Jessica Gulick has not only witnessed the cyber security industry’s astonishing growth, she’s played an integral role in the development of the next era of its professionals.
As the vice president of the Women’s Society of Cyberjutsu, a non-profit that empowers women to succeed in cyber careers, Jessica encourages women to build their technical skills and access affordable, quality training.
Jessica is also founder, president and CEO of Katzcy Consulting, a growth strategy and marketing firm specializing in cyber security startups and SMBs.
We sat down with Jessica to discuss how advanced education and training opportunities are shaping the cyber security sector.
Q. How has cyber security changed over the years?
I would say cyber security has changed quite a bit since 1996, when the CIO role really came into play in organizations for the federal government and commercial organizations. Out of it came the need for security.
I’ve seen security become an internal piece of the IT organization, as well as grow to be its own area of expertise. It’s really its own ecosystem. Now, businesses, academia and organizations throughout the public sector focus solely on cyber security, versus just being a piece of securing IT.
Q. What are the main skills and training cyber security professionals will need as the field evolves over the next five years?
You see a lot more focus on understanding how we can advance behavioral analytics, watching people’s behaviors online and watching systems’ behaviors online to determine what is not normal and what is normal. I think you’ll see programming skills around Python. This is a big deal in many security organizations.
If you look at the dynamics of a security office or organization within a bigger company, some of the financial institutions can be 400-700 people large, which is amazing. You have to say: are all those people response analysts? They aren’t. Some of them are compliance, some of them are auditors, some of them are incident responders, some of them are forensics and some of them are policy. Overall, a wide variety. However, some of them are also programmers. They’re coders. They’re building more secure code and really trying to build security into our applications and our networks.
Q. What are some emerging trends and alternative training methods in cyber security education?
The two things I would speak about are cyber competitions and hackathons. Both are very different.
Cyber competitions provide an applied-use environment for cyber and IT professionals. It’s really important because when you deal in the digital world, sometimes we can have all the skills, but if we don’t know what to look for or what it feels like, we find ourselves in jeopardy of not being able to provide the best performance. Cyber competitions come in all shapes and sizes, from defending to attacking to more of a forensics competition, which is trying to figure out what happened.
Hackathons, unlike the name, are all about building, not hacking. Hackathons are really big in colleges, organizations and companies right now because it’s the idea of this agile development that’s kind of crowdsourced. It’s the idea of: “Let’s do some ideation and figure out the problems we want to solve and let’s take a finite time and finite resources and let’s quickly prototype an answer.”
Q. What is something professionals trying to get into cyber security might not be aware of when making the transition?
I tell people it’s very hard to get into cyber security, but if you can, get in any way you can and build from there. Use your background in IT, but also get involved in blogs, get involved in communities, meetups and conferences. Get exposed to the community and the culture because it is very different than information technology.
Start contributing to the overall conversation. Be willing to try out different things because there’s such a wide spectrum of cyber security – how you apply it, how you look at it and how you access it is very different to your typical infrastructure, IT or data center management positions. Research and immersing yourself in the culture is critical.
Q. How do you see cyber security jobs evolving in the next five years?
I think going forward, the job descriptions and responsibilities might be more cross-functional. Not just having an incident-response person, but you might have an incident-response person that also has forensics experience. You won’t just have an operations expert, but an operations expert who understands policy and requirements and regulations.
Agility and advanced skill development will determine the next wave of cyber security professionals. Build your own skills through further education and training, and pave your own cyber security career.