Take a look at this essay by Dave Tyson, CPP, CISSP, MBA, co-founder of Cyber Easy Learning, about security officers pursuing training in cyber security. If you are interested in the program, make sure to follow the IFPO's affiliate link for your purchase: https://cybereasylearning.com/cyber-physical/?affiliate=ifpo
Opportunity is Knocking!
At no time in history has there been such opportunity for physical security and risk professionals to make the move to Cyber Security
I know, I did it in 1999, when Cyber security was still an obscure field with little credibility and no recognition as an area of professional expertise. I have watched the progress of this field for nearly 20 years and can categorically state that the industry is, as a whole, at a crossroads of need and opportunity.
First, some background on me so you can judge for yourself what I am saying. I started my career effectively take this word out as a security officer in Vancouver, BC, Canada. Minimum wage guarding assignments including watching over piles of sand and holes in the ground. My resume from there included rising through the ranks of the guard company, learning investigations, executive protection, mobile patrol and alarm response. I worked as a self-employed security consultant, and instructor of security guard programs. Eventually, I grew my skills to a point where I needed to expand my work focus to investigate the new field of Cyber Security, which in the late 90’s was limited to technical security issues like viruses and SPAM email.
While there was no place to get non-technical training in Cyber security, I persevered and landed a job with IBM as an entrée to the industry and worked very hard to translate what I was learning from tech speak into common language security knowledge, which I could then apply what I already knew to. I was able to rise through the Cyber Security ranks as a consultant, Manager of IT Security, and finally to a Chief Information Security Officer working for firms like the City of Vancouver, E-Bay, Pacific Gas and Electric, and SC Johnson and Sons, etc.
Since then, the world has changed a lot, and Cyber Security risk have changed as well, but in general the risks have collided in ways that create fantastic opportunity:
- Cyber threats have converged with Physical security threats in many ways bringing the Cyber and Physical security worlds together.
- Portable data storage, like USB sticks, can be used to physically steal sensitive information or introduce a virus to the company system.
- Social engineering of employees and contractors now creates huge risk of someone accidental accidentally disclosing sensitive information.
- Insider threat scenarios bring risks beyond theft from the loading dock. Now an insider could give away all the codes to the network, or the secret keys to the most sensitive data.
- Security-unaware users can click on a link in an email an open the door to viruses and ransomware that cripple a company’s ability to operate.
- Physical Security systems, which historically had their own network, have been moved onto the data network thus subjecting them to the same risks as all the other systems on the network.
- The need to communicate enterprise -ide security risk in the language of business to an organization has created the need to understand security threats in a holistic manner, so that business executives can make business context aware business risk decisions.
There is an overwhelming need for help in the cyber security industry
- There are over 3.5 million open cyber security jobs open globally, with over a half million in the US alone.
- The CEO of Symantec, said he expected 1 million cyber security roles worldwide to be unfilled very soon
Of all the open cyber security roles, a percentage of them do not require a deep technical background.
Many roles require a solid understanding of security and an ability to understand the technical terms sufficient enough to understand and communicate the risks.
- Cyber Security Compliance
- Security Awareness & Training
- Security Governance
- Security Audit
- Security Business Liaison
- Enterprise Security Risk Management (ESRM)
- Converged SOC and GSOC staff members
- Data Center Security
If your want to understand roles like these more, please see the article “Jobs in Cyber”
Getting your foundational training and certifications through IFPO is a fantastic start to your career, and I believe it’s important put that knowledge to work for you as your career grows: a move to cyber security is a great development opportunity for your security knowledge and skills, it also provides career enhancement opportunities that just do not exist with a physical security career alone.
While maybe a materialistic fact, possibly more enticing to many is the simple fact that Cyber Security roles simply pay much more than their traditional security counterpart roles. I suggest you look at salary surveys for security practitioners on both sides of the field, I believe you will find a staggering difference in the pay rates; while I don’t submit this is necessarily fair, it is a reality of the compensation world, and provides for a potential financial windfall compared to a career track without a cyber component.
If any or all these interests you, and you believe you have the interest and the courage to try and expand your career with the help you need, then continue reading all this site has to offer.
Dave Tyson, CPP, CISSP, MBA
Cyber Easy Learning