So, you were wondering how to get into security?

Last week I wrote a blog about why it’s great to be a Head of Information Security. My top 5 reasons were all well and good, but how do we become equipped to be considered for these roles? From speaking to those in my network and in my own experience, there are some actions you can take that will bring you closer to being the right fit and having a choice of roles. Here’s my take….

·     Network and then network some more – get involved in the industry, attend sessions that talk about the risks the security industry is facing and consider how these issues might be resolved. New thinking can lead to industry-wide innovation. Attend a lunch/conference with a security focussed peer. Networking helps you to meet connectors in the industry…. The number of people who say…. “if I had never met X, I probably would never have considered a role in security” is high. Relationships can’t be understated.

·     Learn transferrable skills. #If you’re a project manager, put your hand up for security uplift programs or security software implementations. If you’re a leader with a passion for security, seek opportunities to bolster your strategic planning skills, leading in high pressure situations and dealing with difficult stakeholders. Security isn’t an easy role to take on (and neither is leadership) and resilience is key. 

·     Immerse yourself. Find your voice and raise your profile as a champion of security within your organisation. Align your current goals/KRA’s with what your security team are trying to achieve. Seek out a mentor in the security industry to understand how others have made the transition. Better still – seek out a secondment that demonstrates your willingness to get your feet wet during a short project or someone’s leave of absence where you can nurture your security related management skills.

·     Understand risk management/governance. These skills are invaluable in security roles. For example, volunteer to lead the risk register on projects and invest in training so you can articulate the difference between a risk and an issue and accurately determine consequence and likelihood. It’s not as simple as it sounds and these are fundamental skills that will change the way you conduct yourself professionally…even outside of security roles.

I’m sure there are more activities you can undertake. I welcome your thoughts on how other skills can lead to the realm of security/cyber/fraud/etc. If you feel the above actions are both scary and exciting all at once, what are you waiting for?