How did you decide upon a career in cybersecurity?
I actually didn’t start off in cybersecurity. I started my career just doing typical IT functions related to the client/server environments and networks, later moving into programming and system architecture and design. While there are aspects of security in all of that, it was not until later that I moved specifically into a dedicated security role. When I started in IT, connectivity was the major focus and effort, and security was just about the last thing anyone was thinking about.
Why did you get your CISSP?
I wanted to get the CISSP, first, because it is the broadest and most comprehensive security certification. When I was just about to begin working on my CISSP preparation, many told me the knowledge across the domains was “an inch deep, but a mile wide.” Once I started studying, I knew exactly what they meant. Secondly, I liked the fact that you needed to have practical experience in multiple domains, which shows that you are not only knowledgeable, but have already been working in the field. You can’t just be “book smart” to get your CISSP.
What is a typical day like for you?
Like everyone in the field of cybersecurity, I wear many hats. As a result, a typical day can be any combination of working on strategic vision, consulting on security goals, architecture and design, working with implementation partners, and providing guidance and direction to support teams on advanced troubleshooting.
Can you tell us about a personal career highlight?
A highlight for me was when my senior vice president asked me to move into a new dedicated cybersecurity role. With my background and attention to detail, he thought I would be a good fit – and while I had done a lot of work close to security, this was the spark that ignited my passion and dedication to cybersecurity. My only regret is that I did not get into security sooner.
How has the CISSP certification helped you in your career?
I have not had my CISSP for very long, but I have noticed a few things already. For those familiar with (ISC)² and the CISSP, it has provided me with a level of credibility and trustworthiness. For those not familiar, it has given me an opportunity to share information with them about the organization and security certifications. Another benefit has been that it has provided a great opportunity to meet and collaborate with other security professionals though my local (ISC)² chapter and the annual Security Congress conference.
What is the most useful advice you have for other cybersecurity professionals?
As you have seen within the CISSP domains, the breadth of cybersecurity is vast. My advice is to try the different areas of security and find the ones you are passionate about.
Is there anything else you would like to tell us?
With the increasing need to make data and functionality accessible to use anywhere and everywhere, the continual evolution of technology, and the new ever-increasing array of “smart” items, without the proper security, they all become a potential security risk. This new, heavily interconnected world has to be secured, and it will be our collective responsibility to ensure that happens.
Interested in earning your Certified Information Systems Security Professional certification? Download the CISSP exam outline today.