Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 9

Getting Started In Cybersecurity & Perspective

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Good morning, everybody. I hope you're set up for a fantastic Friday. And this is episode 69 of mornings with Mark and I wanted to talk to you about getting started in cyber security again, I'm the reason why we're coming back to this topic again, and we will be coming back again and again because I've been getting so many Fantastic questions from you guys.

I'm about each individual situation and instead of answering everybody individually, which I would love to do, but just based on the volume questions about getting that through the turkey I try to take all those at questions find the common themes and kind of had them together to come back with an episode here and deliver some content likeness.

So what I want to talk about perspectives and getting started in cyber security, so the challenge that we talked about time and time again, is that when you're getting started in cybersecurity, it's very tempting. It's very easy to focus on specific Technologies on specific issues, and we really should be developing the generic Skills that you need so thinking about on the ability to learn quickly.

I'm having that I'm risk perspective understanding how to work with other teams and this kind of stuff, you know around because the technology isn't today can be very different from the technology in 6 months from now in 12 months from now in years from now, right when I first started in computers, it was your Commodore 64.

I was a little kid I started programming very different time. I started moving in through the early days of sea and you know all these different things. I remember the first time I ever got connected online through an acoustic coupler have for those of you that are rapidly Googling acoustic coupler think headset and microphone for your phone your phone.

And then your phone would talk quote on quote to the to the outside world and we would talk on bulletin boards. And there was a really great underground Community. That's a far cry from the fact that now I can holler at my smartphone and video chat with anybody on the planet Earth II so technology will keep you going a long way and have a long and healthy career.

You can't start out of the gate with those so you do need to focus on some specifics. But what I wanted to talk about now is sort of as you've gotten the ball rolling in your security career. Have you gotten that first row spent a few months. I may be specifically working on a set of Technologies or in a specific set of goals within your team.

The fact of getting a perspective outside of that team is absolutely critical. We have made a mistake within the security Community within or organizations of isolating the security team and getting out of that isolation is probably the biggest challenge. For the security team. So once you've got the ball rolling and you've got experience within your security team, one of the things that that team should facilitate or that you should be advocating for is to be able to do a rotation out of security Wyoming job shadowing so job Shadows, normally when you follow somebody around for a Day so a lot of organizations, I know Implement job shadowing for the security job.

So security can go and follow developer for a day for operation person for a day or business person for a day and that's okay, but it's really not understand. You're not really not going to walk away with their respective right unless that person is a phenomenal Communicator. You are really not going to walk away with anything other than an inkling of what might be some of the challenges but if you spend let's say a quarter so 3 months or more doing something else.

Do we need another role within the organization all of a sudden you start to have a completely different perspective on how things work in. Constraints in the challenges and I know this is very difficult to do initially as somebody who is just getting started in cyber security that may be very very difficult.

But this also I think opens up new avenues to come in to cybersecurity because if you're already a developer already in operations, I think you're ideally positioned to transition into cyber security because cyber security folks need that perspective. I've had the good fortune in my career to be a software architect to be a developer and to be a Frontline support to be last line support to run operations at scale to do on security architecture to do a primitive design to do forensic investigation to do policy all of these phenomena rolls and actually made it my mission for a good chunk of my early career to change roles completely basically every single year.

So take a completely different job every year to very my skill-set because for me that was just a way to stay engaged to learn more because there's always And as a cybersecurity professional, this is done me so much good that I can't even I can't even relate it to you how much better? I feel my perspective it is because I've spent a year rebuilding a complete system from the ground-up programmatically right refactoring everything stripping out all the old killed building it up from the ground and I've spent a multiple years doing investigations both.

You don't want people side and on the technical side and all these different experiences of broaden my perspective so that when I'm looking at a security problem, I can look at and go wait a minute while technically we should be doing a you know, all of these other factors are contributing so that maybe you know, the recommendation is not so strongly a butt like a we should be shooting for this but here are some other things to consider you put that risk into perspective.

So what I wanted to leave you with today is that if you were looking to get started in cyber security question, I get a lot of the time was what kind of degree should you be doing or what kind of training should be? Going to come in on when you're starting from nothing.

You should be taking computer science in my opinion. You should be taking something like computer size 7 or software engineering something generic not necessarily cybersecurity specific because you can pick up that stuff afterwards have the broader the base the better even a business degrees anything out there that's going to give you this perspective and show that ability to rapidly learn again core principles if you're already developers are already and operations is Guardian Business Development a business analyst any of these kind of things you're in a perfect position to transition into cyber security.

