Cyber Security as a Career

Prospects & Opportunities

Ram Kumar G EliteCISOs

Information Security Leader June 2020
 Ram Kumar G
Business Information Security Officer – Global IBXs
Nissan Digital | Nissan Motor Corporation
19 years experience across
Career Journey IT | ITES | ISP | BFSI | Media & Entertainment | Healthcare R&D | Automotive

Education Certifications & Trainings

www.linkedin.com/in/gramkumar
• MBA (HR), Edith Cowan University, Australia • EU GDPR, PMP, CISM, CRISC, CDPSE, CIPR, CEH
• MCA, Madurai Kamaraj University • ISO 27001 LA, BCCE, CPISI, CNSS, CCNA
Core Competencies Honors & Awards
• Information Security / Business Continuity GRC program for • Recognized as Top 50 Global Cyber Security | Risk |
ISO 27001 ISMS, GDPR PCI DSS, SOX, GLBA HIPAA Privacy | Culture Thought Leader - 2020 by Thinkers360
• Enterprise Risk Management – Assessment, Mitigation • CISO Platform Top 100 Influencers Award – 2020, 2019
• IAM, DLP, VAPT 2018
• Security Awareness, Messaging, Branding & Promotion • CISO of the Year 2019 | Next100 CIO Award 2018 | Big
• Incident Management – Response, Handling & Reporting 50 CISO Award 2018 | Indywood IT Excellence Award
• Security Metrics – KPIs, KRIs, Dashboards • Multiple Corporate Internal Awards
Security Philosophy
• Data Privacy – Program Mgmt - Assessment and Advisory Industry Outreach
• Business Continuity Management – Planning, Awareness,
• Occasional Guest Speaker at Security Conferences, Security is always too much…
Testing, Monitoring, Crisis Management & Communications
Training Programs & in-house Corporate Talks until it’s not enough!
Published Author
• Cyber Crimes – A Primer on Internet Threat & Email Abuses, Viva Books, New Delhi
2
Disclaimer: The views expressed herein are personal and not that of my employer.
 Agenda

• Understanding Cyber Security

• At-Risk Emerging Technologies

• Why Cyber Security Career?

• Cyber Security Domains

• Career Paths

• Security Certifications

• CISO Mindmap

• Skills Shortage

• Some Career Advice

Disclaimer: The views expressed herein are personal and not that of my employer.
4
5
6
7
 Cyber Security Touchpoints

8
At-Risk Emerging Technologies

Robotic surgery
Machine learning

Blockchain
Smart buildings / cities

Smart sensors
Intelligent transportation
systems
Artificial Intelligence
Internet of Things (IoT)
10
11
12
 Why Cyber Security as a career?

13
 10 Reasons why you should consider Cyber Security as a career
1. The future is digital - every aspect of tech has a security side to it

2. Intellectually challenging & exciting field - vibrant & dynamic domain

3. More Job Opportunities – world-wide demand

4. Hackers don’t take a break – Attacks & Breaches are inevitable and the cost of data breach is going up

5. Data Privacy & compliance regulations getting tighter across the world – Need more security pros

14
 10 Reasons why you should consider Cyber Security as a career

6. High paying jobs & rewarding career – Premium $$$

7. Practically unlimited growth – faster career growth

8. Variety of domains to specialize in – domain is vast and evolving

9. Real job – implement/assess/deliver/advise/oversee security projects

10. The job has real impact – protects infra/data/privacy/money even lives

15
16
 Fundamental shifts happening in job market

1. Qualifications to Skills

2. Job Searching to Networking

3. Profile building to Brand building

4. Job applications to Job Search Strategy

5. Job changes to Career Planning

17
 If you are a fresher/college student looking for a break in cyber
security….
Be curious, start actively learning about the domain, specialize in one or two areas

1. Put Learning over Earning: The more you learn and apply those learnings you’ll earn more later.

2. Take risks: Trying new things, is also a learning experience.

3. Proactively learn the domain - enroll for courses/training, do self-study.

4. Be part of professional associations like ISACA or ISC2 and you get access to their knowledge base.

5. Network with cyber security professionals, identify someone senior and accomplished and request them to be your
mentor

6. Attend conferences or webinars on cyber security and related domains

7. Forever Upskill: Develop an active learning mindset. Pursue both formal & informal learning through certifications,
trainings, education programs.

