The IT Security Guru caught up with Tarnveer Singh a CISO and finalist in the Security Serious Unsung Heroes Awards 2023 for his thoughts on how to get more professionals involved in the cybersecurity industry:
There are many ways we can inspire new cybersecurity professionals to join our industry. One way is to increase awareness about the importance of cybersecurity and its increasing demand. This can be done through educational programs at schools, colleges, and universities. Another way is for us experienced CISOs to share our knowledge and experience. We must reduce barriers to entry. CISOs can also provide mentorship and coaching programmes to help aspiring professionals develop the necessary skills and knowledge. Additionally, highlighting the broad career paths and opportunities in the field can attract new talent. Improving Diversity and Inclusion in our sector will help provide a wider breadth of skills and experience and help innovation. Promoting the social impact of cybersecurity can motivate individuals who want to make a meaningful contribution to society.
Awareness about the Importance of Cybersecurity
Cybersecurity is vital in keeping safe both organisations and individuals. Attacks such as hacking, phishing, ransomware and social engineering are on the rise. Cybersecurity is essential in preventing cyber crime. Businesses and other organisations are being pushed both by customers and regulators to evidence how they are keeping their information secure. Consumers have increasing expectations of organisations that any information they provide will be kept safe and actively avoid organisations that have a history of breaches. In the eyes of many, the war on cybercrime is being lost. Ransomware, identity theft, and other cybercrime is on the rise. Simply put, we need more people to join the sector and join the fight back against the cybercriminals.
CISOs sharing our Experience
Reducing barriers to entry is absolutely crucial. I remember when I set out in IT Architecture and was making the switch to Cybersecurity. It initially felt like quite a closed industry with some of the experts I encountered not being overly keen on sharing their knowledge. Luckily, I was very determined. I grew through the ranks as a Security Manager, Security Architect, Consultant, Head of Information Security and then as a CISO. As an experienced CISO I feel it is right that I allocate regular time to give back to this sector and I’d encourage others to do the same. Dedicating time to support those starting out in this sector is important for their development. We need to make our sector more accessible.
Reducing Barriers to Entry
We must reduce barriers to entry. For example, I experienced first-hand when I started in this sector that the cost of books, courses and accreditations was and remains astronomical. Hence I decided to take the lead and share my own experience. I wrote several books to share knowledge with those embarking on a career in cybersecurity. This helped encourage others into the sector. I had found that there are significant financial barriers unless you have companies sponsoring or paying for your training. Hence I released these books at cost price so new starters could access knowledge on best practice for less than the price of a cup of coffee. For those interested these can be accessed on the links below:
Coaching and Mentoring
Coaching and mentoring is a vital lifeline for those starting out in the sector. It helps apprentices to grow in their careers, enhances their productivity, knowledge and skills. Mentoring can significantly improve engagement and attract new starters. Coaching can also really help those with careers in security already to find a next step in their career ladder or to find a role that is more suited to their motivations and skills. I’d encourage all security leaders to share their time. As an experienced CISO I feel that I need to step up and do my part in this. I am providing coaching and mentoring with those who feel they need some support in the sector. I’m happy for anyone needing mentoring to reach out to me on LinkedIn.
Highlighting the Breadth of Career Paths and Opportunities
A major skills gap in cybersecurity has developed. We do not have enough people with the right skills to tackle the persistent and growing level of cybercrime. Our industry needs all types of people. The industry is perceived by some as only for very technical people. This is not always the case. Of course we need technical people of course but a great deal of cybersecurity is about people themselves. Influencing people across the organisation to change their behaviour is an art in itself. Often in organisations there is an entrenched culture which may not always be a secure one. Winning hearts and minds is vital. This is why we need a better mix of people in the sector. Within the sector there are a wide variety of careers and opportunities. We just need to get better at helping society at large to be more aware of the work we do and provide encouragement. From Apprentices to Analysts, Security Awareness Trainers to Architects, we need you! There is a place for you in this sector.
Improving Diversity and Inclusion
Take up of IT-related subjects by young people has declined. Young females in particular are less likely to view IT or cybersecurity as an attractive career. It has historically been perceived as technical and male-dominated. Ethnic diversity in the sector has also been historically poor. The sector is making improvements but greater work is needed on diversity and inclusion.
I think there is more that could be done. Apprenticeship is vital. Something I have done as a CISO is recruiting young apprentices from a wider variety of backgrounds. For some it was their first job after a stint of unemployment. I knew if I gave them an opportunity and support, they could establish a solid career in cybersecurity. Something else I have done through my own security firm, Cyber Wisdom Ltd was developing our cyber awareness programme. As a CISO, it is important for us to do our part in raising awareness of security in wider society. One thing I have done is talks, competitions and workshops for schools and colleges. This has helped children learn about why cybersecurity is important and interactive learning helps embed secure behaviours at an earlier age. This helps them practice good cyber hygiene and safety in their online experiences as well as encouraging young minds to consider a future career in our sector.
Promoting the Social Impact of Cybersecurity
Cyberattacks have a huge impact on society such as the social disruption caused to people’s daily lives. The increasing value of sensitive data, Identity theft and fraud have put individuals at greater risk than ever before. There is increased monetisation of information relating to individuals. People in society have never faced such a level of threat from cybercriminals and other attackers to their information and their digital personas. Cybercrime can leave devastating consequences. The social impact of cybersecurity includes protecting individuals and organisations from cyberattacks, safeguarding personal information and financial assets, and promoting trust and confidence in online interactions. Cybersecurity also plays a crucial role in national security, protecting critical infrastructure, and defending against cyber warfare.
We need to inspire new cybersecurity professionals to join the industry. Educational programmes can help to increase awareness about the importance of cybersecurity. Mentorship and training programmes will also be vital to provide guidance and support to aspiring cybersecurity professionals. Highlighting the diverse career paths and opportunities available in the industry will also help attract new talent. Finally, promoting the social impact of cybersecurity can inspire individuals to pursue a career in the field and make a positive difference in society.
Tarnveer Singh is an experienced CISO and Security Director at Cyber Wisdom Ltd. He has provided Consultancy and Security Leadership at many large FTSE listed businesses. As a foremost expert he has authored several books and has been writing on Information Security for many years.