July 20, 2022

I recommend joining organizations like WiCyS, Women in Cyber, Career360, Cloud Security Alliance, etc. These are all great opportunities to network. Take advantage of the introductions that are given to you.  For me, the two that took the advice to turn around and talk to me at the WiCyS National Convention have turned into one hire and one in the hiring process.

Don’t hesitate to ask your friends that are in the industry to make an introductions.

Demonstrate your “curiosity”. Demonstrate that you understand that there are many facets of cyber security, understand them, be willing to express which area interests you and why….for instance:

Cyber security is not just pen testing or threat hunting. Cyber is also governance (policy and standards writing and enforcement, Compliance – managing and maintaining information security compliance efforts (PCI, HITRUST, SOC2, EHNAC, TNAP, HIPAA, etc.), Identity and access management (MFA, Provisioning, Deprovisioning, Single Sign On, VPN, Active Directory), Threat Hunting also includes vulnerability management. Risk Management is also a key skill for Cyber. Security professionals are constantly managing risk for the organization (i.e – if we don’t apply this patch, what risk is it creating for the organization?); forensics are also part of information security. Phishing testing is not the only thing in cyber…..it is part of Security Awareness and Training. 

These are the things that I keep talking with potential “new” to cyber about. When the candidates I talk to say “ I really want to get into cyber”, I ask them which areas are they interested in. I literally got an answer “I am very interested in phishing testing”. When I asked why, they could not answer. Potential cyber people need to do a bit of homework on the field or have a bit of depth as to the “why”.

Judy Hatchett is Co-chair of 2022 Cyber Security Summit and VP Chief Information Security Officer at Surescripts. She sets the vision, develops plans and oversees the execution of Surescripts’ Enterprise Information and Physical Security, Business Continuity and Risk Management Programs. Read full bio