Career Day
On June 10, 2022, I was invited by Melba Mullins to Hillside High School’s Career Day to speak about careers in Cyber Security. Over 200 students went from table to table to explore career options in various industries (i.e. Military, Police Force, Firefighters, Funeral Home Owners, Lawyers, and Accountants). But of those 200 students, very few knew about Cyber Security. I left feeling discouraged and concerned. There was clearly a direct correlation between this experience and the lack of diversity in Cyber Security.
As a Cyber Security professional and CEO of Cook Consulting Group – a Cyber Security Recruitment firm that I founded specializing in diversity hiring – I’ve often noticed a diversity gap within the field. Specifically, as it pertains to African Americans. By participating in Hillside’s Career Day, I realized the two factors that feed into this Cyber Security diversity gap:
1. Lack of Awareness – While many schools have implemented Science Technology Engineering Math (STEM) programs within their curriculum, these programs do not provide insight into the field of cyber security. As a result, school curriculums should consider including Cyber Security as an elective, which would create a cybersecurity education pipeline. According to zippia.com, only 8% of the Cyber Security workforce in the US identify as Black or African American. Offering these electives to 7th-12th graders would provide youth with earlier exposure to the field, which could increase the number of Cyber Security graduates.
2. Cyber Security Intimidation and Perception – The most common misconception associated with Cyber, is that to be a Cyber Security professional you must be able to code or hack into a system. I can do neither, but I’ve had great success in Cyber Security. There must be more discussion around non-technical career paths in Cyber Security. This would encourage more candidates of diverse backgrounds to believe a career in Cyber Security is attainable. Most think they don’t have the technical aptitude, which is anything but the truth.
There needs to be an effort in promoting the non-technical career paths within Cyber Security. For professionals looking to start a non-technical career in Cyber Security, below is the list of domains and responsibilities that do not require deep technical skills or knowledge:
Non-Technical Career Paths
Governance, Risk, and Compliance
This domain provides an overview of information systems security management, and covers:
- The availability, integrity, and confidentiality of information
- Principles of security governance
- Compliance requirements
- Legal and regulatory issues in information security
- Information technology procedures and policies
- Risk-based management concepts
Asset Security
The domain of asset security includes the physical requirements of information security. This includes:
· Handling requirements
· Data security controls
· Retention periods
· Privacy
· Classification/ownership of information and assets
Identity & Access Management
The domain of identity and access management involves controlling the way users can access data. Included within this domain are the following concepts:
· Identity and access provisioning lifecycle
· Authorization mechanisms
· Integrating identity as a service
· Third-party identity services
· Identification and authentication
· Physical and logical access to assets
Security Assessment & Testing
The domain of security assessment and testing focuses on the performance, design, and analysis of security testing, and includes:
· Internal and third-party security audits
· Test outputs
· Collecting security process data
· Security control testing
· Designing and validating assessment and test strategies
Security Awareness & Training
Security Awareness & Training is responsible for educating employees on best security practices and includes:
· Cyber Security awareness training for new hires
· Simulated phishing attacks for employees
· Facilitate on-demand training
To learn more about the various fields within Cyber Security, follow Cyber Security Launch Pad (CSL). CSL was created to help individuals with varying backgrounds transition into careers in Cyber Security. For more information on CSL offerings you can schedule a free 15 minute consultation by clicking here.
