Early in my career, my employer sent me on a course called Network Engineering for non-Network Engineers. As you might imagine from its catchy title, the short course explained a complex communications network to those like me who were responsible for talking about it to the public.
Recalling this course many years later reminded me that even somewhat alien subject matter can always be taught to those who may have come from another area of business or industry. This is also true when it comes to some of the amazing “security people” I have been fortunate to meet throughout my career. (I use “air quotes” because calling them security people in many cases isn’t a complete truth).
Many admired security leaders are appointed, asked or volun-told into security roles based on anything but their technical security skills and via some pretty unusual paths. Despite lacking hands-on security experience, these souls were chosen for qualities that can’t be trained….their integrity, their inherent leadership skills and their clear understanding of right from wrong. Many security people are also chosen because they are great communicators, team builders or can rally the troops when hard times hit. History has shown that being resourceful in filling security roles with unlikely candidates has brought cross-functional role-models into the security space with an understanding of business related risk - experience that some life-long security professionals never have an opportunity to acquire.
I’m not suggesting all security roles within an organisation can be successfully filled with staff from across the business. I’m also not suggesting that there is no need for highly skilled, experienced, dedicated security professionals. What I am suggesting is that sometimes great developers can make great application security staff. Great marketers can make great security communications people. And great leaders who are loyal, passionate about resilience, sustainability and protecting the company they work for can make great Heads of InfoSec teams. Investing in supplementary security skills and expertise for those staff willing to take on the often thankless roles in the security team adds a whole new dimension to an often already stellar career history. It also makes for a well-rounded candidate for boards and c-level positions given the current global climate. As hirers, leaders and role models in this space, to combat this growing need in the security industry….maybe you know someone who could ‘fall' into security (like many have in the past) and stay a while?