18
 If you are mid-career professional looking for a break in cyber
security….
• There's no fixed standard career path

• If you are in system/network side, you can scale up easily to infrastructure security operations. Try learning about
Security Operations Center technologies like SIEM, SOAR, EDR and related technologies.

• Or get into Cloud Security and specialize in any of the top cloud service providers technology.

• You can get into vulnerability scanning/penetration testing. Gain mastery into the different tools available and you can
become an ethical hacker.

• Other security technologies like - DLP/IAM also offer opportunities.

• If you are into coding, its relatively easy to move into application security & testing. This domain is called Application
Security. Try learning about secure coding, OWASP Top 10 vulnerabilities, secure code testing. There are lot of tools
available in the market for secure code scanning.

• If you are in auditing, you can look at system auditing which is part of security risk management.

19
 If you are mid-career professional looking for a break in cyber
security….
• Each of these are distinct domain itself and takes considerable time, effort & resources to gain expertise.

• Proactively learn the domain - enroll for courses/training, do self-study, be part of professional groups, network with
cyber security professionals, join professional groups & bodies, attend conferences or webinars.

• Identify someone senior and accomplished in cyber security and request them to be your mentor

• When you equip yourself with the right skills, knowledge & credentials you will be more confident and employers will
have the comfort level to hire you.

• And look for lateral opportunities first before looking out.

20
Basic Pre-requisites for a Cyber Security Career

Delivery track record

Certifications

Formal Education

Building Industry Experience

Blocks
Passion, Interest
 There has never been a better time to consider a cyber security
career!

22
https://www.cybersecurityeducation.org/careers/
23 V&A
24 V&A
25
 Evolving Cyber Security Titles & Roles

1. Application Security Engineer– Develop secure software / apps. 13. Cryptographer – Develop systems to encrypt sensitive information.

2. Artificial Intelligence Security Specialist – Use AI to combat cybercrime. 14. Cyber Intelligence Specialist – Analyze cyber threats and defend against
them.
3. Automotive Security Engineer – Protect connected cars from cyber 15. Cyber Operations Specialist – Conduct offensive cyberspace operations.
intrusions.
4. Blockchain Developer / Engineer – Code the future of secure transactions. 16. Cybercrime Investigator – Solve crimes conducted in cyberspace.

5. Blue Team Member – Design defensive measures / harden operating 17. Cybersecurity Hardware Engineer – Develop security for computer
systems. hardware.
6. Bug Bounty Hunter – Freelance hackers find defects and exploits in code. 18. Cybersecurity Lawyer – Attorney focused on info/cyber security and
cybercrime.
7. Cyber Insurance Policy Specialist – Consult on cyber risk and liability 19. Cybersecurity Software Developer / Engineer – Bake security into
protection. applications.
8. Chief Information Security Officer (CISO) – Head of cybersecurity. 20. Data Privacy Officer – Ensure legal compliance related to data
protection.
9. Chief Security Officer (CSO) – Head of physical/info/cyber security. 21. Data Recovery Specialist – Recover hacked data from digital devices.

10. Cloud Security Architect – Secure apps and data in the cloud. 22. Data Security Analyst – Protect information on computers and networks.

