Three essential life skills I learned in cybersecurity
When I decided to transition from a career in user experience (UX) and communications to become a cybersecurity professional, I knew I was up for a challenge. It meant entering the field of IT engineering and information security without previous experience, but also committing to an intense three-year training program at Brussels-based CyberWayFinder (CWF).
We dived in as the first CWF group back in 2017, committed to take the same journey as a team. I got excited about taking my new skills into the company where I worked at the time, and did a risk assessment for a user access management tool. That didn’t land particularly well with management, but it made some waves. In that context, it demonstrated that making an argument from an information security viewpoint could carry more weight than a UX argument.
Training as a cybersecurity professional gave me more than meaningful work and technical knowledge. It gave me a few life skills, three of which I’d like to share in this post.
Operating outside your comfort zone
Getting out of your comfort zone in a tango class is different to pushing your comfort zone with a skydive. The same as getting out of your comfort zone for a big presentation at work is different to pushing your comfort zone and asking for that promotion. They involve varying degrees of risk and at least with the tango class and the presentation, you know approximately how long the discomfort will last. A sky dive may quite literally leave you free falling for longer than you bargained for.
When making a career transition to information security, you’ll have to build IT and security knowledge, adapt your attitude and muster up the courage and drive needed to succeed. You’ll be outside of your comfort zone in multiple areas at the same time – and there’s no saying for how long. So the balance to keep is between maintaining a growth mindset focused on learning, and coping with information security challenges in the workplace.
Along the way, I learned that a career transition is a commitment to yourself. Going through this journey as part of a group, I became aware that everyone has their own approach to commitment and their own individual challenges. My approach has been far from linear. Ultimately, it has been a sustained effort to figure out the added value of a security professional coming from a non-tech background, being transparent about ups and downs and dealing with feedback to consistently build knowledge.
A better understanding of technology
Diving into cybersecurity also challenged me to rethink my understanding of technology. Many of us don't pay much attention to how the Internet changed over time. We're happy to have it and connect all our devices embracing a seamless experience.
Cybersecurity professionals have a critical thinking mindset about the Internet. Learning about data in use, data in transit and data at rest framed how we go about our online interactions, information sharing and use of cloud applications. Add to that a deeper understanding of software, of the plethora of devices, and cables that make up the physical Internet. So, it is important to become comfortable with dealing with too much information, and more importantly to make sense of it.
Having a renewed understanding of technology from the security viewpoint and from a user viewpoint, I can no longer look at technology without wondering why security was not part of the design of many of the digital products and services we are using. It became clear how easy it can be to steal unprotected data, to break into an unsecured access point or to manipulate people over the Internet.
Risk management
While learning about cybersecurity, I also entered the wonderful and complicated world of risk management. It's messy and it's human and it's how we make decisions. Whether we choose to cycle at night without lights or invest in stocks, we humans constantly engage in risk management. As part of everyday life, as well as in the workplace, it’s usual that everyone has a different risk appetite, and that most of us respect our differences.
It's been my experience that when it comes to information security, the ability to speak risk management helps curb many frustrations. It can be a great channel for the translation of technical information into business or user information. People don’t always have to understand the technicalities; they have to understand the risks involved. Risk management can be the common denominator where users, businesses and security specialists can meet. It can allow different parties to have a meaningful conversation without having the full knowledge of each other's field. Though it's easier said than done. In information security, this conversation can become complex. However, in day to day life, being able to look risk in the eye, has helped me make better decisions. Rather than going down the path of worrying, I now tend to confront my fears and deal with them.
Perhaps unsurprisingly, I would advise those considering taking the leap of a career transition to cybersecurity to do their own risk assessment. Consider the money and time you have to put in, but also think of the tech skills you’ll gain and the doors your new path will open for you. But don’t forget to factor in the life skills you’ll acquire. They may not be listed on the curriculum, but they are invaluable in an increasingly connecting world.