Have you considered a career as a cybersecurity professional, but weren't really sure if you had the right degree or skillset needed for success? Here, Jay Leaf-Clark, Head of IT at Dashlane, walks you through how to get started in cybersecurity.
Security: What is your background and current responsibilities at Dashlane?
Leaf-Clark: I’ve been a solutions-orientated IT leader for over 16 years, developing and implementing technical solutions to tackle aging and underutilized processes, internal platforms, and technical personnel. My goal is to take an IT department and make it resilient, cutting-edge, user-friendly, and efficient.
Outside of the typical day to day, as an IT department at Dashlane, we have a defined roadmap for the calendar year which we carry out in sections each quarter in the hopes of replacing, rebuilding, and bolstering our current operations so we are always ahead of the game. The biggest part of my job is staying up to date on the latest threats, trends, and solutions the industry has identified for leaders such as myself, and making sure we don’t find ourselves behind the curve when it counts.
Security: Let’s discuss getting started in a career in cybersecurity. Are there degree programs that can prepare individuals for cybersecurity jobs right off the bat?
Leaf-Clark: A good degree in IT or Cybersecurity is a great place to start to build a solid foundation of knowledge, but nowadays there are even more avenues to get experience that are much quicker and more affordable. I got my first two IT security certifications at 16 years old and it was those certificates which landed me my first job at a company while I completed my Bachelor of Science in Information Technology.
Though a degree in Computer Science is obviously a good degree to have, these days, to get a job right off the bat companies are looking for applicants who have practical skills they can implement. So, it's not just what you know, but what you can do!
If you’re looking to get into security, make sure you have a basic understanding of the common types of infrastructure you will support, and try to become as well versed in them as you can (many tools offer free training). A free coding bootcamp also never hurts!
Security: Does an individual need a cybersecurity or computer science degree to get started?
Leaf-Clark: Though I am not entirely convinced certifications are direct indicators that a prospective candidate is qualified to perform a job, typically when looking for a security candidate, I like to at least see a foundational level certification mixed with years of experience on their resume.
Security+, CISSP, and the CISA are all certifications I think are great to illustrate that—at some point in a candidate’s career—they have taken the time to traditionally study and understand the fundamentals of IT security, which hopefully they’ve also built upon with practical experience.
Depending on the specific needs of the professional I'm hiring, looking at more targeted security certifications that focus on areas like architecture, engineering, management, audit & risk, etc. are also worth looking into. Again, though not entirely required, this would illustrate to me a candidate has both the foundational and industry-specific, comprehensive knowledge of security.
Outside of security certifications, it is always promising to know a candidate has a fundamental understanding of the other areas within an organization that most certainly must abide by strong security practices. Certifications in networking, project management, and computer management all demonstrate to a hiring manager that you are not only well versed in security, but in the many adjacent areas that still are impacted by security.
As much as security certifications are welcome, and in some cases, needed to provide the assurance to a hiring manager/leader that you can do the job, nothing beats real life experience. The answers to the problems we as technical professionals face aren’t always as simple as a multiple choice answer or essay question. The right candidate for a role in security is both well versed in security fundamentals and the business operations impacted, but also has the practical experience and interpersonal skills to be a strategic partner and proactive value add to the business.
Security: How can an individual get started in cybersecurity?
Leaf-Clark: While you don’t need that certification, go ahead and get it anyway.
- If you're just getting your start in security, any organization is going to want to see that you’ve taken some steps to illustrate that you have a solid grasp of the core concepts of cybersecurity.
Have a firm understanding of the various departments within an organization.
- To be able to effectively evaluate, understand, and address a company’s security needs, you need to have a solid grasp of how it operates, and not just in security.
Interpersonal skills are a NECESSITY.
- Being an almighty and powerful security guru isn’t worth much if no one wants to work with you. Polish your skills working alongside non-technical stakeholders, because there will be many. All those acronyms you learned don’t mean much of anything to your CEO, so being able to explain things easily and quickly is important.
Never stop learning.
- It’s corny, but it’s true, when it comes to security, there is always something new to learn, so it’s best you find an outlet to receive timely security related information on so you don’t fall behind.”
Do it because you love it.
- Security is a field that continues to grow rapidly and creates space for more cybersecurity professionals to come in and make a career of it (at a pretty decent pay), however, without a passion for it, it can seem pretty dull to most, so make sure you love it.
Security: Are there common misconceptions about cybersecurity careers that need to be dispelled?
Leaf-Clark: One misconception is that you will work alone. Interpersonal skills in security are a must. It’s important to have that understanding even though you’re in the “tech department,” you will support all members of a team, no matter their specialty and talk with everyone who needs IT and security support… which is everyone.
It is also a misconception that larger companies have better cybersecurity protocols and that it’s easier to get large companies to comply.
For example, Twitter employees and Zoom users actually took the top spots on our annual Worst Password Offenders list in 2020 due to breaches caused by weak and re-used passwords. Large companies don’t always have the best cybersecurity protocols, but it’s imperative for all businesses to immediately put into place a robust process to audit, standardize, and continuously monitor the safety and security of the credentials within their organizations.