ACCTG 333

Career Advice InCybersecurity
March 1st 2023: MIS 585 – Fundamentals of Cybersecurity Management
Importance of a Common Language
Complexity Is the Enemy of Security. The more complex a system gets, the harder it is to secure. With too many “moving parts”, the
system or interfaces become difficult to secure while still permitting them to operate as intended.
Common Understanding of Terms
We must have a common understanding of terms. Without that, how do we know we are talking/hearing about the same thing?
Common Definition of Terms
• Information – (1) Facts or ideas, which can be represented (encoded) as various forms of
data; (2) Knowledge (e.g., data, instructions) in any medium or form that can be
communicated between system entities.
• Information Security – The protection of information and information systems from
unauthorized access, use, disclosure, disruption, modification, or destruction in order to
ensure confidentiality, integrity, and availability.
• The Difference Between Information Security and Cybersecurity Cybersecurity is a subset of Information Security. Think of physical items that are
valuable assets. For example, classified documents that are on paper (what keeps being
found in president’s residence’s), physical items (the collection of the remaining parts of
that Chinese ‘surveillance’ balloon that was shot down), someone’s personal safety, etc.
That type of stuff falls under Information Security, but outside of cybersecurity.
Links
• NIST https://www.nist.gov
• NIST SP 800-12 Rev. 1 – An Introduction to Information Security
https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final
• Forbes – Information Security Vs. Cybersecurity: What’s The Difference?
https://www.forbes.com/advisor/education/information-security-vs-cyber-security/
2
Who Is Dave (Tuckman)?
Here’s information about me. Don’t worry – we don’t spend a lot of time on this slide.
Professional Summary
• 30+ years leadership, management, and executive level experience in the IT & Cybersecurity, Industries.
• Founded, developed, managed, and sold two business (technology services, e-commerce website)
• Experience building security and compliance, programs based on NIST CSF, NIST RMF, CMMC/NIST 800171, CIS-18, HIPAA, PCI, and other frameworks.
• Experience in performing assessments using, HIPAA, NIST CSF, CIS-18, Zero Trust and other
frameworks.
• Presently Information Security Consultant at FRSecure, conducting risk assessments and vCISO services
• Working on a publication: 100 Pieces of Advice for 100 CISOs
• Currently studying for CvCISO Expert and Mentor level certifications
Community Service
• Currently serving as chapter President for ISACA San Diego.
• Member of (ISC)2, ISACA, ISSA, IAPP
• Recognized public speaker. mentor, mentee, and contributing member of the local InfoSec community.
Links
Certifications
• LinkedIn: https://www.linkedin.com/in/davetuckman/
• ISACA San Diego: https://isaca-sd.org/board-of-directors
• 100 Pieces of Advice for 100 CISOs: https://www.100cisos.com
3
Career Advice In Cybersecurity
Cybersecurity is like no other industry you will encounter. Some say it’s a broken industry (and they aren’t wrong), but I see it more
as immaturity. And despite its immaturity, it is already a critical part of every organization, its employees, customers, and vendors.
Industry Overview
A high-level look at the Information Security
industry, it’s current state, statistics and trends.
RESOURCES
Finding Your Path
Understanding yourself, and what type of
career might be the right choice for you.
Luck is When
Preparation
Meets
Opportunity
Differentiating Yourself
Understand to gain an edge, building unique value in
yourself, and setting yourself apart from the crowd.
DIFFERENTING
YOURSELF
FINDING YOUR
PATH
Resources
Additional resources to help you help yourself:
LinkedIn personalities, organizations, websites /
articles, and books
4
Industry Overview
Sun Tzu said Know the enemy and know yourself in a hundred battles you will never be in peril. When you are ignorant of the
enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are
certain in every battle to be in peril.
A Look At The Industry
Establishing a common language, understanding and perspective of Cybersecurity.
Industry Statistics
The numbers speak for themselves. A look
at industry statistics for context.
Industry Trends
Where is the industry going?
What can we expect in the years ahead?
5
Industry Overview
A career in cybersecurity usually draws up mental images of hackers, hoodies, dark rooms, and general chaos. That spawns from
FUD (fear, uncertainty, doubt), which is a black eye on our industry that we need to fix. We need to focus on solutions.
Career Opportunities
Most statistics will reflect technical positions, but there are opportunities in every facet of running a business.
Take the time to learn and understand your options.
LEADERSHIP ROLES
• Chief Information Security Officer (CISO)
• Virtual Chief Information Security Officer (vCISO) / Consultant
• Security Director / Security Manager
TECHNICAL ROLES
• Assessor / Auditor
• Security Engineer
• Pentester (Red team)
• Analyst (Blue team)
• Incident Response / Forensics
• Developer
• Security Architect
NON-TECHNICAL ROLES
• Accounting
• HR
• Sales
• Marketing
• Business Development
• Customer Service/Support
6
Industry Overview
Roman philosopher Seneca famously declared that luck is when preparation meets opportunity. He couldn’t have been more right.
The people who says a successful person became lucky doesn’t understand the effort it takes in order to achieve success.
Industry Statistics
Young Americans (ages 18 to 26) hold the key to closing the cybersecurity talent gap. The problem is, two-thirds of
them don’t know what the “cybersecurity” profession is, or where to begin to get into this career path.
– City of Boston website
7
Industry Overview
According to a study published by Cybersecurity Ventures, Cybercrime is expected to cost the world economy $10.5 trillion by the
year 2025. In terms of GDP; this would be the world’s 3rd largest economy, trailing only the United States and China.
Industry Trends
Top 10 Cybersecurity Trends For 2023
• State-Sponsored Cyber Warfare
• Data Governance and Privacy Regulations
• Adoption of Cybersecurity Network Architecture
• Access Management Takes Center Stage
• Cybersecurity Will Impact Your Revenue
• Cloud and Mobile Will Feel The Heat
• Operational Technology Is The New Target
• Artificial Intelligence and Machine Learning
• Ransomware Is Still a Big Threat
• Sophisticated Social Engineering Attacks

