Tailoring Your Skills to the Realities of Large Enterprise InfoSec

Whilst every organisation should be thinking about their information security and making efforts to secure their data, it tends to be larger organisations that make serious investment in this area.

Indeed, in the UK, Barclaycard surveyed over 250 small to medium sized companies and found that only 20% of companies surveyed rated cybercrime as a top priority. Despite this, 48% had been victims of an attack in the last year, with 54% fearful of such an attack.

Despite the fact that SME’s are clearly at risk, and are regularly being hit by attacks, they seem to be neglecting their own security. For IT professionals looking to make the move into cyber security, this means that the most receptive companies to approach when it comes to making a career in the field are larger organisations. Whilst for established IT pros this may pose little in the way of problems, for those fresh out of training and looking to make a start in their cyber security careers, the current situation presents some obstacles.

Large firms demand experience

Rather like the UK’s engineering sector, there is a serious hiring cliff approaching in information security as more and more experienced staff come up for retirement, with the younger generation lacking the experience of the veterans they are due to replace. Companies are not helping; there is clear bias towards hiring people that can “hit the ground running”, and less of an appetite to take on less experienced trainees. Whilst a common way to build experience is to cut your teeth at an SME where there tends to be more autonomy, responsibility and fast progression, this option is off the cards in a culture where only big players invest in information security.

So what is the newcomer to information security to do to get a foot on the ladder in a large firm?

Expertise in cyber security is not enough on its own. There are a few common gaps in skills that many comprehensive security and IT courses don’t prepare you for. For the most part, these are in areas of applying knowledge to real world scenarios – not from the perspective of applying techniques to real life networks, but the perspective of being an effective advocate for security best practise within large organisations.

Larger organisations present InfoSec pros with a number of challenges:

  • They must pitch security requirements to different stakeholders, often with conflicting requirements and priorities
  • Budgetary constraints will require an ability to devise compromises in applying information security policies
  • Entrenched company culture can be resistant to change
  • Large user bases creat exposure to social engineering threats

The importance of soft skills therefore cannot be overstated. Hiring managers need to see not only evidence that a candidate has the relevant technical skills and a keen grasp of the human element of security, but they also want to see an ability to present to stakeholders, build a case for new measures, work as a team, run a project, and innumerable other skills that have nothing to do with the technicalities of penetration testing, software, IT or networking.

Management Courses

There are some short course qualifications that help people with existing skills in cyber security and IT enhance their ability to apply those skills to enterprise. Many of these come with a recognised qualification.

IT security manager CISM(Certified information security manager)

This course helps professionals establish and maintain security strategy in a way that aligns with organisational goals and objectives, and includes training on establishing business cases for security measures and obtaining commitment from senior management and internal stakeholders. The course involves modules in InfoSec program management applied to the realities of business.

Certified Security Leadership Officer (CSLO)

This qualification covers areas such as organisational structure, managing security policy & security awareness, and will help trainees to apply knowledge of cyber security in a large enterprise environment.

To apply for either of these courses, just register to create your account.

It’s clear that there is a demand for cyber security expertise. However, this expertise needs to be combined with solid understanding of the realities of operating within a large enterprise. Cyber security experts will benefit from a solid investment in managerial, communication and leadership skills if they are to make the most of their existing security knowledge.

For more cyber security courses, check out our homepage.