Navigating the Cybersecurity Career Path

LAND THE PERFECT CYBERSECURITY ROLE—AND MOVE UP THE LADDER—WITH THIS INSIGHTFUL RESOURCE

Finding the right position in cybersecurity is challenging. Being successful in the profession takes a lot of work. And becoming a cybersecurity leader responsible for a security team is even more difficult.

In Navigating the Cybersecurity Career Path, decorated Chief Information Security Officer Helen Patton delivers a practical and insightful discussion designed to assist aspiring cybersecurity professionals entering the industry and help those already in the industry advance their careers and lead their first security teams. In this book, readers will find:

* Explanations of why and how the cybersecurity industry is unique and how to use this knowledge to succeed
* Discussions of how to progress from an entry-level position in the industry to a position leading security teams and programs
* Advice for every stage of the cybersecurity career arc
* Instructions on how to move from single contributor to team leader, and how to build a security program from scratch
* Guidance on how to apply the insights included in this book to the reader's own situation and where to look for personalized help
* A unique perspective based on the personal experiences of a cybersecurity leader with an extensive security background

Perfect for aspiring and practicing cybersecurity professionals at any level of their career, Navigating the Cybersecurity Career Path is an essential, one-stop resource that includes everything readers need to know about thriving in the cybersecurity industry.

HELEN E. PATTON has held several senior technical leadership positions in cybersecurity, including Advisory Chief Information Security Officer at Cisco, AVP and Chief Information Security Officer at the Ohio State University and Executive Director of IT Risk and Resiliency at JP Morgan Chase.

Foreword: Navigating the Cybersecurity Career Path xv

Introduction xvii

PART I ARRIVING IN SECURITY 1

CHAPTER 1 HOW DO YOU BECOME A SECURITY PROFESSIONAL? 3

Create Your Story 8

So, You Want to Work in Security 13

What’s Next? 16

CHAPTER 2 WHY SECURITY? 19

What Kind of People Do Security? 21

What Is Your Why? 24

What’s Next? 28

CHAPTER 3 WHERE CAN I BEGIN? 29

What Does It Mean to Be a Security Professional? 32

How Can You Make Sense of It All? 35

What’s Next? 39

CHAPTER 4 WHAT TRAINING SHOULD I TAKE? 41

For the Traditional Student 43

For the Nontraditional Student 44

For the Full-Time

Nonsecurity Worker 45

Other Things to Consider 46

What’s Next? 51

CHAPTER 5 WHAT SKILLS SHOULD I HAVE? 53

The Entry Point —Technology 55

Professional Skills 59

What’s Next? 66

CHAPTER 6 IS MY RÉSUMÉ OKAY? 67

Linking the Résumé to the Job Posting 70

Elements of a Résumé 71

Digital Presence 77

References 78

Cover Letters 79

What’s Next? 80

CHAPTER 7 TRYING WITH LITTLE SUCCESS? 81

Physical Location 85

Your Company 85

Get Specific 86

Know Your Market 88

Assess Your Efforts So Far 89

But I’m Doing All Those Things! 91

What’s Next? 92

PART II THRIVING IN SECURITY 93

CHAPTER 8 HOW DO I KEEP UP? 97

Fitting It Into Your Schedule 99

Ad Hoc and Planned Learning 102

Take a Mini-Sabbatical 103

Where Do I Find the Information? 103

What’s Next? 105

CHAPTER 9 How Can I Manage Security Stress? 107

The Stress of Working in Security 109

Managing Security Stress 113

What’s Next? 118

CHAPTER 10 HOW CAN I SUCCEED AS A MINORITY? 119

Making Security Work for You 124

What’s Next? 128

CHAPTER 11 HOW CAN I PROGRESS? 129

The Security Journey 131

The Opportunist 132

The Intentional Career Seeker 136

How to Get Promoted 139

What’s Next? 141

CHAPTER 12 SHOULD I MANAGE PEOPLE? 143

Leadership and Management 145

Preparing for Your Next Role 150

What’s Next? 152

CHAPTER 13 HOW CAN I DEAL WITH IMPOSTOR SYNDROME? 153

Fact-Check Your Inner Monologue 157

Know Competence and Incompetence 158

Know When to Ask for Help 159

Keep Learning and Know When Enough Is Enough 160

Keep Track of Your Successes 161

What’s Next? 162

CHAPTER 14 HOW CAN I KNOW IF IT’S TIME TO MOVE ON? 163

Are You Happy Where You Are? 165

Have You Done All You Wanted to Do? 166

Have You Learned All You Wanted? 167

What Are Your Long-Term Goals? 168

Are You Being Pigeonholed? 169

Do You Fit Into the Culture? 170

Job Hopping 171

Are the Other Options Better than Your Current Job? 172

What’s Next? 173

PART III LEADING SECURITY 175

CHAPTER 15 WHERE DO I START? 179

What’s on Fire? 180

What Is Your Timeline to Act? 181

Who Are Your Partners? 182

Find the Strengths and Note the Weaknesses 183

Draw the Business Risk Picture 184

Do You Have a Mandate? 185

What’s Next? 186

CHAPTER 16 HOW DO I MANAGE SECURITY STRATEGICALLY? 187

Consider Your Industry 190

Know Your Business Priorities 191

Be Pragmatic 193

Address Stakeholder Pain Points 194

Threats and Vulnerabilities 195

Rinse and Repeat 197

Putting It Together 198

What’s Next? 200

CHAPTER 17 HOW DO I BUILD A TEAM? 201

It Is About the How 203

Things to Consider 207

Identify Important Things 209

Identify Areas of Weakness 211

Discontinuing a Function 212

Building New Functions 213

What’s Next? 215

CHAPTER 18 HOW DO I WRITE A JOB POSTING? 217

The Challenge of Job Postings 220

What’s Next? 225

CHAPTER 19 HOW DO I ENCOURAGE DIVERSITY? 227

Start with Numbers 229

Understand Your Cultural Issues 230

Attracting Diverse Talent 232

Writing the Job Description and Posting 234

The Interviewing Process 235

Retaining Diverse Talent 236

Promotions and Career Development 237

Leaving the Team 239

What’s Next? 239

CHAPTER 20 HOW DO I MANAGE UP? 241

Who Are Senior Stakeholders? 242

Help Them Understand Security 246

When Things Go Wrong 250

What’s Next? 251

CHAPTER 21 HOW DO I FUND MY PROGRAM? 253

Funding a Team 255

Funding a Program 256

The Big Ask 260

What’s Next? 261

Chapter 22 How Do I Talk About My Security Program? 263

What Story Should I Tell? 264

Telling Stories 271

What’s Next? 273

CHAPTER 23 WHAT IS MY LEGACY? 275

Making an Impact on the Industry 277

Making an Impact on Your Company 281

What’s Next? 283

Epilogue 285

Appendix: Resources 287

About the Author 291

Acknowledgments 293

Index 295