Hi! I am Nick Gipson, the Director of Cyber Operations here at Pareto Cyber. This is the conclusion to my 10-Part series on “10 Things I Hate About Cybersecurity: A Love Story” where I dissect the problems within this industry and my personal encounters with them. You can find the other parts of this series here.
As we close out the series, I want to talk a bit about the things that I don’t hate in the cybersecurity industry.
After all, this series has been a love story.
I point out the issues that I see within the field because I think we have something truly special here. Nobody working in cybersecurity has to worry whether what we’re doing is important. We know it is.
We are helping people navigate the confusing digital realm without fear. As individuals and organizations get more deeply embedded with technology, the data they store gets more important. Many businesses could easily go bankrupt if all of their digital records were erased or locked up. Many people could have their lives disrupted by a leak of their bank login info. The stakes are high.
So all of us working in cybersecurity are making sure that those people can continue to go online. We are monitoring alerts so that business can go on as usual. We are pushing patches to systems so that working parents can pay their bills from their phones. We are scrolling through threat databases so that government systems stay online. We are worrying about cybersecurity so that none of the users have to.
Of course, there are scary new hacks and threats appearing in the digital landscape all the time.
The reporting makes it sound like everyone in your grocery store is going to fall victim to ransomware. That’s probably not going to happen.
However, that doesn’t mean that average people shouldn’t be aware of the threats lurking out there. There are constant stories of apps or browser extensions stealing financial information of unsuspecting users. So many people can be careless when accessing sensitive information on their phones. And social engineering will work as long as humans remain human.
That doesn’t mean we should be scared.
These cyber threats are all around us. Our data is already out there whether we like it or not. We can’t escape the digital world, so we must live with its perils.
To use all the cool new technology coming out year after year, we must accept a compromise. For many features to work, we have to provide the vendors with some amount of our private information. Without providing Apple with a scan of my face, I can’t unlock my phone by looking at it. That’s just the cost of doing business.
So to keep everything running, us security specialists have to get back to work.
I would like to highlight some of the feedback that I got on LinkedIn in response to this series.
The second half, focused on employment and working culture within cybersecurity, resonated with people a lot more than the first. After all, we are all people and have to deal with very human problems at work, no matter our field.
I was happy to see some productive debate and disagreement, especially in response to the last installment, The Skills Gap Fallacy. Here are some interesting comments on that post:
Henry McKelvey brought some more insight onto the hiring problem in cybersecurity:
“In a nutshell, we have become so dependent on a person producing sheets of paper proving their worth that we have forgotten that some of the best people were hired and then taught the job”.
Pete Strouse pushed back on my claim that the skill gap doesn’t exist, saying:
“While much of the talent/skills gap is self imposed and hiring processes are broken, that doesn’t mean it’s all vaporware. There are absolutely shortages of people with certain skillsets relative to demand. Senior IT Auditors/Assessors are a good example.”
Jason S. added another solution for the skill gap, suggesting:
“In-house mentoring and internships are great ways to grow your own team as well.”
“I’ve been to some of these corporations and found the same thing. Unused equipment – a slide from one floor to the next that no-one uses (supposed to be fun, but.). These companies have a very high level of employee anxiety. People are overworked. The companies do not see that – why?”
Thank you to everyone for leaving their thoughtful comments and I’m looking forward to reading any future feedback as well.