Top 10 Cybersecurity Trends You Need To Keep An Eye On In 2023

8
Finding Your Path
Finding yourself allows you to understand why you matter and make decisions based on this awareness. This allows you to
continue moving forward, making progress in your life.
Finding Yourself
Understanding yourself, and what type of career
choice(s) might be right for you.
RESOURCES
Identify Your Path
To have a common understanding of terms, understand (and
use) your prospective employer’s definitions.
Luck is When
Preparation
Meets
Opportunity
Matching Goals & Expectations
The closer your goals align with the employer’s expectations, the better the
odds for a mutually successful working relationship.
DIFFERENTING
YOURSELF
INDUSTRY
OVERVIEW
9
Finding Your Path
Your time is limited, so don’t waste it living someone else’s life. – Steve Jobs
Finding Yourself
5 QUESTIONS YOU MUST ANSWER TO FIND YOUR TRUE PATH IN LIFE
1. Why Do You Want to Find Your True Path in Life?
2. What Activities Make You Lose Yourself in Time?
3. Is This My Choice?
4. What is Important to Me?
5. Am I Self-aware?
Lifehack – https://www.lifehack.org/424946/5-questions-you-must-answer-to-find-your-true-path-in-life
5 STEPS TO FINDING YOUR LIFE PUPOSE
1. Find out what drives you
2. Find out what energizes you
3. Find out what you are willing to sacrifice for
4. Find out who you want to help
5. Find out how you want to help
Ask yourself: What do you love to do? And how do you apply this passion to your purpose?
To find your purpose, you need to figure out how you can best use your passions and skills to achieve your
unique goals and solve your unique problems.
Psychology Today – https://www.psychologytoday.com/us/blog/click-here-happiness/201712/five-stepsfinding-your-life-purpose
10
Finding Your Path
People will forget what you said, people will forget what you did, but people will never forget how you made them feel.
– Maya Angelou
Identify Your Path
MATCH YOUR PERSONAL PREFERENCES WITH APPROPRIATE OPPORTUNITIES
Look for opportunities that align with your personal life choices/preferences.
• Does the opportunity match with your career goals?
(don’t chase sales jobs if you prefer to be a developer)
• Do you want to work remote?
• Is there travel involved?
• Is there opportunity for growth?
(do you want opportunity for growth)
11
Finding Your Path
A man has two lives, and the second begins when he realizes he only has one – Confucius
Matching Goals & Expectations
RESEARCH THE POTENTIAL EMPLOYER, ROLE, & IT’S EXPECTATIONS
Do this BEFORE the interview.
• Do your research (look up their website, LinkedIn profile, the interviewer’s profile, Indeed.com, Glassdoor, etc.
• Learn about the position and company culture.
• Identify the company’s culture. Make sure it matches what’s important to you.
• Understand the company’s job description for the position.
• Identify what parts you have experience in, and what you would still need to learn.
• Document the parts where you don’t have experience.
• Document the parts you don’t understand
INTERVIEW PREPARATION
Outside the scope of this presentation
• Check out job interview personalities on YouTube. Use them to get an understanding of what to expect.
• Practice these interview questions ahead of the interview.
• Go into the interview prepared. Anticipate that other candidates have (prepared)
DURING THE INTERVIEW
• Interviews are a two-way street. Be prepared to ask questions, as much as answer them.
• Show up for the interview early.
• Dress appropriately (you should know what is appropriate when you researched the company).
• Ask any questions about any questions in the job description you initially didn’t understand.
• It is ok to bring notes to the interview. Share that you did, it shows you came prepared.
• Be open, honest, and transparent. If you don’t like their answers, it may be a sign they are not a good
match for you.
12
Differentiating Yourself
Employment in cybersecurity is competitive. You will want to give yourself any advantages you can. Developing your skills, and how
you present yourself will you differentiate and set you apart from your competition.
Self-Development
Learn how to differentiate yourself from others, and build a
better you, that sets you apart from your competition.
FINDING YOUR PATH
Develop Your LinkedIn Profile
Create and develop your LinkedIn profile. This is a great
way to connect, network, and learn of opportunities.
Luck is When
Preparation
Meets
Opportunity
RESOURCES
INDUSTRY
OVERVIEW
13
Differentiating Yourself
