We did an interview with Phil Richards, the CISO for Ivanti all about cyber security jobs; from how to get the training for a cyber security career, to how to do a cyber security job well.
What is your cybersecurity job?
I'm the Chief Information Security Officer for Ivanti, and we make software solutions (products and SaaS solutions) in the markets of Endpoint Management, Endpoint security, Patching, Application Control, Privilege management, Asset and License services, Service Management, and Supply Chain.
What originally got you interested in a cyber security career?
My first job out of college was with Price Waterhouse and I worked with mainframe computers. I was fascinated by the difference in security levels between the mainframe (high security) and the PC (low security). I started a long time ago and personal computers were a new product and there was no consideration of security on personal computers. At the time all the valuable information was stored on the mainframe – so that’s where all the security was. With the advent of hard drives on personal computers, people started to store information on their personal computers, and the need for PC cybersecurity came about, but always lagged behind. I was interested in how easy it was to break the security on personal computers.
What's your favorite and least favorite thing about working in cyber security?
I enjoy almost all aspects of working in cybersecurity. Some of my favorites are discovering vulnerabilities, pen testing (ethical hacking), risk management, and incident management. Information security lets you evaluate contracts, be in charge of incident response, talk to people about the importance of good security, and work as a cyber solution architect. I think what I really like most about security is that you have to know quite a bit about a lot of stuff in order to be good at your career. For example, I have learned a lot about privacy law, network architecture, fire suppression systems, and government security clearance programs. Another great part of working in security is that security always changes. I enjoy learning new things and security makes learning part of your career.
What does a typical day look like for someone in a cyber security career?
It is different for different jobs and people. For someone coming out of school, a typical day includes writing procedures or policy, reconciling login IDs, reviewing log files and alerts, completing incident tickets, and meeting with other departments about security threats or issues. Staff on my teams have a requirement for continuing education and certification in the cybersecurity field, so part of their job includes going to class, reading material, or otherwise learning some new aspect of security and information systems.
Explain how your career impacts companies and organizations.
Let me share an example. During 2018 the European Union passed new legislation called the General Data Privacy Requirement or GDPR for short. My team took this law and figured out how to modify all our internal business processes in order to keep our customer’s data private. We decided that rather than apply the law only to EU customers, we would make it our global standard, which meant that all processes worldwide needed to be modified and that we have to follow the guidelines everywhere, not just in Europe. This has become a major shift for the whole company and has affected every department and team worldwide.
What's a common misconception about the cybersecurity field?
It is a common mistake that the security team at a company is all about technology. While technology is an important aspect of the job, the career entails a much broader scope than just the computers and network.
Is a degree necessary for getting a job in cyber security?
You can always find an employer who is willing to substitute work experience for a degree, but security jobs typically require a great deal of education – including continuous learning after you land the job. Making education an important part of your world view will make you a much better security professional, and more attractive to employers. There are many options for cybersecurity degrees which can help you down your career path.
What about certifications, are they more valuable than a degree?
For the most part, employers will not expect you to have too many certifications coming out of school. The best employers will put you on a learning track which will include certifications as part of your continuing education after you get your degree. As a cyber security professional, you should insist on this with your employer.
What's your advice for someone considering the cyber security field?
Decide if you like to be in school and continuing learning. It is an important part of security and you will need to be comfortable with learning after college to be successful in this field. Also, you need to experiment. Get a computer that is beefy enough to run multiple virtual machines so you can setup a virtual network and try out your skills.
What is the demand for cyber security professionals?
Demand for cybersecurity professionals is exceedingly high. Many times, cybersecurity professionals with competent skills and abilities will be looking at multiple job offers.
What do you look for in someone you are hiring for a cyber security position?
I might be a bit different. I look for the following; writing skills, interpersonal skills, overall intelligence, curiosity, and fit with the team. I am much more interested in these than I am technical skills. I can teach a new team member the technical skills, so I look for the qualities that are more inherent in the person – the stuff I can’t teach.
Is an online university a good choice for someone wanting to study cyber security? Why or why not?
The answer depends on the quality of the program. I think the cybersecurity degree program at Western Governors University is exceptionally well-suited to security professionals. The self-paced learning encourages personal learning and curiosity. The posting requirement enhances writing skills and the team-based classes enhance interpersonal skills.
Why should someone pursue a career in cyber security?
Cybersecurity jobs aren’t for everyone. If you are interested in a job that doesn’t require learning new stuff on a regular basis, you will be miserable in security. If you want to be left alone while you work, you will find that most security jobs don’t work that way. If you don’t like to write – security definitely isn’t for you. Rather than focusing on the things that might make you unhappy, let me also talk about what might lead to tremendous job satisfaction. I personally derive a lot of job satisfaction because I am helping people and companies on a daily basis. When you get into the cyber security field, you are helping protect privacy. You are the defense against criminals and hackers. You are literally keeping the world safe. Go for it, superman!