Name: Tony Harris
Title: Consultant, Cyber Security
Employer: KPMG LLP
Location: Vancouver, Canada
Education: MSc, Cyber Security (in progress) from the University of Liverpool, and Bachelor of Arts in American Studies & International Relations from the University of British Columbia
Years in IT: 8
Years in cybersecurity: 7
Cybersecurity certifications: CISSP, CISM
How did you decide upon a career in cybersecurity?
I began my career in general IT processes eight years ago as your typical jack-of-all-trades IT. I wanted to narrow my focus into a specialty that I'd be interested in and cybersecurity ultimately was that choice. The reason was because cybersecurity was a fast-paced and challenging environment, which kept me going compared to other specialties (i.e. DevOps, Systems Administration, and Helpdesk).
Why did you get your CISSP®?
I wanted to learn more about the business aspects of cybersecurity. As someone with a technical background, I understand that cybersecurity is not just a technical risk, but an organizational risk. The CISSP program gave me an additional insight into how cybersecurity affects different aspects of the business and what best practices are to be able to balance security and organizational goals.
What is a typical day like for you?
As a consultant, my typical day varies. Some mornings start out with meetings with senior executive members to discuss gaps between leadership and different business units. Some start out with presentations and organizational assessments. Ultimately, it is about understanding the different organizational environments and providing them with tailored recommendations on what is the best practice, and how might one go about to achieve that.
Can you tell us about a personal career highlight?
A highlight in my career would be being selected by (ISC)² to participate in their exam development process. I had the opportunity to contribute my knowledge and experience for future security practitioners, and meet approximately 20 other individuals from varying countries to share their knowledge and experience in the cyber security realm.
How has the CISSP certification helped you in your career?
The CISSP certification has helped me immensely because it identifies me as an individual that is not just proficient in technical skills, but management as well. Most individuals think of cybersecurity as merely a technical problem, but that is in fact not the case in the real world. It's about tying business priorities with risks, and encompasses not just the IT department, but the organization as a whole.
What is the most useful advice you have for other cybersecurity professionals?
I cannot stress enough on learning. Due to the nature of our work, we need to stay on top of current landscapes, trends in cybersecurity issues, as well as new technologies. One of the most exciting aspects on this position is the requirement to be constantly updated; this is something that cannot be found within other industries. As a cybersecurity professional, you are presented with different situations every day, and your best defense is to keep yourself up to date.
Aspiring to be a CISSP? Download the Ultimate Guide to the CISSP.