How did you decide upon a career in cybersecurity?
It honestly just happened upon me. I loved video games growing up and decided to pursue an education in information technology and business - MIS. I later discovered that my love of computers pervaded enterprises in ways I couldn't have imagined and dove head first into the world of IT and eventually cybersecurity.
Why did you get your CISSP®?
Before I obtained my CISSP I had a couple of other certifications (Six Sigma, ITIL, CISA, CSM, and CRISC). They were all relevant to my work as an information security professional, teaching me skills like audit, project management, organizational influence, and proficiency in security controls. However, at the time I struggled with communicating exactly how I leveraged all of them in my work on a daily basis. Not only did the CISSP help tie the breadth of my experiences together, but it also validated the depth of those experiences and helps me assure clients and employers of my proficiency in the infosec industry.
What is a typical day like for you?
A typical day can range vastly for me. The only thing that remains constant is that I continually run multiple projects to help the company grow along its security maturity model. Some days are heavily ingrained in research. Some days are booked full of meetings with leadership. And some days I'm tied to my desk working on marketing materials, presentations, or writing policies. It really just depends on what the company needs that particular day.
Can you tell us about a personal career highlight?
One thing that I'm particularly proud of is my ability to influence those around me. To spread my reach and increase my audience, I lobbied to get security recognized as a feature; much like any other feature that our products tote. The result was just that. My department is recognized as a feature/product team and we present during the enterprise product board meetings just like any other team to talk to leadership, address departmental dependencies, and promote cross-functional collaboration on a quarterly basis.
How has the CISSP certification helped you in your career?
As far as marketability, the CISSP has opened up a broad range of opportunities for me. As a premier generalist information security certification, it enables me to be extremely flexible, both on paper and in person. In my day to day work, the knowledge I gained in preparation to sit for the CISSP exposed me to domains and lessons that I had not had to dive into prior to the exam. Expanding the breadth of my knowledge not only let me see the bigger picture regarding organizational security maturity, but it also made me more effective when talking to the various stakeholders at my company as a member of the GRC team.
What is the most useful advice you have for other cybersecurity professionals?
Be patient. Security isn't typically a revenue generating function. In fact, it's seen as more of a cost or luxury at times. With that being said, I believe we need to re-focus and do what is best for the business, all the while championing security. We need to be more sensitive to the needs of the business and not grow impatient, because that will limit us from being accepted as partners and further throttles our progress. Patience is key, vigilance is required, and collaboration paves the road to the fulfillment of mutual goals.
Aspiring to become a Certified Information Systems Security Professional? Download the free CISSP planning kit today.