Read what Paul K. Muir had to say on LinkedIn: https://www.linkedin.com/pulse/my-journey-towards-becoming-ciso-paul-k-muir/
I knew from the very beginning of my career that I wanted to specialize in cybersecurity. I started my career twenty years ago as a second-level platform support analyst at an insurance company. It was a great job, I worked with some very smart people, and I wanted to differentiate myself from the rest of the analysts, so I studied networks. This led to a role on the network team. I volunteered to take the lead on our network security controls, and I was fortunate to have a manager with the patience to let me learn and grow in that role. At the time, I wasn’t confident in my cybersecurity skills; as a result, I was uncomfortable asserting my knowledge and skills. I spent several years listening and learning and developing my skills.
In 2012, I accepted a position at McMaster University as a specialist on the security team. This was my first role that was solely focused on cybersecurity. I reached this position with my hard work, dedication, a commitment to learning and continual self-improvement, realistic goal setting, persistence, perseverance, and determination. I also want to acknowledge the impact that complementary education that has had on framing my perspective and giving me a broader view that extends beyond technology controls.
- Studying service delivery has provided me with the vernacular to communicate security needs effectively.
- Studying project management helped me to view security as a crucial quality element of digital service delivery.
- Studying risk management has helped me to frame control recommendations in a way that helps folks to make good decisions.
- Studying privacy has helped me to view security through the lens of an individual consumer of a service.
- Studying leadership has helped me to tie all of this up into a holistic view of cybersecurity and risk, and develop the tools to engage, encourage, and support folks through their challenges.
I am thankful for the support and guidance I received throughout my career.
My Take on EC-Council’s Certified Chief Information Security Officer (C|CISO)
A professional credential is an excellent indicator to others of your expertise and capabilities. I want to send a strong message to my peers and leaders that I am the resident expert on all cybersecurity concepts, and I felt that earning a credential was an important part of that message. Considering the level at which I was interacting with folks on cybersecurity and risk, the EC-Council’s Certified Chief Information Security Officer (C|CISO) was the natural fit. And, I went ahead with it.
· Courseware and Training Material
The provided training content was great! The course content was broad with a large variety of topics, and as such, the materials do not dive deeply into many of the topics. The expectation is that you have enough background and experience to understand the concepts, and the references to know where to find the primary resources to which the course content refers. To get the most out of the materials, and to succeed on the exam, a student should expect to spend time refreshing their knowledge of those primary sources.
· Skilled and Experienced Trainer
As for training, I was very lucky to have a great instructor in Joe Voje, and an excellent cohort of cybersecurity professionals from colleges and universities across Ontario attending my course. We were able to really dig into the topics from a shared perspective, which provided great opportunities for the deeper understanding that is required to be successful in writing the certification.
· Comprehensive Coverage of Knowledge
The real value of the training was the breadth of the information that was presented, and the opportunity to refresh my knowledge outside the context of my day to day job.
Why Should You Choose Cybersecurity? And, How to Proceed Ahead?
Cybersecurity is a people problem. Sure, there are basic and intermediate technology controls that you can’t do without, but a strong and mature cybersecurity program engages people at all levels of the organization and involves everyone in the solutions.
- Learn to speak to people about cybersecurity and risk in their terms. Know your audience and use language and analogies that are relatable to them. Have a story to tell, and tailor that story to your audience.
- Engage your audience in the solution rather than telling them what to do. Provide folks with the tools and teach them the skills, and then listen to them. Be open to understanding their day-to-day and the challenges they face so that you can add value to what they do. People want to make good decisions and do the right things; don’t try to change how they do things, instead let them find ways to change.
- Take time to reflect on personal and professional ethics. As a security professional is it inevitable that you will encounter situations that may be difficult to navigate. It can be challenging to balance your work and societal responsibilities and maintain your personal integrity, especially during the heat of an incident or investigation. Consider these matters ahead of time, prepare yourself for those challenges.
Finally, get ready to drink from the fire hose. If you do your job well people will come to you and in droves.