As I read Angela Duckworth's GRIT, where she explains that the secret to outstanding achievement is not talent but a unique blend of passion and persistence she calls "grit," I was able to relate the need for this power of passion and perseverance to be a successful cybersecurity professional and more importantly a trusted cybersecurity consultant. It takes a combination of skills, education, and years of work experience. With the right leadership and the right organization, your security career is on the onward and upward from that point. Here are some things that I have learned along the way and want to share.
Understanding of cybersecurity beyond technology and compliance
As a cybersecurity consultant, you act as a trusted advisor, and this provides you the opportunity to work with customers to accelerate business security goals. You offer security recommendations that are designed to fit overall business objectives while providing compliance with the organization's regulations and policies. It is vital to hone in on practical communication skills.
Effective communication is required to deal with security teams. You have to have regular effective communication with executives, department heads, and sometimes even the end-user. Without strong communication skills, it's nearly impossible to be a successful cybersecurity consultant. Beyond cyber speak, a cybersecurity consultant must be able to understand and explain the risks to the business operations when a security control fails.
Ability to thrive under pressure
Through all the years of delivering as a cyber consultant, one of the key attributes that I found to be common across all successful consultants is the ability to thrive in times of disruption. The consultant should have a passion for turning challenges and opportunities into long-term competitive advantages. An ability to prioritize your workload, work well under pressure, and concurrently manage customers' expectations is a vital part of being a good cybersecurity consultant. We often hear of folks wanting to be a cyber consultant ask about which tools to learn, which technologies to focus on etc. While all those are valid and relevant, having a practical business awareness and an understanding of the cybersecurity challenges faced by organizations is vital to be able to apply the right level of security controls.
Team Player and Problem Solver
As a cybersecurity consultant, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. It is necessary to understand how the consulting business operates and adds value to clients. One of the required critical attributes for a cyber consultant is to think broadly and ask questions about data, facts, and other information. You should be able to embrace diverse perspectives and welcome opposing and conflicting ideas.
Knowledge and skill builder
- Develop your knowledge around national/international security standards, including NIST, PCI, CJIS, CMS, ISO, SOX, HIPAA, HITECH, and other regulatory requirements.
- Gain knowledge of network design, security protocols, and cloud integration security, with excellent analytical and problem-solving skills.
- Understanding the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
- In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform.
- Advanced understanding of TCP/IP, standard networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
- Understanding of malware analysis concepts and methods.
- Familiarity with the Cyber Kill Chain methodology.
- Knowledge of virtualization and the cloud shared security model.
- Knowledge of Linux, UNIX, Windows (including Active Directory), and other operating systems.
- Knowledge of databases such as MSSQL, Oracle, and MySQL.
- Technical knowledge and experience with configuration review tools such as Nessus, Nipper
- Ability to write customized scripts using at least two of Bash, Perl, PHP, Python
- Knowledge of cloud architecture, including:
- AWS, Azure or Google Cloud Security
- Microsoft O365 Security
Certifications and beyond
If you're not from a cybersecurity background, then there are various certification courses that you can undertake to help gain an initial understanding of your knowledge and skills and improve them to make it possible for you to have credentials to become a cybersecurity consultant. But more important than certifications are building a keen general awareness of the current trends in cybersecurity and a dedication to continuous learning.
There are endless paths your cybersecurity career can lead you down. You may be looking to jumpstart your career in cybersecurity or leveling up your skills, moving into a new role in cybersecurity. I hope some of these insights help you get there. I am happy to be part of a team with the GRIT for cybersecurity consulting and hope you find your happy place as well!