Over the past seven weeks we have brought you articles containing the responses to the survey questions we asked new people coming into the industry, based on the top trends from Infosecurity’s second State of Cybersecurity Report. This second piece of research surveyed over 50 “next-gen” people, and agreed to publish their responses anonymously.
However one respondent was happy to speak on the record. Haylin Abdulkadir has been employed as an accounting technician of IT contractor ManTech since October 2016, while completing her cybersecurity degree at Purdue University Global. She expects to graduate in late 2020.
In her job she handles approximately 1,000 training request forms a year totally almost $2.5 million in spend for ManTech employees to take training with outside vendors. These were her answers to our seven points of research.
Are you aware of the demand of GDPR, PCI DSS, PSD2 and other compliance frameworks, and what they mean and how they are different?
Nowadays most people use the internet to surf the web, search, access social media, and pay bills online. When entering sensitive information such as a credit card number and/or banking information, we typically don’t think of the consequences and what might happen on the other end. There is always a possibility that a malicious hacker can access the personal data.
Most people don’t know, for example, that they should not enter personal information on websites unless they are secure (HTTPS instead of HTTP). Because of all that, I am aware of the demand of all types of compliance frameworks and how they differ.
Cloud remains a popular part of cybersecurity, especially with Azure and AWS now prevalent. Is there enough training and education on how to work with these “as a service” options?
There are a lot of resources available to educate yourself on cloud, especially online. I personally use the tool called Skillsoft, which has iBooks, videos and articles available online to educate on cloud.
I do not believe the resources are adequate. Each entity needs to tailor the training further so it more closely matches up the services it is using as they could be different. Users need to have a clear understanding of the capabilities cloud services provide, as well as the risks associated with it.
Cloud should not be a term only used by technical people. Instead, everyone should understand it and know the difference between it and the conventional and legacy solutions. Only then can all users better assess the true risk of using such services.
Would do you expect a company to train you in the job on those skills needed for compliance and cloud?
I think it is imperative that the company takes the necessary steps to ensure new employees are well trained on the most relevant and updated information. Companies should not rely solely on reference guides and standard operating procedures to new employees.
Training can be internal, external, or a combination of both. Technologies, rules, and regulations are always changing and affect compliance. Training is an ongoing and a never-ending endeavor.
Are you seeing job ads requiring unachievable levels of experience and qualifications?
Yes, but I believe this is not limited to the cybersecurity or IT jobs. The job search market has been broken for a while now. Job descriptions by human rurces staff who do not know much about the needs of the hiring team. Other times, generic job templates are used for each grade level or position (i.e. cybersecurity analyst). Expectations seem to be high even if the position is for a junior or entry level. This discourages good candidates from applying.
Finally, we still hear reports about malware detection, banking Trojans and ransomware shutdowns. Do you feel you will be ready to deal with these sorts of threats from the work you’ve done?
I am currently completing the third year as a student at Purdue Global to obtain a Bachelor’s degree in cybersecurity. Every class I have completed so far has covered the subject of malware to some extent. I am sure it will be difficult to deal with the ever-evolving slew of cyber and digital threats especially since I am a novice to the IT field. However, I am confident that I am ready for the challenge and look forward to overcome any obstacles along the way.