11. Counterespionage analyst – Thwart cyber spies from hostile nation 23. Digital Forensics Analyst – Examine data containing evidence of
states. cybercrimes.
12. Cryptanalyst – Decipher coded messages without a cryptographic key. 24. Disaster Recovery Specialist – Plan for and respond to data and system
catastrophes.
26
27
28 V&A
29 V&A
30
Source: https://www.cyberseek.org/pathway.html
 Security Certifications
Standard-
Skill-based Domain-based Product-based
based
• Security • Information • Vendor • ISO
Auditing Security Technology • PCI DSS
• Cloud • Business
Security Continuity
• Ethical • Disaster
Hacking Recovery
• Digital • Data Privacy
Forensics

Level Orientation
• Beginners • Technical
• Intermediate • Managerial
• Advanced • Leadership
31
Why Certifications?
Shows commitment
Elite Club
Member
$$$

Standout from the crowd

Become part of
Learning exclusive group
Demonstrates commitment
to the domain

Market value goes up!

Makes you attractive to

potential employers
Learn new concepts, skills,
knowledge and validated by a
professional body
 Which cybersecurity certification is for you?

Picking the right certification for you comes down to two factors:

• Where are you in your career?

• What are you looking to achieve?

33 V&A
Do SWOT Analysis of your Interests, Goals & Passion

Strengths Weaknesses

S SWOT
W
Analysis
Opportunities Threats

O T
35
36
37
38
39
Source: https://certification.comptia.org/docs/default-source/downloadablefiles/it-certification-roadmap.pdf
40
https://pauljerimy.com/security-certification-roadmap/
 https://www.icertglobal.com/top-10-highest-paying-certifications-to-target-in-2020/detail
41
 ISO Certifications

• BSI https://www.bsigroup.com/en-IN/ISOIEC-27001-Information-Security/Training-courses-for-ISO-27001/

S.No Certification Levels Duration

1 Lead Auditor 5 days
2 Implementer 3 days
3 Internal Auditor 1 day

• BSI https://www.bsigroup.com/en-IN/iso-27701-privacy-information-management/iso-27701-training-
courses/

• Reference: ISO 27701:2019 https://www.iso.org/standard/71670.html

42
43 V&A
 Data Privacy Certifications

• EU GDPR Institute https://www.eugdpr.institute/gdpr-certification/

44
 Data Privacy Certifications
International Association of Privacy Professionals (IAPP) https://iapp.org/certify/programs/

45
46
47
 Job Opportunities – Some pointers
• Cyber security Ventures predict there will be 3.5 million unfilled cybersecurity
positions by 2021.
• https://cybersecurityventures.com/jobs/

• The National Association of Software and Services Companies (NASSCOM) recently

estimated that India alone will need 1 million cybersecurity professionals by 2020 to
meet the demands of its rapidly growing economy.
• https://www.dqindia.com/the-curious-case-of-indias-cybersecurity-skills-gap-and-
prevailing-opportunities/

• The need of an hour as there is a shortage of over 1 million cybersecurity professionals in the
domain in the country today as per DSCI.
• https://www.financialexpress.com/industry/msme-other-skill-gap-in-cybersecurity-
setting-up-forensic-university-to-help-businesses-tide-over-talent-shortage/1866686/

48
 Job Opportunities – Some pointers
India Inc sees rise in talent gap in cybersecurity skills: Report
https://economictimes.indiatimes.com/tech/internet/india-inc-sees-rise-in-talent-gap-in-cybersecurity-skills-
report/articleshow/63041883.cms

India needs 3 million cyber security professionals right now: IBM

https://www.business-standard.com/article/companies/india-needs-3-million-cyber-security-professionals-
right-now-ibm-118051300153_1.html

Bengaluru accounts for the highest number (36%) of jobs in Cybersecurity sector in India: Indeed
http://bwpeople.businessworld.in/article/Bengaluru-accounts-for-the-highest-number-36-of-jobs-in-
Cybersecurity-sector-in-India-Indeed-/26-05-2018-150284/

HOW BIG IS THE CYBERSECURITY SKILLS AND TALENT GAP IN THE INDUSTRY?
https://analyticsindiamag.com/how-bad-is-the-cybersecurity-talent-gap-in-the-industry/

49
 Where are the jobs available?
•Big 4 Audit/Consulting Firms • IT Service Companies
•Pure Play Consulting Firms • IT Product Companies
•Certification Bodies • IT Startups
• Research & Analyst Firms • Security Product
Companies

Consulting
IT Sector
Firms

Entrepreneurs Non-IT Sector

• Freelancer •BFSI
• Own Startup •Healthcare & Pharma
•Defense
•Retail
•Telecom, etc
50
 Job openings - Screenshots from real-world websites

Keywords for search: Cyber security, information security,

51 information risk, security risk, privacy
52
53
54
 Other Unconventional Cyber Security Careers

• Non-governmental organizations like the UN and its affiliates

• Government organizations (PSU, nationalized banks, govt departments, etc.)

