Sowing the Seeds of SecurityMany of today's digital threats target users regardless of their age. Some malicious programs known as Remote Access Trojans (RATs) even go so far as to sextort predominantly children and teenagers. Acknowledging this reality, we have an incentive to begin educating people about security early on. Mandy Huth, Director of Cybersecurity at Tripwire, inc., likens digital security to fire safety as a way to support this assessment. "When I was in elementary school, we had monthly fire drills where everyone would evacuate the building and meet at a designated location to be accounted for," Huth explains.
"Schools didn’t wait for an actual fire to try to educate students on how to act in those situations. With this in mind, the most beneficial approach we can take to preparing the next generation is to integrate the same type of tabletop exercises into the realm of cybersecurity. For example, schools are teaching children to type in kindergarten, so why not expose them to phishing, social engineering, and how to safely navigate their online presence?"Huth goes on to note that by creating early educational programs into security, we can inspire some students to pursue infosec as they grow older and develop. "A win-win for all," Huth rightly observes. But our obligations do not end there. As noted by Claus Cramon Houmann, an independent Information Security Consultant, once we have attracted the interest of novice security professionals, it is up to our educators to provide them with everything they know, including an honest assessment of the field's successes and shortcomings.
"To improve awareness and education, we should concentrate on giving educators what they need to teach a variety of subjects, thereby allowing for the prospect of industry specialization, as well as courses that cover the fundamentals of cyber security," Houmann recommends."These passionate teachers should emphasize the fact to students that everything we've done so far has been not enough. We therefore should teach them everything we have learned in the hopes that maybe they can build a world that is safer and more secure than ours, such as one that understands how security and privacy must go hand in hand," adds Houmann.
Building Up One's Infosec CareerOnce a security professional has completed their education, the onus falls on them to make the most out of their security career. This includes having the right skills, which one can obtain via a number of certifications: "Having the right certs is a good entry point to the field," observes Tony Martin-Vegue, host of the Standard Deviant Security podcast. "That is not to say you should treat certifications as endpoints to your learning; they are only the beginning and should be thought of as a way to get your foot in the door. As a result, you should start with a general purpose certification, such as the CISSP, then specialize further to focus in on your career goals." Even then, however, the field of security encompasses much more than just technical expertise.
"Tomorrow’s problems require a wide range of skills, and in order to solve those problems, we need to bring people into the security field from a wide range of backgrounds. We need people with backgrounds in accounting, economics, criminal justice, behavioral psychology, and public relations, just to name a few," explains Martin-Vegue.Excellent writing and speaking skills, as well as knowledge about mergers and business acquisitions, are also valuable and can help to make someone a key player in their organization. Once a security professional has found their niche in infosec, they can then begin to leverage their unique skills to make connections and deepen their careers. "Throughout my career, those who I have seen go the furthest the fastest make mentors and friends in the community," states J Wolfgang Goerlich, Strategist at CBI and head of the CBI Academy. "They don’t just attend conferences; they present and volunteer. They find open source projects to collaborate on. In these and many other ways, people develop their skills by contributing daily, weekly, and monthly," adds Goerlich. Like any career, information security requires ongoing effort and dedication. Those practitioners who internalize that fact are sure to succeed, one way or another.