I’m often asked “How do I get into cyber security?” I usually stress the importance of experience which then leads to the catch-22 of “How do I get experience unless I already have a cyber security role?” This is where qualifications come in. Not because becoming a CISSP or CREST accredited, or any other one of the acronym-soup will make you an instant expert. It’s more that the qualification allows you to apply for that first specialist role and go from there. Whether you then want to become a generalist (like me – I know enough to be dangerous) or a world-leading specialist is up to you, and a little bit of luck.
My break in cyber security came because the president of the company I worked for came out of his office and said something like “Glock. Internet security looks like being a big thing. Go and build me a business.” I co-founded a managed security business and fairly soon found that we were managing thousands of firewalls and other network security stuff for multinational customers. I guess he was right. Solving problems for those customers gave me and the management team general experience and we employed specialists where needed. I think that’s what this chap is trying to say:
[…] Going back to my broader question, should we focus on single roles within cyber-security or should we have hybrid professionals? As cyber-security professionals – generalist to specialist – occasionally being a blend of both is ideal. Both the generalists and specialists provide an essential professional talent pool for any organisation when dealing with ongoing threats. We need everyone to acquire a greater cyber-security awareness and professional recognition. We also need some of them to become cyber-security specialists.