Article

A degree can start your career but doesn't dictate its path

What does it take to begin a career in cyber security? Bundles of qualifications? An in-depth knowledge of the IT Crowd? A music degree?

shutterstock 583197457 bw1

Much has been debated around the beleaguered credit report giant Equifax’s Chief Security Officer possessing a higher education in music composition and not, as may be expected, an IT-related discipline. This has once again brought to the fore the issue of what exactly is needed to enter a career tackling one of today’s biggest global threats.

MWR has never found a background in IT/Security to be a requirement to becoming good at security. Many of MWR’s technical experts come to us from a range of backgrounds including philosophy, biology, and physics. Others had no formal education when they started and we have staff who joined us from jobs such as musician and kitchen porter and are now truly excellent securitists.

This is not to say that computer science degrees are worthless – the majority of MWR’s staff have such a degree – and there may well be a difference in hiring attitudes between the UK and, for example, the US. 

However, MWR works with a large number of security leaders from all backgrounds and have worked with a large number of leaders with no computer security background, as well as excellent security leaders with no formal education at all.

This isn’t just MWR’s experience. A survey commissioned by MWR just last month found that a curious mind and practical on-the-job experience were considered to be the most important traits to be a successful cybersecurity professional. Indeed, out of the 200 high-ranking UK IT Security Professionals surveyed, none felt that a degree of any kind was the most important accomplishment for a potential new recruit.

Furthermore, when asked “What is the most important priority in addressing the industry skills shortage in the UK”, 29% of respondents to our survey felt the answer lay in attracting people from non-IT disciplines. Only improving the industry’s image amongst young people achieved a higher response rate.

So what does matter? MWR’s direct experience, as well as that of those polled is curiosity and creativity, combined with deep on-the-job experience. As a security leader, the job is around building and using internal (as well as external) networks to drive security in the organization. The key skill of great security leaders is getting the organization to take security seriously and that requires communicating risk as well as understanding it. This is something not taught on degree courses but learned over a career of trying and improving.

While the criminal probe into Equifax’s breach is on-going, the cyber security industry must not see the case as a reason not to look beyond the traditional subjects it recruits from. Recruitment from non-IT based disciplines can enrich and diversify an organization’s talent pool.

As one commentator on the marketwatch website pondered, “Would you hire a pre-law major who dropped out of college for any type of IT job?  Would you even consider them for a management or executive position in IT? If you said "no", then you would have refused to hire Bill Gates.”

 

 

Accreditations

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.