Ensuring security professionals staying relevant is inevitable

The world has changed ever before and today’s millennials have witnessed the advancement of technology adoption from analog phone to smartphone, ease of food order via smart apps, cars are controlled by software, doing banking from anywhere and many more.

Ok, Is this known as ‘Digital‘ transformation. If yes, its possible because of application modernization powered by cloud service providers and developer community.

Wait, How’s this relevant to the topic of this article? Is that going on your mind.

Let’s get there.

During the year 2000’s – Organization brought security products such as Antivirus solutions, Firewalls, IDS/IPS, Web Proxy, Email Security, etc. Later in 2010’s they invested on products such as SIEM, GRC solutions, Identity Protections, Data Protections, etc. If you’re in this industry for the last 10 or 20 years – you’ve learned some or many of these technology products and many will hold product specific certifications.

Ask yourself – Is that hold sufficient for you to survive for future?

The present market has unique complex cyber security problems that require shift in mindset to understand and solve the puzzle.

Alright, Lets understand the key business problem statement. If you decide to buy a ‘new’ car – obviously you’ll evaluate whether it helps you to save from maintenance expenses. Every business leaders will ask for ‘OpEx Reduction’. How will you help provide solutions that reduces the running expenses. To do that – understand exactly the ‘day in a life’ of your operations team. They are monitoring, triaging and maintaining the asset(s). Here asset refers to user experience, application, hosts, network, connectivity, security and more. For which you require many tools and systems and team of experts to navigate and make meaning out of it. Tough you enable automation with these tools – its adding to your expense.

What if you’ve one tool that monitors all of these assets and having lean team with skilled expertise have access and manage it effectively. There you go – you’ve accomplished solving the most complex problem. Learn and understand the modern monitoring and security platform – DataDog.

Next key business problem statement that business leader ask for help is – How do I secure my business assets. You’ve to understand what’s their mission critical business asset(s) here before making recommendations.

Ah, Now you’ll realize that

  • Their modern business is in microservices architecture and rely to cloud service providers.
  • They’ve to provide access to their systems and data with third parties and business partners.
  • They’ve to adhere to regulatory requirements, data protection laws and maintain compliance standards.
  • They require site reliability engineers, security aware developers, full stack engineers and DevSecOps teams
  • The components are auto-scalable, applications are on containers, using Infrastructure as Code (IaC), and automation everywhere
  • They use API’s, Certificates, Secrets, Tokens
  • and more

Hold on. If you’re in this industry providing security solution during last two decades considering those legacy cyber security products are better placed here with all your skills, expertise and certifications – it’s not going to help your customers here.

Yes – you heard it correct. You’ve to unlearn and start building cyber security skills from scratch

Cyber security requires constant learning and awareness. I write articles and blogs to share future of cyber security related information for the community aspire to keep the digital environment secure. If you’re cyber security professional and reading this article to find recommendations on staying relevant in the market – here you go. Below are my choices for you to start or continue learning.

  • Cloud security posture management – to secure IaaS & PaaS
  • Cloud security access broker – to secure SaaS
  • Cloud workload protection – to detect threats in Cloud service provider environment
  • Container security – protection across 4Cs (Cloud, Cluster, Container & Code)
  • IOT security
  • Identity Protection – to keep machine and human identities access secure
  • Secure Application Development
  • Cloud security economics management
  • SaaS Data protection management
  • Native Cloud security controls enablement and management
  • Threat modelling and attack simulation
  • Cyber table top exercise
  • Blockchain security
  • Dark web monitoring and management
  • Offensive security
  • Cyber Insurance
  • Cyber Breach readiness assessments

Collaboration and effective communication helps to gain knowledge and collectively overcome the cyber security issues for the mobile first generations in this digital economy.