A Career In Cyber Security Governance?

Cyber security governance jobs are growing significantly faster than information technology jobs. However, this very exciting industry lacks the number of skilled professionals required to fill the available jobs.

Some common roles within cyber security include cyber security governance manager/consultant, information assurance, security analyst, forensics consultant, penetration tester and malware analyst/reverse engineering. With these types of opportunities available, new or aspiring cyber security professionals should focus on continually increasing their skillsets, because the cyber security industry is continually changing.

The path of an employee in an organisation may be vertical most of the time, but they also can move laterally or cross-functionally to different roles. This blog explains the possible routes that individuals can take from their first foray into the job market of the cyber security governance profession.

Why Cyber Security Governance?

Workforce Shortage: There is a severe workforce shortage of skilled, experienced and seasoned cyber security professionals in labor market. By 2021 there will be a predicted 1.5 million shortage of cyber security professionals worldwide, according to Symantec CEO Michael Brown.

According to the CSX Cybersecurity Fundamentals Study Guide, “There are an estimated 410,000 to 510,000 information security professionals worldwide, and jobs are expected to increase 53 percent by 2018 with over 4.2 million jobs available. However, recent studies and reports suggest that there are simply not enough skilled professionals to fill them.”

Role in Security Objectives: Governance plays a vital role in achieving the security objectives of organizations; not only for current needs but also to ensure well-drafted mitigation plans for future challenges from new emerging technology.

Nation-state-sponsored Attacks and Advanced Persistent Threats (APTs): Both public and private organizations need to define and implement strategies addressing adversarial threats related to their dependence on cyberspace. Cyber security governance professionals are needed to help organisations articulate their strategies for addressing the nation-state-sponsored attacks and APTs.

These professionals will use a framework to define levels of organizational preparedness, characterised in terms of the organisation’s perspective on, and/or assumptions about, the threats it faces.

Cyber security governance professionals assist in applying sound principles for information systems security governance and making effective use of standards of good practice for security management.

With a significant shortfall of cyber security professionals worldwide expected in five years, who will carry out these safety/security checks? For these reasons, there is great need for students, fresh graduates and professionals to key in to the cyber security profession now.

Cyber Security Governance Education and Career Path: As with most IT jobs, individuals working in cyber security generally hold at least a bachelor’s degree. Typically, a degree in an IT-related field and one or more of the following certification(s) is always required: Certified Information Security Manager (CISM), Certified in Risk Management and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP). Some employers prefer advanced educational qualifications, such as an MBA in Information Systems or a related field.

Career paths can vary. For example, someone who wants to oversee database security might first work as a database administrator. In a similar fashion, an individual who wants to work in cyber security governance might begin as an IT auditor, risk manager, compliance officer, IT control manager or internal control officer/manager.

No matter the chosen career, certain skill sets will apply. A cyber security governance professional must be organised and able to concentrate on complex challenges for lengthy periods. In addition, the ability to think like a hacker is invaluable, as is knowledge of the latest methods used in cyber-attacks.

Required Knowledge for Cyber Security Governance Professionals

  • Network Basics: Define types of networks (mixture of networks, infrastructure, general technology), OSI model, TCP/IP.
  • Techniques: IT audit risks, security risk assessment, assessing IT risk, designing IT controls, business process controls, general process controls.
  • Standards: Knowledge of COBIT, ISO/IEC 27001, NIST framework, SANS.
  • Regulations: US Sarbanes-Oxley, GLBA, HIPAA/HITECH, privacy and EU Data Protection Directive.
  • Taking the Next Step to Cyber Security Governance Profession

The Cybersecurity Nexus (CSX) Cybersecurity Fundamentals Online Course provides learners with principles of data and technology that frame and define cyber security. Learners will gain insight into the importance of cyber security and the integral role of cyber security professionals. The interactive, self-guided format will provide a dynamic learning experience where users can explore foundational cyber security principles, security architecture, risk management, attacks, incidents, and emerging IT and IS technologies.

The target audience for this course includes:

Zero to three years of cyber security experience.

Audit, risk, compliance, information security, government and legal professionals with a familiarity of basic IT/IS concepts who: Are new to cyber security; Are interested in entering the field of cyber security; Are interested in the ISACA Cybersecurity Fundamentals Certificate.
Students and recent graduates.

Information – Management:               Staff Training 'Not enough to stop most data breaches':

« The US Cyber Threat Against Russia
Pepper Keep’s Son Robot Dreams on Hold »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

AFNOR Group

AFNOR Group

AFNOR Group designs and deploys solutions based on voluntary standards around the world and provides services including training, professional and technical information, assessment and certification.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.