A Career In Cyber Security Governance?

Cyber security governance jobs are growing significantly faster than information technology jobs. However, this very exciting industry lacks the number of skilled professionals required to fill the available jobs.

Some common roles within cyber security include cyber security governance manager/consultant, information assurance, security analyst, forensics consultant, penetration tester and malware analyst/reverse engineering. With these types of opportunities available, new or aspiring cyber security professionals should focus on continually increasing their skillsets, because the cyber security industry is continually changing.

The path of an employee in an organisation may be vertical most of the time, but they also can move laterally or cross-functionally to different roles. This blog explains the possible routes that individuals can take from their first foray into the job market of the cyber security governance profession.

Why Cyber Security Governance?

Workforce Shortage: There is a severe workforce shortage of skilled, experienced and seasoned cyber security professionals in labor market. By 2021 there will be a predicted 1.5 million shortage of cyber security professionals worldwide, according to Symantec CEO Michael Brown.

According to the CSX Cybersecurity Fundamentals Study Guide, “There are an estimated 410,000 to 510,000 information security professionals worldwide, and jobs are expected to increase 53 percent by 2018 with over 4.2 million jobs available. However, recent studies and reports suggest that there are simply not enough skilled professionals to fill them.”

Role in Security Objectives: Governance plays a vital role in achieving the security objectives of organizations; not only for current needs but also to ensure well-drafted mitigation plans for future challenges from new emerging technology.

Nation-state-sponsored Attacks and Advanced Persistent Threats (APTs): Both public and private organizations need to define and implement strategies addressing adversarial threats related to their dependence on cyberspace. Cyber security governance professionals are needed to help organisations articulate their strategies for addressing the nation-state-sponsored attacks and APTs.

These professionals will use a framework to define levels of organizational preparedness, characterised in terms of the organisation’s perspective on, and/or assumptions about, the threats it faces.

Cyber security governance professionals assist in applying sound principles for information systems security governance and making effective use of standards of good practice for security management.

With a significant shortfall of cyber security professionals worldwide expected in five years, who will carry out these safety/security checks? For these reasons, there is great need for students, fresh graduates and professionals to key in to the cyber security profession now.

Cyber Security Governance Education and Career Path: As with most IT jobs, individuals working in cyber security generally hold at least a bachelor’s degree. Typically, a degree in an IT-related field and one or more of the following certification(s) is always required: Certified Information Security Manager (CISM), Certified in Risk Management and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP). Some employers prefer advanced educational qualifications, such as an MBA in Information Systems or a related field.

Career paths can vary. For example, someone who wants to oversee database security might first work as a database administrator. In a similar fashion, an individual who wants to work in cyber security governance might begin as an IT auditor, risk manager, compliance officer, IT control manager or internal control officer/manager.

No matter the chosen career, certain skill sets will apply. A cyber security governance professional must be organised and able to concentrate on complex challenges for lengthy periods. In addition, the ability to think like a hacker is invaluable, as is knowledge of the latest methods used in cyber-attacks.

Required Knowledge for Cyber Security Governance Professionals

  • Network Basics: Define types of networks (mixture of networks, infrastructure, general technology), OSI model, TCP/IP.
  • Techniques: IT audit risks, security risk assessment, assessing IT risk, designing IT controls, business process controls, general process controls.
  • Standards: Knowledge of COBIT, ISO/IEC 27001, NIST framework, SANS.
  • Regulations: US Sarbanes-Oxley, GLBA, HIPAA/HITECH, privacy and EU Data Protection Directive.
  • Taking the Next Step to Cyber Security Governance Profession

The Cybersecurity Nexus (CSX) Cybersecurity Fundamentals Online Course provides learners with principles of data and technology that frame and define cyber security. Learners will gain insight into the importance of cyber security and the integral role of cyber security professionals. The interactive, self-guided format will provide a dynamic learning experience where users can explore foundational cyber security principles, security architecture, risk management, attacks, incidents, and emerging IT and IS technologies.

The target audience for this course includes:

Zero to three years of cyber security experience.

Audit, risk, compliance, information security, government and legal professionals with a familiarity of basic IT/IS concepts who: Are new to cyber security; Are interested in entering the field of cyber security; Are interested in the ISACA Cybersecurity Fundamentals Certificate.
Students and recent graduates.

Information – Management:               Staff Training 'Not enough to stop most data breaches':

« The US Cyber Threat Against Russia
Pepper Keep’s Son Robot Dreams on Hold »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

Bsquare

Bsquare

Bsquare DataV software and engineering services help enterprises implement business-focused Internet of Things systems.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Cyber 360

Cyber 360

Cyber 360 is a Cybersecurity contract and fulltime placement firm dedicated to identifying and hiring Cybersecurity professionals.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

CAPSLOCK

CAPSLOCK

CAPSLOCK delivers career-changing cyber training to help adults re-skill. Learn online to become a cyber security professional and pay no tuition until you land a high-paying job.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Cool Waters Cyber

Cool Waters Cyber

Cool Waters Cyber manage cyber security governance, risk and compliance.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.