Life itself is a race, marked by a start, and a finish. It is what we learn during the race, and how we apply it, that determines whether
our participation has had particular value. If we learn from each success, and each failure, and improve ourselves through this
process, then at the end, we have fulfilled our potential and performed well. – Ferdinand Porsche
Self-Development
DEVELOP YOUR PROFESSIONAL SKILLS
• Understand computer and networking fundamentals
• Identify and study skills for the role(s) you want
• Join cybersecurity groups / organizations
• Get Certifications
• Attend conferences
• Internships / Volunteering
• Seek out a mentor
• Follow new technology and trends in your preferred profession
DEVELOP YOUR PERSONAL SKILLS
• Soft skills
• Speaking
• Writing
• Emotional Intelligence
• Communication
• Collaboration
DEVELOP YOUR PROFESSIONAL SKILLS
• Conduct open source intelligent (OSINT) yourself
(see what others see when they search you)
• OSINT others (individuals and organizations)
(see what you can fine by search others)
• Help your employer learn more about their competition
14
Differentiating Yourself
Integrity is telling myself the truth. And honesty is telling the truth to other people. – Spencer Johnson
Develop Your LinkedIn Profile
Your presence on LinkedIn is the first place a company will for you online. What you say on LinkedIn
is arguably more valuable than your resume.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Choose the right profile picture for LinkedIn.
Add a background photo.
Make your headline more than just a job title.
Turn your summary into your story.
Declare war on buzzwords.
Grow your network.
List your relevant skills.
Spotlight the services you offer.
Spread the endorsement love.
Manage your endorsements more proactively.
Take a skills assessment.
Request recommendations.
Showcase your passion for learning.
Share media and marketing collateral.
Get credit for your thought leadership with Publications.
Share relevant content from your LinkedIn feed.
Add comments.
Follow relevant influencers in your industry.
Turn on Creator mode. (learn how to manage creator mode and edit your topics here)
Publish long-form content – and use it to start conversations.
Looking for more insights like this?
Sign up for our weekly blog newsletter to get the latest sales news sent right to your inbox every Tuesday.
15
Resources
The cybersecurity industry is continuously evolving. To keep up, we must continue learning. Fortunately, there are a lot of resources
available.
LinkedIn Personalities
People to follow on LinkedIn, that help show
how to break into the cybersecurity industry.
INDUSTRY
OVERVIEW
Organizations
Overview list of organizations that provide certifications,
support and overall advancement of the industry.
Bridge
Workforce
Gap
Websites / Articles
Websites and articles that provide employment information,
and additional employment opportunity information.
DIFFERENTING
YOURSELF
FINDING YOUR
PATH
Books
Books I encourage you to consider reading, for information
about the industry, and how to get your career jump-started.
16
Resources
Anyone who stops learning is old, whether at twenty or eighty. Anyone who keeps learning stays young. The greatest thing in life is
to keep your mind young. – Henry Ford
LinkedIn Personalities
• David Meece – On a “Mission” to help 50,000 folks “Break into Cybersecurity” around the world
https://www.linkedin.com/in/david-meece-cybertech-dave
• Jason Rebholz – I will teach you cyber security | Follow me for daily cyber security insights
https://www.linkedin.com/in/jrebholz/
• Josh Fullmer – I can help you land your cyber dream job
https://www.linkedin.com/in/josh-fullmer
• Adam Broda – I Help People from Non-Tech Backgrounds Break Into Tech and Engineering Jobs
https://www.linkedin.com/in/adamrbroda/
• Naomi Buckwalter – Information Security Leader
https://www.linkedin.com/in/naomi-buckwalter
• Ron Sharon – Information Security
https://www.linkedin.com/in/ron-sharon
• Mike Miller – vCISO / Senior Security Consultant
https://www.linkedin.com/in/mikesportfolio
17
Resources
Learning and innovation go hand in hand. The arrogance of success is to think that what you did yesterday will be sufficient for
tomorrow. – William Pollard
Organizations
• ISACA – Information Systems Audit and Control Association
https://www.isaca.org
• (ISC)2 – International Information System Security Certification Consortium
https://www.isc2.org
• ISSA – Information Security Systems Association

