When I speak with candidates who are either leaving government roles or actively looking for a new role, I am often asked what programs or courses related to cybersecurity they could take to improve their marketability. A one-size-fits-all answer is a challenge because the operational knowledge needed by someone charged with cybersecurity is similarly broad and complex as the various accountabilities of non-technology security risk roles.
The concept of convergence of both roles whereby a single point of accountability leads the strategy and governance for all security risk initiatives can be an effective approach. While the idea has been out there for quite a while, it is still not widely utilized. There are, however, numerous examples of interdependencies that indicate a need to understand the points of vulnerabilities to best provide a cohesive, coordinated effort to limit and/or mitigate security related risks.
Candidates should gain an understanding of all elements that make up the role of a cybersecurity program leader. If they are considering a career development strategy, they can then decide the path they feel is the best personal fit. There are numerous programs and certifications available that range from an executive overview of cybersecurity to those in which you achieve deep technical competencies.
Cybersecurity functional domains can be broadly categorized in eight areas:
- Emerging Technologies and Market Trends
- Identity and Access Management
- Incident and Crisis Management
- Information and Privacy Protection
- Risk and Compliance Management
- Security Architecture
- Organizational Resiliency Programs & Assessments
- Threat, Intelligence and Vulnerability Management
There are numerous subsets, programs and processes that a CISO has responsibility to develop and execute. Current “Mind Map” models reflect those key topic areas of cybersecurity involvement as:
Business Enablement
- Mergers/Acquisitions
- Cloud Computing
- Mobile Technology
No comments:
Post a Comment