Abbildung von: See Yourself in Cyber - Wiley

See Yourself in Cyber

Security Careers Beyond Hacking
Ed Adams(Autor*in)
Wiley (Verlag)
1. Auflage
Erschienen am 12. Januar 2024
256 Seiten
E-Book
ePUB mit Adobe-DRM
978-1-394-22560-6 (ISBN)
19,99 €inkl. 7% MwSt.
Systemvoraussetzungen
für ePUB mit Adobe-DRM
E-Book Einzellizenz
Als Download verfügbar
A one-of-a-kind discussion of how to integrate cybersecurity into every facet of your organization

In See Yourself in Cyber: Security Careers Beyond Hacking, information security strategist and educator Ed Adams delivers a unique and insightful discussion of the many different ways the people in your organization--inhabiting a variety of roles not traditionally associated with cybersecurity--can contribute to improving its cybersecurity backbone. You'll discover how developers, DevOps professionals, managers, and others can strengthen your cybersecurity. You'll also find out how improving your firm's diversity and inclusion can have dramatically positive effects on your team's talent.

Using the familiar analogy of the color wheel, the author explains the modern roles and responsibilities of practitioners who operate within each "slice." He also includes:

* Real-world examples and case studies that demonstrate the application of the ideas discussed in the book

* Many interviews with established industry leaders in a variety of disciplines explaining what non-security professionals can do to improve cybersecurity

* Actionable strategies and specific methodologies for professionals working in several different fields interested in meeting their cybersecurity obligations

Perfect for managers, directors, executives, and other business leaders, See Yourself in Cyber: Security Careers Beyond Hacking is also an ideal resource for policymakers, regulators, and compliance professionals.
ED ADAMS is the founder and CEO of Security Innovation, an application security training and services company. He has been qualified as an expert witness on cybersecurity in court proceedings and has been a speaker at both major and regional cybersecurity events. He is a member of the Board of Directors for Cyversity, a nonprofit dedicated to improving the lives of underrepresented minorities in the field of cybersecurity.
Part I The Many Colors of Cybersecurity 1

1 Introduction and Motivation 3

2 The Many Colors of Cybersecurity 13

3 Primary Colors: Foundational Cybersecurity Work Roles 29

4 Secondary Colors: Interdisciplinary Cybersecurity Work Roles 61

5 The Guiding Light: "White" Cybersecurity Work Roles from the Color Wheel 101

Part II Cybersecurity Roles in Action 113

6 Software: The Catalyst of Today's Digital Enterprise 115

7 The Power of Diversity and Inclusion in Cybersecurity: Safeguarding the Digital Frontier 135

8 Straight from the Heart (of Cyber) 169

About the Author 233

Index 235

Chapter 1
Introduction and Motivation


I am an imposter.

Many people consider me an expert in cybersecurity, particularly software/application security. Yet, I have no degree in cybersecurity. I have zero security industry certifications. I have never been a cybersecurity practitioner for an enterprise or government agency. So I'm a phony, right? A fraud.

Wrong! Like many of us in this industry, I am mostly self-taught. I leveraged the education and experience I had to build the body of knowledge that has become my own-vast and broad and uniquely "Ed." Nobody has the experience and education that I do. I have proven myself time and time again. I am a trusted advisor to my clients, I am a speaker at industry conferences, I am a cybersecurity talk show host, and I am a sought-after expert for that very knowledge and experience only I have. I belong.

Many of us in cybersecurity feel conflicted. We feel as if we don't belong because we haven't "earned our stripes" or we lack some technical degree, certification, or hands-on experience. Imposter syndrome is real. But I'm writing this to let you know that you don't need a technical degree or any particular certification or prior hands-on experience before starting your career in cybersecurity. Cybersecurity has hundreds of different types of jobs, both technical and nontechnical. I have many friends and colleagues in cyber (many holding C-level positions) who graduated with degrees in Spanish, finance, philosophy, and other nontechnical/engineering disciplines. I have undergraduate degrees in mechanical engineering and English literature, as well as a master's in business administration (MBA). Nothing in my education would lead one to think I'd become a cybersecurity "expert"-yet here I am writing this book after spending the past 20 years in the security field. And I love it. You can too.

As executives, hiring managers, HR professionals, and others who create cybersecurity job descriptions and hire practitioners, we need to be mindful that we reflect realistic requirements for job seekers. One of my good friends, who is a CISO, reminds me that she has seen far too many entry-level jobs that require Certified Information Systems Security Professional (CISSP) certification, for example. The CISSP certification requires five years of industry experience before you can even sit for the exam. These paradoxical blockades abound in the cybersecurity industry; it is our obligation and duty to correct them.

