In an interview with Stellar Labs, San Francisco-based Global Director of Verizon’s Threat Research Advisory Center, Chris Novak, shares his thoughts on the importance of communication and business skills in the cyber security field, the benefits of internal vs. external cyber security teams and how to promote diversity in the cyber security profession.
Why you need well rounded skills in cyber security
Contrary to what you might think, cyber security isn’t just about technical skills. Maybe because it is highly technical, good communication and business skills are all the more crucial. As Chris says in the interview, “I draw a lot of analogies to the medical industry. So you can have the best doctor in the world. But if you can’t communicate with your doctor, if your doctor can’t convey to you what your health issue is or what it is you need to do to get better or what the procedures you may need to go through are going to involve or what you can expect, side effects to be, you’re going to be very anxious or you may not even move forward. You need the technical, but you also need the communications and the business acumen.”
The ability to marry these skills makes for better long-term career prospects. Ignoring business and communication skills to focus purely on the technical, on the other hand, may have the effect of “pigeonholing” your career.
One of the risks of neglecting the non-technical skills is you can be disconnected from your client’s reality. For example, you may have a wonderful technical solution for their problem, but that solution may not be possible to scale for your client’s budget or needs. As Chris emphasized. “I see this a lot in my days that people will make recommendations not necessarily fully understanding how difficult that recommendation may be to apply. And so, having an understanding of the business side of things ensures the recommendations and communication are appropriate and reasonable for the entity that you’re working with.”
Lack of professionals with a robust skillset is an industry-wide issue. Chris cites it as being one of the main problems in cyber security, “…organizations have trouble finding people with the right experiences, that well-rounded kind of the individual that I mentioned. I see as being a gap for a lot of either organizations or individuals, is how they apply the knowledge, the learning, the education and the training to the practical world. It’s not enough to just have training or gone through a class. You need to understand how to actually apply it to the world around you.”
The benefits of internal vs. external cyber security teams
One of the obvious benefits of cultivating an internal cyber security team is your own people know the ins and outs of your systems. They know what data you have and how it’s currently being protected. An internal team that adheres to security standards can ensure your business’ data is protected in the long-term. Chris emphasizes an internal system is a must-have for any business today. “Going from a business with just a couple of people to a business with a few dozen people, to a few hundred, to thousands, to tens of thousands and beyond, you now have a much larger pool of sensitive data to be concerned about. And obviously, as any business grows, it’s not just then about the PII data you have on your employees, you may have sensitive intellectual property about what you do and how you do it. You don’t want that to leak out into the market or to competitors. Or you may have transactions you perform, and obviously, you want the integrity of those transactions to be sound. So you don’t want to move $100 but instead $1 million moves that can be very impactful to the business. So, I honestly think there’s not an organization today that can really survive without an internal cyber security program.”
Bringing in an external team, however, also has distinct advantages. For example, an external team may offer a more objective view of your company and spot weaknesses and gaps in your processes. In addition, they can offer insights from similar businesses and even from other industries that can strengthen your security.
Chris is a big supporter of hiring external teams. “We may see a trend evolving say in the financial services industry, but that trend may not have emerged yet in healthcare or manufacturing. But the fact that people have already been immersed in it and understand how to deal with it. They can take that knowledge from one industry and start applying it to the others to either better defend and protect them so that that trend doesn’t emerge in their industry. Or if they do see it pop up in those industries or areas, they’re better prepared and know and have that experience on how to handle it.”
How to promote diversity in the cyber security profession
A Frost & Sullivan report on diversity in the cyber security profession found “While minority representation within the cyber security field (26%) is slightly higher than the overall U.S. minority workforce (21%), our study did reveal that racial and ethnic minorities tend to hold non-managerial positions, and pay discrepancies, especially for minority women, is a challenge.” As Chris noted, “if we’re going to be successful in anything, we’re going to be most successful if we have diversity of that team, diversity of thought because the challenges that the world faces are also very diverse in a number of ways.” In a field that until recently had no official degree, mentoring has been a big part of motivating minorities and women to pursue careers in cyber security. As Chris stated. “Here at Verizon, one of our new leaders had actually introduced a program called ‘WOW’ or Women of the World. It’s a phenomenal developmental and empowerment program for really kind of bringing our entire workforce and getting everybody included in what we do and really setting them up for success. And so, I think things like that are really helpful. I try to stay as plugged into all of that as I possibly can.”
Chris does a lot of mentoring himself and has given cyber security presentations to his daughter’s Girl Scouts group. Getting children to think about cyber security at a young age helps them understand its implications and evolution going forward.
Protect your future, become a security professional
At Stellar Labs our cyber security programmes teach you both the business and technical skills to secure your career in the cyber security industry. To learn more about our Cyber Security Foundations course, click here.