If you've already got some of that perspective again how to implement in IPS system or how to properly layer defensive depth or evaluate risks. This is stuff that can be taught that perspective is really really hard. So running security teams. I would strongly Advocate that you figure out a way to create some sort of rotational program to make sure that especially your Junior folks, but everybody within your team has the ability to rotate out into other areas of it and the Is this time for a good chunk of time make it a couple weeks.

At least I'm sort of the longer the better because when they come back to you and you they will be much better cybersecurity professionals. You would do something like a new graduate program. We've seen you know, I've seen is working multiple organizations. I'm not just targeted for cybersecurity, but just trying to make better team members and is give them a rotation first year in a job.

You don't every two months or every 3 months they're transitioning into a new role. And yes the other going to get a little bit of everything but they'll get that perspective and I think that's absolutely critical when it comes to cybersecurity. So for those of you who keep asking what kind of degree should be looking at the gate is Broad as possible something that interests you something that you're passionate about follow that you'll transition in later to more specific cybersecurity skills.

You can do have courses are Target cyber security certifications hands-on experience that kind of stuff. That's my opinion. That's my belief. So those are you there already in cyber security engineer level jobs, push out to get a broader perspective try to get Skin to an opportunist rotate into another role to gain a perspective to understand why the Ops guys are always dragging their heels on implementing some of your things once you're living in their shoes and working for the challenges.

They may be realized my light switch is not possible to try to implement what the security cams been dictating write. It needs to be a two-way conversation and you gain empathy by being in those roles. I think that's really a keyword is empathy you gain empathy by being in those roles as opposed to just imagining yourself in those roles and more following around for a day.

So that's my rant for today and I hope that resonates from you with you. Let me know what you think of me up online at Marcos CA down in the comments below or as always by email me at Mark end. CA. I'm curious as to your experiences. How did you get how do you feel you have a broader perspective? How did you get that respected? You think of rotation is a smart thing.

I know it's a challenge from a business perspective, especially with a cybersecurity team is already understaffed, but I truly believe that it will make you a better cyber security professional. What do you think? Let me know. I hope you're set up for a fantastic Friday and a great weekend and I will talk to you online and see on the show on Monday.

Good morning, everybody. I hope you're set up for a fantastic Friday. And this is episode 69 of mornings with Mark and I wanted to talk to you about getting started in cyber security again, I'm the reason why we're coming back to this topic again, and we will be coming back again and again because I've been getting so many Fantastic questions from you guys.

I'm about each individual situation and instead of answering everybody individually, which I would love to do, but just based on the volume questions about getting that through the turkey I try to take all those at questions find the common themes and kind of had them together to come back with an episode here and deliver some content likeness.

So what I want to talk about perspectives and getting started in cyber security, so the challenge that we talked about time and time again, is that when you're getting started in cybersecurity, it's very tempting. It's very easy to focus on specific Technologies on specific issues, and we really should be developing the generic Skills that you need so thinking about on the ability to learn quickly.

I'm having that I'm risk perspective understanding how to work with other teams and this kind of stuff, you know around because the technology isn't today can be very different from the technology in 6 months from now in 12 months from now in years from now, right when I first started in computers, it was your Commodore 64.

I was a little kid I started programming very different time. I started moving in through the early days of sea and you know all these different things. I remember the first time I ever got connected online through an acoustic coupler have for those of you that are rapidly Googling acoustic coupler think headset and microphone for your phone your phone.

And then your phone would talk quote on quote to the to the outside world and we would talk on bulletin boards. And there was a really great underground Community. That's a far cry from the fact that now I can holler at my smartphone and video chat with anybody on the planet Earth II so technology will keep you going a long way and have a long and healthy career.

You can't start out of the gate with those so you do need to focus on some specifics. But what I wanted to talk about now is sort of as you've gotten the ball rolling in your security career. Have you gotten that first row spent a few months. I may be specifically working on a set of Technologies or in a specific set of goals within your team.

The fact of getting a perspective outside of that team is absolutely critical. We have made a mistake within the security Community within or organizations of isolating the security team and getting out of that isolation is probably the biggest challenge. For the security team. So once you've got the ball rolling and you've got experience within your security team, one of the things that that team should facilitate or that you should be advocating for is to be able to do a rotation out of security Wyoming job shadowing so job Shadows, normally when you follow somebody around for a Day so a lot of organizations, I know Implement job shadowing for the security job.

