professionals worldwide expected in five years, who will carry out these safety/security checks? For these reasons, there is great need for students, fresh graduates and professionals to key in to the cyber security profession now.

Cyber Security Governance Education and Career Path: As with most IT jobs, individuals working in cyber security generally hold at least a bachelor’s degree. Typically, a degree in an IT-related field and one or more of the following certification(s) is always required: Certified Information Security Manager (CISM), Certified in Risk Management and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP). Some employers prefer advanced educational qualifications, such as an MBA in Information Systems or a related field.

Career paths can vary. For example, someone who wants to oversee database security might first work as a database administrator. In a similar fashion, an individual who wants to work in cyber security governance might begin as an IT auditor, risk manager, compliance officer, IT control manager or internal control officer/manager.

No matter the chosen career, certain skill sets will apply. A cyber security governance professional must be organised and able to concentrate on complex challenges for lengthy periods. In addition, the ability to think like a hacker is invaluable, as is knowledge of the latest methods used in cyber-attacks.

Required Knowledge for Cyber Security Governance Professionals

  • Network Basics: Define types of networks (mixture of networks, infrastructure, general technology), OSI model, TCP/IP.
  • Techniques: IT audit risks, security risk assessment, assessing IT risk, designing IT controls, business process controls, general process controls.
  • Standards: Knowledge of COBIT, ISO/IEC 27001, NIST framework, SANS.
  • Regulations: US Sarbanes-Oxley, GLBA, HIPAA/HITECH, privacy and EU Data Protection Directive.
  • Taking the Next Step to Cyber Security Governance Profession

The Cybersecurity Nexus (CSX) Cybersecurity Fundamentals Online Course provides learners with principles of data and technology that frame and define cyber security. Learners will gain insight into the importance of cyber security and the integral role of cyber security professionals. The interactive, self-guided format will provide a dynamic learning experience where users can explore foundational cyber security principles, security architecture, risk management, attacks, incidents, and emerging IT and IS technologies.

The target audience for this course includes:

Zero to three years of cyber security experience.

Audit, risk, compliance, information security, government and legal professionals with a familiarity of basic IT/IS concepts who: Are new to cyber security; Are interested in entering the field of cyber security; Are interested in the ISACA Cybersecurity Fundamentals Certificate.
Students and recent graduates.

Information – Management:               Staff Training 'Not enough to stop most data breaches':

« The US Cyber Threat Against Russia
Pepper Keep’s Son Robot Dreams on Hold »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Echelon

Echelon

Echelon Company is a provider of information security services specializing in certification of security software and hardware products in Russia.

Canadian Security Intelligence Service (CSIS)

Canadian Security Intelligence Service (CSIS)

CSIS collects and analyzes threat-related information concerning the security of Canada in areas including terrorism, espionage, WMD, cybersecurity and critical infrastructure protection.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

AmiViz

AmiViz

AmiViz is the first B2B enterprise marketplace focussed on Cybersecurity business in the Middle East and Africa, designed specially to serve the interests of enterprise resellers and vendors.