• Global NGOs

• Cyber Security Writing – magazine, newsletters, blogs, news sites,

• Security events & conference organizer/presenter

• Cyber Security PR/Marketing

• Teaching/research positions with leading academic institutions

55
 Where the talent comes from?
IT – Infrastructure (Systems, Network)

Application Developers

Information/Cyber Security Degree Holders

Chartered Accountants & Finance Professionals

Lawyers

Others

56
 Career Roadmap
• Read | Practice | Write | Listen | Test
Keep Learning! • Be willing to unlearn and re-learn
• Get mentored

• Work on security projects

• Gain useful experience by delivering solid body of work
Build Expertise • Build track record for execution
• Gain cross-domain experience or exposure

• Attend Industry Security Conferences & Events to learn, network

Industry Outreach • Join professional associations and stay active
• Start Volunteering on industry initiatives

• Share your expertise / knowledge

Create an identity • Write – Blog / Articles in Journals / Online Magazines / Publish Papers or Books
• Network – Get to know who’s who of the industry

• Speak at industry conferences / in-house talks

• Be a guest faculty or trainer
Leverage your Expertise / Identity • Volunteer to mentor young professionals
• Obtain recognition from the industry by applying for industry awards
57
 Top Experts in Cyber Security to follow
IFSEC Global influencers 2018: Cybersecurity
• https://www.ifsecglobal.com/ifsec-global-influencers-2018-cybersecurity/

Cybersecurity – Our Top Thirty Influencers

• https://www.itchronicles.com/security/cybersecurity-top-thirty-influencers/

50 Information Security Influencers You Should Be Following

• https://digitalguardian.com/blog/top-50-infosec-influences-you-should-follow

Top 12 Cybersecurity Thought Leaders to Follow

• https://blog.marketingenvy.com/top-cybersecurity-thought-leaders-to-follow

Best Cyber Security Twitter Profiles to Follow 2018

• https://www.cyberdb.co/best-cyber-security-twitter-profiles-follow-2018/

58
 Career Advice
• Cyber Security career is a marathon, not a sprint – Be
prepared for a long haul

• You've to be open-minded and to stay relevant you should

be willing to learn & unlearn

• Have fun with the work and don’t try to learn everything
all at once

• Education is important but real-world experience is

essential

• Specialization is good for a start but you need to pick up

skills in other domains to become a well-rounded security
professional
59
60
 Scoring a Perfect 10: Aligning of Key Factors for that
Dream Job!
1. Job Role

2. Job Title

3. Pay

4. Perks & Benefits

5. Job Base Location

6. Daily Commute

7. Industry Sector

8. Career Growth Prospects

9. Job Environment

10.Boss
61
62
63
64
65
 For further reading
Building a career in Information Security
• https://www.linkedin.com/pulse/build-your-career-information-security-benild-joseph/?_sm_au_=iHV5RRJPTtRP6kHF

Subjects that Help Building Cyber Security Skills while you are Studying
• http://www.nipunjaswal.com/2018/08/subjects-that-help-building-cyber-security-skills.html

Getting started with a career in Cyber Security and Information Security

• http://www.drchaos.com/getting-started-with-a-career-in-cyber-security-and-information-security/

Report: The top 8 emerging technology domains, and their threats

• https://sdtimes.com/ai/report-top-8-emerging-technology-domains-threats/

Level Up Your InfoSec Career Part 1

• https://www.peerlyst.com/posts/level-up-your-infosec-career-part-1-j-geno

66
 Go, take on the world!

67