At no time in history has there been such opportunity for physical security and risk professionals to make the move in cyber security.
I know. I did it in 1999, when cyber security was still an obscure field with little credibility and no recognition as an area of professional expertise. I have watched the progress of this field for nearly 20 years and I can categorically state that the industry is, as a whole, at a crossroads of need and opportunity.
Humble Career Beginnings
First, some background on me so you can judge for yourself what I am saying. I started my career effectively as a security officer in Vancouver, BC, Canada. Minimum wage guarding assignments including watching over piles of sand and holes in the ground. My resume from there included rising through the ranks of the guard company, learning investigations, executive protection, mobile patrol and alarm response.
I worked as a self-employed security consultant and instructor of security guard programs. Eventually, I grew my skills to a point where I needed to expand my work focus to investigate the new field of cyber security, which in the late 90’s was limited to technical security issues like viruses and SPAM email.
From IBM to SC Johnson and Sons
While there was no place to get non-technical training in cyber security, I persevered and landed a job with IBM as an entrée to the industry and worked very hard to translate what I was learning from tech-speak into common language security knowledge, to which I could then apply what I already knew. I was able to rise through the cyber security ranks as a consultant, Manager of IT Security, and finally to a Chief Information Security Officer working for firms like the City of Vancouver, E-Bay, Pacific Gas and Electric, and SC Johnson and Sons, etc.
A Fantastic Opportunity Awaits
Since then, the world has changed a lot, and cyber security risk have changed as well, but in general, the risks have collided in ways that create fantastic opportunity:
Cyber Threats Have Converged with Physical Security Threats
This has, in many ways, brought the cyber and physical security worlds together.
- Portable data storage, like USB sticks, can be used to physically steal sensitive information or introduce a virus to the company system
- Social engineering of employees and contractors now creates huge risk of someone accidental disclosing sensitive information
- Insider threat scenarios bring risks beyond theft from the loading dock, now an insider could give away all the codes to the network, or the secret keys to the most sensitive data.
- Security unaware users can click on a link in an email an open the door to viruses and ransomware that cripple a company’s ability to operate
Physical Security Systems Have Been Moved onto the Data Network
While historically, physical security systems had their own network, they have been moved onto the data network, thus subjecting them to the same risks as all the other systems on the network.
The need to communicate enterprise-wide security risk in the language of business to an organization has created the need to understand security threats in a holistic manner so that business executives can make business context-aware business risk decisions.
There is an overwhelming need for help in the cyber security industry:
- Recently, the US Department of Labor said that by 2020, 66% of all cyber security positions will go unfilled
- The CEO of Symantec, the worlds largest security company, said they expected 1 Million cyber security roles worldwide to be unfilled very soon
Of all the open cyber security roles, there is a percentage that do not require a deep technical background.
Many roles require a solid understanding of security and an ability to understand the technical terms sufficient enough to understand and communicate the risks.
- Cyber Security Compliance
- Security Awareness & Training
- Security Governance
- Security Audit
- Security Business Liaison
- Enterprise Security Risk Management (ESRM)
- Converged SOC and GSOC staff members
- Data Center Security
If you want to understand roles like these more, please be sure to read the article “Jobs in Cyber Security.”
I believe it’s important to note that not only is a move to cyber security great as a development opportunity for your security knowledge and skills, it also provides career enhancement opportunities that just do not exist with a physical security career alone.
While maybe a materialistic fact, possibly more enticing to many is the simple fact that Cyber Security roles simply pay much more than their traditional security counterpart roles. I suggest you look at salary surveys for security practitioners on both sides of the field, I believe you will find a staggering difference in the pay rates; while I don’t submit this is necessarily fair, it is a reality of the compensation world, and provides for a potential financial windfall compared to a career track without a cyber component.
If any or all these interests you, and you believe you have the interest and the courage to try and expand your career with the help you need, then continue reading all this site has to offer.