How This Book Is Organized


I've organized this book into two parts, covering the following main topics:

  • In Chapters 2-5, we explore cybersecurity careers using the analogy of the color wheel: I first came across this concept when I saw April Wright deliver a brilliant talk at the 2017 BlackHat USA conference.1 Other folks, like Louis Cremen in 2020,2 expanded on Ms. Wright's talk, and I plan to do the same. I'll discuss cybersecurity via primary colors first (red, blue, and yellow) followed by the blended secondary colors (purple, orange, and green). I also spend time talking about the absence of color in cybersecurity: white jobs. For each of these, I reference what I consider to be the most comprehensive research published on cybersecurity jobs: The Workforce Framework for Cybersecurity, commonly referred to as the NICE Framework (see https://niccs.cisa.gov/workforce-development/nice-framework), published as part of the National Initiative for Cybersecurity Careers and Studies (NICSS) under the purview of the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). But the NICE Framework is flawed. It doesn't include many common jobs that relate to cybersecurity, and it doesn't address how to incorporate security into noncybersecurity jobs, a crucial necessity for defending our digital enterprises.
  • In Chapter 6, we cover software: We can't operate today without the enablement of software, so I dedicate a chapter to it and highlight its importance. Regardless of which job you want in cybersecurity, it will be difficult to avoid dealing with software at some level. Most simply it is the fuel for our connected digital world. The vast majority of cybersecurity jobs do not require knowledge of how to code; however, a basic understanding of how software works, as well as how and where it enables technologies such as the Internet of Things (IoT), blockchain, and the cloud is essential. Say you take a job as a cyber audit or risk professional. Without the ability to assess how the software in scope complies with the standards against which you're measuring, you won't be able to do your job effectively.
  • In Chapter 7, we cover diversity and inclusion: This is a passion of mine. My demographic, middle-aged white males, dominates the cybersecurity workforce in terms of percentage employed. This is a dangerous cybersecurity problem as much as it is a socioeconomic issue. More diverse teams make better decisions, operate more efficiently/profitably, and outperform homogeneous groups; this has been proven in numerous studies. Meanwhile, the cybersecurity industry has millions of unfilled job openings. We have an opportunity to address multiple challenges at once. This is discussed at length in Chapter 7.
  • In Chapter 8, I include interviews and survey results from working cybersecurity practitioners: One lesson I've learned in my career, sometimes painfully, is that I often need help. Some of the smartest, most successful people I know are quick to point to others who have enabled them, supported them, and otherwise assisted them. I interviewed dozens of cybersecurity professionals and asked them the same set of questions about their origin, what they look for when hiring, and challenges they've faced. I share those insights in this chapter along with data collected from online surveys asking the same questions.

Who This Book Is For


This book has a twofold objective, discussed in the following sections.

For Managers, Directors, Executives, and Other Business Leaders


You'll learn to create a relatable framework for the dozens of cybersecurity jobs that exist. Complement the work done by others, for example, the National Initiative for Cybersecurity Education, with practical experience to help build an understanding of realistic expectations, job descriptions, and recruiting strategies. I also provide insights and views into the many different ways the people in your organization-inhabiting a variety of roles not traditionally associated with cybersecurity-can contribute to improving its cybersecurity backbone. You'll discover how developers, DevOps professionals, managers, and others can strengthen your cybersecurity. You'll also find out how improving your firm's diversity and inclusion can have dramatically positive effects on your team's talent. The book should also be valuable to policymakers, regulators, and compliance professionals who want to better understand the roles, responsibilities, tasks, and contributions various job functions provide to cybersecurity hygiene.

For Individuals Interested in Entering the Industry or Furthering Their Cybersecurity Career


You'll learn to create a similarly relatable framework for cybersecurity jobs, particularly those you might not be aware of. Cybersecurity is popularized by the hackers and defenders. Imagery of black hoodies or massive war rooms with ceiling-high screens showing threat intelligence are commonplace when people imagine cyber. But the reality of the industry can be far more mundane-and far more interesting to those not drawn to hacking and war rooms. If you have a background in finance, legal, psychology, law enforcement, or economics (just as a few examples), you can build a lucrative career in cybersecurity. I also want to paint several pictures for you about the world of cybersecurity that might help broaden your perspective and pique your interest further than where it is now.

About the NICE Framework


The National Institute of Standards and Technology (NIST) developed The Workforce Framework for Cybersecurity, also known as the NICE Framework (see https://niccs.cisa.gov/workforce-development/nice-framework). It attempts to be a comprehensive guide to identify and categorize various work roles within the realm of cybersecurity. Its structured approach can help organizations define cybersecurity-related tasks, skills, and competencies required for a successful workforce. It doesn't perfectly reflect job titles that exist in the industry, but I attempt to augment them with actual work roles in each of the color slices covered in this book.

The NICE Framework has three major components:

  • Seven categories that provide a high-level grouping of common cybersecurity functions
  • Thirty-three specialty areas meant to define distinct areas of cybersecurity work
  • Fifty-two work roles, a detailed grouping of cybersecurity jobs comprised of specific knowledge, skills, and abilities (KSAs) required to perform the work

The work roles and related KSAs are valuable resources for any cybersecurity or human resources leader when contemplating job descriptions, performance evaluation, and career pathing. It is also...

Dateiformat: ePUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

  • Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).
  • Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions oder die App PocketBook (siehe E-Book Hilfe).
  • E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat ePUB ist sehr gut für Romane und Sachbücher geeignet – also für „fließenden” Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an.
Mit Adobe-DRM wird hier ein „harter” Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Bitte beachten Sie: Wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!

Weitere Informationen finden Sie in unserer  E-Book Hilfe.