So security can go and follow developer for a day for operation person for a day or business person for a day and that's okay, but it's really not understand. You're not really not going to walk away with their respective right unless that person is a phenomenal Communicator. You are really not going to walk away with anything other than an inkling of what might be some of the challenges but if you spend let's say a quarter so 3 months or more doing something else.

Do we need another role within the organization all of a sudden you start to have a completely different perspective on how things work in. Constraints in the challenges and I know this is very difficult to do initially as somebody who is just getting started in cyber security that may be very very difficult.

But this also I think opens up new avenues to come in to cybersecurity because if you're already a developer already in operations, I think you're ideally positioned to transition into cyber security because cyber security folks need that perspective. I've had the good fortune in my career to be a software architect to be a developer and to be a Frontline support to be last line support to run operations at scale to do on security architecture to do a primitive design to do forensic investigation to do policy all of these phenomena rolls and actually made it my mission for a good chunk of my early career to change roles completely basically every single year.

So take a completely different job every year to very my skill-set because for me that was just a way to stay engaged to learn more because there's always And as a cybersecurity professional, this is done me so much good that I can't even I can't even relate it to you how much better? I feel my perspective it is because I've spent a year rebuilding a complete system from the ground-up programmatically right refactoring everything stripping out all the old killed building it up from the ground and I've spent a multiple years doing investigations both.

You don't want people side and on the technical side and all these different experiences of broaden my perspective so that when I'm looking at a security problem, I can look at and go wait a minute while technically we should be doing a you know, all of these other factors are contributing so that maybe you know, the recommendation is not so strongly a butt like a we should be shooting for this but here are some other things to consider you put that risk into perspective.

So what I wanted to leave you with today is that if you were looking to get started in cyber security question, I get a lot of the time was what kind of degree should you be doing or what kind of training should be? Going to come in on when you're starting from nothing.

You should be taking computer science in my opinion. You should be taking something like computer size 7 or software engineering something generic not necessarily cybersecurity specific because you can pick up that stuff afterwards have the broader the base the better even a business degrees anything out there that's going to give you this perspective and show that ability to rapidly learn again core principles if you're already developers are already and operations is Guardian Business Development a business analyst any of these kind of things you're in a perfect position to transition into cyber security.

If you've already got some of that perspective again how to implement in IPS system or how to properly layer defensive depth or evaluate risks. This is stuff that can be taught that perspective is really really hard. So running security teams. I would strongly Advocate that you figure out a way to create some sort of rotational program to make sure that especially your Junior folks, but everybody within your team has the ability to rotate out into other areas of it and the Is this time for a good chunk of time make it a couple weeks.

At least I'm sort of the longer the better because when they come back to you and you they will be much better cybersecurity professionals. You would do something like a new graduate program. We've seen you know, I've seen is working multiple organizations. I'm not just targeted for cybersecurity, but just trying to make better team members and is give them a rotation first year in a job.

You don't every two months or every 3 months they're transitioning into a new role. And yes the other going to get a little bit of everything but they'll get that perspective and I think that's absolutely critical when it comes to cybersecurity. So for those of you who keep asking what kind of degree should be looking at the gate is Broad as possible something that interests you something that you're passionate about follow that you'll transition in later to more specific cybersecurity skills.

You can do have courses are Target cyber security certifications hands-on experience that kind of stuff. That's my opinion. That's my belief. So those are you there already in cyber security engineer level jobs, push out to get a broader perspective try to get Skin to an opportunist rotate into another role to gain a perspective to understand why the Ops guys are always dragging their heels on implementing some of your things once you're living in their shoes and working for the challenges.

They may be realized my light switch is not possible to try to implement what the security cams been dictating write. It needs to be a two-way conversation and you gain empathy by being in those roles. I think that's really a keyword is empathy you gain empathy by being in those roles as opposed to just imagining yourself in those roles and more following around for a day.

So that's my rant for today and I hope that resonates from you with you. Let me know what you think of me up online at Marcos CA down in the comments below or as always by email me at Mark end. CA. I'm curious as to your experiences. How did you get how do you feel you have a broader perspective? How did you get that respected? You think of rotation is a smart thing.

I know it's a challenge from a business perspective, especially with a cybersecurity team is already understaffed, but I truly believe that it will make you a better cyber security professional. What do you think? Let me know. I hope you're set up for a fantastic Friday and a great weekend and I will talk to you online and see on the show on Monday.