Home

• OWASP – Open Web Application Security Project
https://owasp.org
• IAPP – International Association of Privacy Professionals
https://iapp.org
• WyCys – Women In Cybersecurity

Home

• CSA – Cloud Security Alliance
https://cloudsecurityalliance.org
18
Resources
The beautiful thing about learning is nobody can take it away from you. – B. B. King
ISACA San Diego Student Sponsorship
https://isaca-sd.org/students
ISACA San Diego will sponsor several student memberships each year. Here are the steps for students to join:
1.Contact us at isacasandiego@gmail.com and let us know of your interest to join. In the email, please provide
your name, school attending, and preferred email address to use for your account.
2.Sign up to join ISACA and choose the Pay Later option to create the order/invoice.
3. Once you have applied, submit your verification of student status here.
(View eligibility requirements for student status)
4.Once these steps are completed, the chapter will provide ISACA corporate a
list of students we will sponsor.
5.We will contact you once the process is completed and welcome you
aboard!
Please visit this web page: https://www.isaca.org/membership/student-membership
for benefits, opportunities, and other membership resource information.
19
Resources
There are some aspects of work you need to keep working on and no matter what environment you are in. Continuous learning is
very important. It’s what I call ‘competitive tension’, which is about having a competition around. – Viswanathan Anand
Websites / Articles
• CyberSeek – To help close the cybersecurity skills gap, CyberSeek provides detailed, actionable
data about supply and demand in the cybersecurity job market.
https://www.cyberseek.org/index.html
• CyberSN – The Cybersecurity Career Hub, matching talent to opportunity.
https://cybersn.com
• City of Boston – Demand for Cybersecurity Workers
https://www.boston.gov/news/demand-high-cybersecurity-workers
• LinkedIn – Guide to Entry-Level Cybersecurity Job Requirements
https://www.indeed.com/career-advice/finding-a-job/entry-level-cyber-security-jobs-requirements
• Forbes – How To Get A Job In Cybersecurity: Cybersecurity Job Requirements
https://www.forbes.com/advisor/education/entry-level-cyber-security-jobs-guide/
20
Resources
There’s no good idea that cannot be improved on. – Michael Eisner
Books
• Unsecurity – Information security is failing. Breaches are epidemic. How can we fix this broken industry?
https://a.co/d/fwjZxf9
• Develop Your Cybersecurity Career Path – How to Break into Cybersecurity at Any Level
https://a.co/d/eqtjnU9
• Hack the Cybersecurity Interview – A complete interview preparation guide for jumpstarting your cybersecurity career
https://a.co/d/68UC04S
21
Thank You!
Q&A