Saturday, 12 November 2016 13:28

Take 5: Tips for breaking into the cybersecurity industry


As the scope of cyber­se­cu­rity con­tinues to evolve, so, too, do the demands facing those entering the field. This has prompted many in higher edu­ca­tion to revisit the ques­tion: What’s the best way to pre­pare stu­dents to enter the field? And for those inter­ested in pur­suing a career in cyber­se­cu­rity to ask: What do I need to know?

During a round­table Tuesday morning, a panel of five experts in dif­ferent sectors—including finance, health­care, and higher education—discussed the com­plex nature of cyber­se­cu­rity and the “soft skills” required to suc­ceed in the ever- changing cyber landscape.

Titled “Cre­ating Aligned and Rel­e­vant Path­ways for Stu­dents” the event was co- hosted by Northeastern’s Lowell Insti­tute School and the Business- Higher Edu­ca­tion Forum.

The Lowell Insti­tute School offers sci­ence, tech­nology, and engi­neering bachelor’s degree com­ple­tion pro­grams for stu­dents who already have some col­lege credit. It also offers post- graduate stu­dents and pro­fes­sionals the oppor­tu­nity to pursue new or related careers in those growing industries.

Here are five tips for those looking to break into the cyber­se­cu­rity field, with insight from the round­table experts.

Be a good communicator

All five of the experts said they had inter­viewed a can­di­date for a cyber­se­cu­rity posi­tion who pos­sessed a strong tech­nical under­standing of run­ning a cyber­se­cu­rity oper­a­tion but who strug­gled to explain how it worked to someone without a tech­nology background.

This posed a grave problem for someone like Jim Graham, sales engi­neering man­ager at the cyber­se­cu­rity com­pany Imperva, whose busi­ness relies on employees’ ability to explain to other com­pa­nies what his can offer.

Or, for someone like Ari Seit­elman, infor­ma­tion assur­ance engi­neer at Raytheon, a U.S. defense con­tractor, who needs people within his team to be able to effec­tively com­mu­ni­cate with each other.

“Those com­mu­ni­ca­tion skills are impor­tant,” Seit­elman said. “The larger part is being able to trans­late these tech­nical solu­tions to your audi­ence. You have to make sure that you can not only com­mu­ni­cate what you’re doing, but artic­u­late these tech­nical solu­tions in a way that people who aren’t in that field can understand.”

Craig Ben­nett, director of cor­po­rate com­pli­ance at Dea­coness Med­ical Center, recalled joining the team at Dea­coness in 2004, when the hos­pital was in the midst of con­verting from paper med­ical files to dig­ital files.

“Some of the best people I dealt with from an IT per­spec­tive were those who came from dif­ferent dis­ci­plines,” he said, such as soci­ology or psy­chology. “They brought to the table that crit­ical thinking, which was really impor­tant in healthcare.”

Under­stand that cyber­se­cu­rity is “not just a tech­nical issue; it’s a human issue”

Cyber­se­cu­rity is more than just a neb­u­lous con­cept tucked into the deep web, the experts argued Tuesday.

Kemi Jona, founding director of the Lowell Insti­tute School and asso­ciate dean for under­grad­uate edu­ca­tion in the Col­lege of Pro­fes­sional Studies, said, “Cyber­se­cu­rity is not just a tech­nical issue; it’s a human issue, a sys­tems issue, an eth­ical issue—it impacts everything.”

In fact, Mark Nar­done, chief infor­ma­tion secu­rity officer at North­eastern, posited that cyber­se­cu­rity is hardly a tech­nology problem at all.

“If you look at the new aspects of cyber­crime, they’re just dig­i­tized ver­sions of the oldest con in the book: the con­fi­dence game,” he said. “That is, tricking someone using social engi­neering, just now through a dig­ital format.”

Dis­cern why people get conned

Graham said that the largest- scale cyber­at­tacks tend to stem from phishing—a tactic whereby a hacker scams an account holder into releasing impor­tant infor­ma­tion by posing as a legit­i­mate company.

If that’s the case, and if, like Nar­done said, cyber­se­cu­rity is just the latest ver­sion of the oldest trick in the book, then why do people keep falling for it? That’s what cyber­se­cu­rity teams have to figure out, said Michael Woodson, infor­ma­tion sys­tems secu­rity director at State Street Corp., a finan­cial ser­vices company.

“It’s a matter of saying, ‘Let’s peel back the onion and con­sider, what were they thinking? What did they do?’ It’s about taking a human approach to cyber­se­cu­rity,” Woodson said.

Main­tain a strong moral compass

There’s an eth­ical com­po­nent to cyber­se­cu­rity as well, par­tic­u­larly when it comes to teaching, Nar­done argued.

“We’re basi­cally talking about teaching people how to com­pro­mise accounts, how to com­pro­mise sys­tems, and if we’re going to be teaching those skills, we need to be teaching it in a way that makes stu­dents under­stand the ethics of it,” he said. “Just because you can do some­thing, doesn’t nec­es­sarily mean you should.”

Find the right bal­ance between secu­rity and usability

It’s also impor­tant to strike a bal­ance between incor­po­rating too many secu­rity mea­sures and leaving a system open to attack, Graham said.

“Secu­rity is a bal­ancing act. You can make things so hard on the end user that they start writing things down on sticky notes and putting them under their key­board or on their desk,” he said. “You don’t want to crack down so hard that people can’t remember their passwords.”



World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.