I'm often asked what it takes to work in cyber-security. I can tell you that most major global organizations (and even some of the smaller ones) will be looking for different people, with different thoughts, and different backgrounds to reflect the diversity of the people who use their technology and services, especially when it comes to solving complex security problems. That includes geographical diversity, educational diversity as well as ethnic and gender diversity.
I grew up in Nairobi, Kenya and thought I was going to be a doctor or maybe even a lawyer- until I encountered a Commodore 64 basic in the computer lab at my elementary school — and then things changed. I decided right then and there that I wanted to work with computers and “help people” but that idea did not crystallize until I got to college. I went to Canisius College in Buffalo NY and enrolled in the Management Information Systems (MIS) program. One of my professors was consulting with the FBI on combating cybercrime at the time and she shared some of her experiences with our class – that’s when I discovered Information Security and finally understood what it would mean to have a career where I could “work with computers and help people.”
My story is not unique at Facebook, our security team consists of people with varied backgrounds who are all working together to protect Facebook and the people who use Facebook. We have leaders who were in the military, law enforcement, large corporations, as well as smaller companies or start-ups. We have a mix of engineering, analyst, and operational roles because security threats come in all forms and we need to address security in a variety of shapes and sizes. I like to think about the work that our security team does in three categories:
- Builders – people who develop security frameworks, tools, processes and procedures
- Breakers – people who test or audit our security systems and processes
- Defenders – People who detect and respond to security events and incidents
If you are just starting out in security, it's important to think of where your strengths are and what type of work you enjoy. As businesses grow and expand, so too does the nature of threats to systems and data security. Investments need to be made in the next generation of information security professionals. This is especially critical due to the shortage of skilled professionals in our industry. According to a 2015 study conducted by ISC2 and Frost & Sullivan, the global cybersecurity workforce will have more than 1.5 million unfilled positions by 2020.
There are lots of opportunities in this field. Equip yourself with the right knowledge and skills and get on board with the right organisations to make a positive difference.