Working in cybersecurity is a bit like a cricket match. If you’re on the defensive, i.e. on the batting side, your job is to fend off attacks from the opposing team’s bowler. The attacker can send several balls your way – they have almost all the time in the world to keep coming at you. But if you’re the defender, you only have to miss one ball and you’re out of the game. To ensure that we can hit back every attack that comes our way, those of us on the defensive side need to be constantly refining and improving our skills.
To work in cybersecurity, you need to love learning. I carve out at least eight to ten hours a week to stay abreast of the latest trends and developments both within Microsoft and the wider sector, because that’s the only way I can effectively advise our customers in my role as Chief Security Advisor.
Growing up in a small town in India, I didn’t have access to the Internet and there was no one who could guide me. My only source of reference for learning about IT, which has been a passion of mine since my school days, was the local library, but few of the books were up to date. It therefore took me a while to get into the industry: I studied business and commerce initially, then I did a diploma in system management. It was while I was working as a system engineer that I had a rude awakening to my own lack of knowledge about the importance of network security, when the web server of the company I was working for was hacked.
This was when my interest in cybersecurity was piqued. I started studying network security; I moved roles and moved companies. Then I was hacked again, when an attacker took over my server and deleted all my company’s files. At this point, I realised I needed to know how hackers think and behave – so I became an ethical hacker and penetration tester. My career has evolved since then, to encompass risk management, governance, compliance, and cloud security, but my curiosity remains constant.
My passion for learning is also what has inspired me to act as a mentor and a teacher to younger generations. I believe everybody should have to learn a little bit about cybersecurity. We live in an increasingly connected world and Internet-enabled devices are everywhere. That means opportunities for hacking are everywhere too.
Currently we have a huge skills gap and lack of cybersecurity talent. And if you work in the industry already, I think it’s your responsibility to help address that. After all, it’s in our interests to create a pipeline of talent with the right skills! I work with several universities in Australia as an Industry Professor and Professor of Practice, shaping their curricula to make sure they meet industry needs. Even in the best schools, curricula are often outdated because of continuous change in technology. This means that students aren’t learning the skills employers want: for example, knowing how artificial intelligence can support cybersecurity efforts.
Perceptions of a career in cybersecurity are often quite different to the reality of working in the industry. When I speak to a class of undergraduate computer engineering students, 90 percent of them will say they want to be penetration testers. And that’s a valid option of course, but it’s not the only one.
Developing a broad range of skills, from risk management and compliance, to people management and communication skills, is vital to stay relevant and enjoy a long-lasting career in the sector. In addition, we have to look beyond the computer science faculty. We need mathematicians and psychologists and programmers and data analysts, all working together as a team to bat off the next wave of attacks. In 2020, there’s far more to cybersecurity than just hacking and fixing.