This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Blogs » Security Blog » Redefining the Role of a Cybersecurity Professional
Manju-headshot

Manju Mude is an industry security leader with nearly 20 years of experience in building information security, risk management, security investigations and vulnerability reduction programs. She is a “Paranoid” Security Leader at Oath, where she helps lead an essential security team defend against adversaries to protect a billion of users. At Oath, she has launched "Paranoids University," an internal training program that teaches all employees on building secure code and systems. Prior to joining Oath, Manju held several leadership positions, including Chief Security Officer of Splunk, Security Leader at Apple, RSA, and Bank of America.

Cyber Security News

Redefining the Role of a Cybersecurity Professional

ITprofessional-enews
November 1, 2018
Manju Mude
KEYWORDS bug bounty program / cyber security careers / hackers / security careers / security talent gap
Reprints

The cybersecurity industry has been around for more than 30 years and undergone exponential growth, but in many ways it is still defining itself in the face of evolving threats. Technology and process are predictably playing a role. But diversity of talent has also become increasingly important to the success of security organizations and is redefining the role of a cybersecurity professional.

The Changing Faces of Cybersecurity Professionals

The words "computer engineer," "security researcher" or even "hacker" tend to evoke the quintessential image of a young male wearing a hoodie typing on his laptop. However, anyone who has worked in cybersecurity would know differently. Today’s average cybersecurity incident, for example, certainly involves computer engineers and the like, but also lawyers, writers, communicators, investigators and a varietal of other expertises based on the nature of the cyber incident. If an attack was state-sponsored and involved journalists, maybe a business and human rights professional was required. Or if an attack involved a criminal operation running a business email compromise scam, perhaps an expert in internal employee communications is needed.

Day-to-day work also shows breadth of new talent in security organizations. For every security bug found in an app, there is a team of people involved in triaging and resolving that bug. This certainly includes the software developer of the app, but also the security team with knowledge of attack vectors, the organizational leaders budgeting the operation, internal engagement teams developing awareness campaigns, and generally people who may think differently about problem solving. In other words, for every bug, imagine 100 people working to fix that bug, with each person bringing unique value toward reducing risk.

The Ideal Cybersecurity Professional

Skill sets like coding and legal analysis can be taught. Instincts and strategic sensibilities, however, can be much more difficult to come by. In a cybersecurity context, both skill sets and instinct are important. An ideal cybersecurity professional will possess both, which has put greater demand on diverse talent pools.

Companies and organizations with cybersecurity teams are increasingly seeking candidates that meet a baseline of skill sets but then also exhibit other valuable characteristics. For example, a lawyer may be a quick learner proving valuable when she needs to understand new technology. Similarly, a communicator may be detail-oriented or a project manager may adapt well to change.

Applying this lens to talent pools expands them as well. For example, by exclusively hiring software engineer candidates, we might only think about the threats that said engineer would consider; we might miss the threats that an HR or marketing professional could see. Hiring candidates from different regions can be of value too as they could possess different cultural or political insights.

The Skills Gap Persists

Like most STEM fields, security workforces often lag other industries in terms of drawing from a broad talent base. Research has long-illuminated the barriers to STEM jobs for many underrepresented groups, including cultural norms perpetuated by media, college affordability and feelings of exclusion in the workplace. The nature of security is also at odds with inclusivity as more often than not security organizations operate secretively. The result has been a gulf between talent pools and a burgeoning technological field in need of diverse talent. Left behind are not only the underrepresented racial, gender and ethnic groups, but also multi-disciplinary talent, such as psychologists, teachers, communicators and artists. As cybersecurity roles are being redefined, this societal trend must change too.

We Need Everyone

To the cybersecurity professionals out there: We need to grow, adapt, and diversify as an industry and to do that, we need everyone. And we need to approach our recruiting with this perspective in mind.

To the uninitiated: we need you. A cybersecurity career provides a dynamic and global career path. It’s at once exciting and complicated, and demands well-rounded individuals. Whether you want to fight malware or cybercrime, innovate data privacy, challenge assumptions or educate your peers about keeping data safe at work and at home, there is opportunity.

Blog Topics

Security Blog

On the Track of OSAC

Recent Comments

Insufficient information

Thankyou so much for sharing such an informative...

I just wish my mechanical lock had a...

security

Security

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Manju-headshot

Manju Mude is an industry security leader with nearly 20 years of experience in building information security, risk management, security investigations and vulnerability reduction programs. She is a “Paranoid” Security Leader at Oath, where she helps lead an essential security team defend against adversaries to protect a billion of users. At Oath, she has launched "Paranoids University," an internal training program that teaches all employees on building secure code and systems. Prior to joining Oath, Manju held several leadership positions, including Chief Security Officer of Splunk, Security Leader at Apple, RSA, and Bank of America.

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

cybersecurity-blog

European Hotel Group Suffers Data Breach Impacting 600,000 Hotels Worldwide

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing