Interesting Times Ahead: Why Young Professionals Should Consider Careers in Information Security

Interesting Times Ahead: Why Young Professionals Should Consider Careers in Information Security
Author: Fabiola Amedo, CISA, ISO 22301 Provisional Implementer, ISO 27001 Lead Implementer, Senior Associate, KPMG (Ghana)
Date Published: 4 September 2019

About 10 years ago, when I was deciding on my major in university, I was very anxious about where my decision would lead me. I eventually chose Management of Information Systems, and fast forward 10 years later, I’m working as an information security consultant at a Big 4 firm.

Settling on a career that aligns with your interests, personality and educational background has proven to be quite the challenge for many young professionals of this generation. Apart from aiming to stay relevant and make money – which is usually a hidden aspect of several neatly typed-out CVs – young professionals also seek growth capable of propelling them to extraordinary heights.

Pursuing a career in information security is as extraordinary as the word gets. Reports of data security breaches have become commonplace in our daily lives. Organizations from various industries face myriad threats and require information security professionals to help them address this compounding issue. Despite the vast array of opportunity seemingly laid out on a silver platter for prospective security practitioners, the paradox is there remains a huge skills gap, so there is an ever-increasing demand for information security-related job roles. According to the Global Information Security Workforce Study, there will be 1.8 million unfilled cybersecurity job roles by 2022. This situation presents young professionals with both an opportunity and a challenge.

Here are a few reasons young professionals should consider careers in information security:

Regulatory Changes
The cyber and information security, audit and risk professions are remarkably multifaceted. As a young professional, it is vital that you learn about regulatory and industry changes in your country, and even globally, to better inform your choices for a job role. For example, in my country, Ghana, the Central Bank issued the Cyber and Information Security Directive in October 2018, which requires all financial institutions under its supervision to comply with relevant minimum security standards. This very significant regulatory change has opened up numerous opportunities for information security practitioners in Ghana. There already has been a ripple effect in the financial services industry as banks and other financial institutions require their partners to maintain minimum security standards. It is likely that these partners would also require their affiliates to adhere to security best practices, so the cycle goes on and on. These organizations will need professionals (in-house or outsourced) to help them implement and maintain security standards. The opportunities are endless.

Industry Occurrences
Organizations around the world owe a duty of care to their employees, clients and partners to secure their systems and data. They need the right talent to do this and are actively trying to fill the gap in the educational system by honing skills through mentorship and graduate programs for students and recent graduates. With regulation, advanced persistent threats and industry expectations breathing down the necks of organizations, enterprise leaders are looking for individuals who they can invest in and train to effectively handle the growing volume and sophistication of cyber-attacks. For example, Cisco invested $10 million in a cybersecurity scholarship program that sought to increase the pool of cybersecurity professionals to close the security skills gap and enable individuals (starting from the age of 18) to develop cybersecurity proficiency at the early stages of their careers. There is also the Cyber Security Talent Initiative, which is a partnership of leading companies and universities encouraging students to pursue careers in cybersecurity by offering loans of up to about $75,000.

You Don’t Need to Be a Computer Science Major
Several potential job candidates assume that they require a degree in computer science to pursue a career in information security. This is a myth that needs to be debunked. I have met several computer science majors who ended up practicing accounting, finance, HR and even hospitality. On the other hand, I have met accounting, science, history and literature majors who eventually pursued careers in information security, IT audit and risk. Your degree should not be a limitation, especially in cases where you wish to make a career change. Just like any other professional field, information security requires you to have the tenacity, hard work and the right dose of curiosity to succeed.

Furthermore, acquiring soft skills is equally as important as building technical competencies. Learning how to network with other professionals and write compelling reports is a skill that needs to be developed. Imagine being the senior penetration tester or an SOC analyst in an organization that cannot properly communicate the impact of a vulnerability or make a business case for a solution that is required to management.

There is Room for Growth
From my experience in information security roles so far, I have realized there is always something new to learn. The rate of change in the technology field and the spate of cyber-attacks leaves us all falling in a bottomless pit – in a good way. You can’t afford to be stale, and for me, this has been the exciting yet challenging aspect of my work. News story after news story about seemingly sophisticated and mature organizations left devastated by cyber criminals leaves us wondering if we can ever combat cybercrime. But the nature of data breaches being experienced today is gradually paving the way for tomorrow’s job roles. The reality is that opportunity will come looking for you, hence, you will need to be ready to self-learn and obtain the right certifications to position yourself for the next opportunity that finds its way to you.

To sum this all up, I encourage all young professionals to consider pursuing a career in information security. Also, prior to landing a job role, look for opportunities to volunteer with organizations such as ISACA and (ISC)². Sometimes, you learn the most about networking and soft skills through volunteer roles. Who knows? You might even meet your next employer.

And remember – curiosity and being indomitable will take you to great heights in your professional life.

Editor’s note: For more resources for young professionals, visit 8tr.fenxiong.net/membership.