While a sizable percentage of Cyber Security roles do require a deep technical background, there are several roles that offer fantastic opportunities for physical security practitioners to succeed with the right knowledge and training.
In this post, I provide an overview of several cyber security career opportunities.
Cyber Security Compliance
Cyber Security Compliance, like in any compliance field, is a growing role generally with a worldwide growth in government regulation and new legal frameworks. The role primarily involves understanding legal requirements that organizations need to meet, as published in the law or regulation and gathering information or evidence to prove the compliance level with the requirements.
Common compliance frameworks include:
- Payment Card Industry Standards – for credit card processing
- Sarbanes Oxley (SOX 404 or equivalent) – US publically traded company financials and security requirements
- HIPAA – Health Privacy Regulation
- NERC CIP – Electrical Energy Transmission Critical Infrastructure protection
- Global Privacy Regulation – Protection of Personally identifiable information of EU citizens or others
- Many others
Security Awareness & Training
Training staff and contractors to make good Cyber Security aware decisions when using technology and interacting with computing systems and data
- Cyber Security Awareness
- Cyber Security User Training
Informing leadership on the progress of security program enhancement against the organization’s security goals is important. Leadership needs up to data risk information to make good risk decisions and evaluate business decisions for acceptable risk tolerance
- Security Governance
- Risk Governance
- Security Metrics
- Security Performance and Reporting
Similar to compliance, the process of auditing the current protection levels in a certain building or facility has evolved into auditing for the correct security controls in cyber systems, technology or legal contracts
- Internal security audit
- Vendor Security management
Identity and Access Management
Just like physical security process of issuing ID cards and access rights, Identity and access management for Cyber assets requires similar tasks or authenticating an individual and ensuring their authorization is correct.
Security Business Liaison
Working closely with the business lines has been critical for security teams to understand how business operates and identify where potential risks could exist. Translating business activities into high-level descriptions for security review has become a much more common role.