During Cybersecurity Awareness Month, SecurID will highlight insights and best practices to help all businesses and users do their part to protect themselves, secure remote work, and “#BeCyberSmart.”
But despite its importance, for the last five years, there has been a cybersecurity skills shortage. A report from earlier this May found that there were about 465,000 open cybersecurity positions in the U.S. alone.
The third week of Cybersecurity Awareness Month 2021 coincides with Cybersecurity Career Awareness Week, an annual event meant to inspire and promote interest in and exploration of cybersecurity careers.
It’s an issue that matters to the SecurID leadership team: SecurID Chief Information Security Officer Kelly Sarber, SecurID Global Cloud Identity Architect Ingo Schubert, SecurID Chief Product Officer Jim Taylor and SecurID Governance & Lifecycle Field CTO Chris Williams shared the following reflections on how their careers got started and the advice they’d share with someone considering an infosec career.
We’ll share more reflections from our leadership team on cybersecurity careers later this week.
How long have you been working in cybersecurity? Where did you start and what did you do?
Kelly Sarber: I’ve been in the industry for almost 17 years now. My first role was actually as a SOC analyst for a 24×7 managed security services provider. I was performing intrusion analysis for Fortune 500 companies—that’s where I got my start and exposure to the cybersecurity community, too.
From the start, I saw that people were passionate about this space and being able to work with marquee names was really interesting too.
Ingo Schubert: I’ve been working in cybersecurity since 1996, beginning during my Computer Engineering (Informatik) diploma at a company in Ottawa.
I read newspapers and phone books to find companies in Ottawa that might offer me a place to work for one year. This was the 90s…the Internet was still fairly new and now I feel old. I never did anything but IT Security ever since.
Jim Taylor: I began in 1998 with a proper role in cybersecurity—that’s 23 years.
In my first role, I started as a frontline support person answering calls for a company called CKS Software. They were one of the primary security companies that would synchronize various methods of performing mainframe security management. This was identity management before it was called identity management.
Chris Williams: I started in 1982, pulling night shifts as a Tape Librarian in college for an IT services bureau and communications management organization that had many classified and U.S. Department of Defense contracts. I quickly moved over to operations management—so I’ve been in the business since before it was actually an industry.
What was it about cybersecurity that interested you in the first place?
Kelly Sarber: I went to school for information technology. The way that the IT degree was structured, I learned a little about everything—networking, systems administration, web development. What I really enjoyed about the security coursework was that I got to leverage all of the information across all of the topics into a single focus area.
The other thing I learned in the courses that I took with me was that other fields would always should you what ‘good’ looked like. When I got into security, you learned what ‘not good’ looked like—that was really interesting to me. It was both cross-functional and singular in nature. It was a real fluke falling into a cybersecurity role just out of school, and I loved it.
Ingo Schubert: There was a never-ending supply of things to explore. That’s true for many areas of IT, but Security also had this “defend the world and look cool while doing it” vibe to it that appealed to me.
I compare my pre-pandemic life to James Bond—just without the guns, fast cars and most of the gadgets. Now I’m like a home office version of 007.
Jim Taylor: It was fairly fortuitous for me—I was still trying to figure out who I wanted to be when I grew up.
I had always been always tech-centric—you know early on if you’re a techie nerd. But this was still the early days, and I happened to fall into a role where I could work in IT with a security lens. Security always felt like an enabler: if people can’t log on, then they can’t do anything. We’re not the house but we are the lock on the door
Chris Williams: Security is something that has always been an important part of my career— and was even further emphasized when I was part of Lockheed’s Skunk Works.
I think the most intriguing aspect is the level of ingenuity, sophistication, elegance, and sometimes just brute force that is demonstrated by the hostile actor community—whether they’re independent actors or a nation-state. The sheer volume of malicious creativity is astounding and challenging.
Do you have any advice for someone who is considering cybersecurity or who just started working in the sector?
Kelly Sarber: When you pick this field, you’re also joining the broader cybersecurity community. There are so many people in this space, and they tend to be passionate and helpful about their work.
You’re always learning something new, and it’s the community who you engage and work with throughout your career. It’s not just a job—and because of that, there are so many different focus areas within cybersecurity. So you’ll really be able to engage and find the areas that you’re passionate about, as well as the specific community that you identity with. And the pay is pretty good, too!
Ingo Schubert: Just like any other field in IT, Security has something for many different skillsets. If you are really technical, you can go hunting for intruders, design security hardware or build software that secures millions if not billions of identities worldwide. If you aren’t very technical but are good at discovering or defining processes, then maybe some role in risk management is right for you.
IT Security is a massive field and you may think you’ll never manage to learn it all. You are right. You won’t. Nobody does.
It will be immensely beneficial to learn constantly about everything related to IT Security but try picking one topic or two (like Identity Management—which is big by itself) and go deeper there.
Jim Taylor: It’s better now than it’s been before. It’s become such a critical function. You can’t complete a sentence in the tech world without using the word security. And that’s particularly true for identity and access management security: identity is the new perimeter.
But it’s bigger than that: your digital persona and digital identity are the representations of how you’ll travel through the world. It’s how we’ll live our lives.
That makes digital identity extremely critical and involved in everything that we do. I get more excited by it now than I ever have before.
But we still have a long way to go to mainstream security. Kids come out of school and want to write the next game or app—and they wind up overlooking roles in cybersecurity. It can take you everywhere. Look at what we work and at what we enable: you couldn’t get money or healthcare or do your work. We’re intrinsic to everyday life.
Chris Williams: One thing to keep in mind is that the security industry isn’t something that can be approached lightly—or as an occasional activity. It is incredibly varied, has nuances and complications you’ll not see in other IT practices. It is an ever-changing landscape and constantly evolving.
When security goes wrong, it can ravage everyone from individuals to conglomerates to governments. So if you jump into the InfoSec world, do it with everything you have. It’s a matter of dedication.