Presentation on theme: "101 uses for an Information Security MSc.. Andrew Beard 2 years running First August – an Information and Corporate Security Security Consultancy. 15."— Presentation transcript:
101 uses for an Information Security MSc.
Andrew Beard 2 years running First August – an Information and Corporate Security Security Consultancy. 15 years in a variety of business and technology roles with PricewaterhouseCoopers (with a common IT risk or Security theme). Have recruited dozens of information security staff over the last 20 years. While at PwC joint author of the Information Security Breaches survey between Worked with many Banks and Insurers as well as Main experience in the financial services sector But also worked with DWP and previously worked for Telecomms, Energy and Local Government organisations. Have been involved with RHUL for about 15 years. Background 2
Information Security related qualifications Historical focus on technical knowledge and skills. Wider range of related qualifications has emerged over the last 20 years (CISSP, ISO auditor). Recognise new security (cyber) challenges RHUL MSc. offers core skills and selective areas for depth Becoming more important to employers. Background 3
Why did you choose an Info Sec MSc.? I’ve spoken with many former MSc. students over the years and their reasons were wide ranging……. “I wanted a qualification that I believed would help me get a good job in the Security industry” “My company thought I needed a qualification to position myself as an Info Sec expert” “I saw a television programme on Cyber crime and decided I wanted to make it my career” “I wanted to work in Security product Sales and thought I needed to understand” “I believed that formal security qualifications were going to become a requirement to work in the industry” “I had a strong Maths background and wanted to become a cryptography expert” “I wanted to broaden my understanding of Info Security, and gain a qualification that demonstrated that breadth” “I felt I needed ta qualification to become a CISO”
Where are they now? Plus many other roles including: IT audit Law enforcement – a variety of roles IT forensic investigators CISOs Security product development and support Noted alumni
Linking your MSc. To a career choice The RHUL course is structured so that compulsory (core modules) are supplemented by selective modules. You may have some guidance already, but if you have clear idea of a career you want to follow, try and align your selective modules so they are consistent. For some security related roles, organisations expect non security specific skills and you will need to balance those expectations if you want a career rather than just a job……..
The right skills for the right career RoleMSc. skills and knowledgeComplementary skills often required Security consultancyVaried: Core skills almost always relevant and technical skills often in demand. Specialist skills e.g. cryptography, tend to attract specialist salary salaries. Analytical skills, business awareness, presentational skills, clear report writing, people management, Wider IT enterprise architecture awareness. IT risk assessment and audit Core skills and information security management skills often relevant. Breadth of knowledge generally required but technical skills also in demand. Business awareness (ability to answer the so what? question) clear report writing, risk management principles. Understanding of audit principles. Regulatory awareness. Security product development/support All aspects potentially relevant, but specialist areas often sought e.g. detailed network security, mobile device security. Market and commercial awareness, strong project management discipline. Penetration testingDepth of knowledge of network, operating system and database security, mobile device security. Naturally inquiring mind (what if?), connected thinking, (so what?). IT architecture and programming. Report writing Security management (Incl. CISO) Core skills and information security management skills often relevant. Breadth of knowledge generally required but technical skills also in demand. Business awareness, wider IT knowledge, people management, risk management principles, effective process development and management. Cyber crime investigations Cyber crime course components. Network security, database, operating system security. General investigatory skills, understanding of motivation, some legal knowledge, particularly of jurisdictional impact. …. Some examples are: Get the balance right and there are wide range of ……..
With a wide range of organisations.. …and public sector In the private sector ….
In short, growing, reasonably well paid and no longer a restricted career path. It seems to be a growing market.. 10
There’s a global element too Globalisation, the erosion of perimeter security, and the outsourcing of back office services has had a significant impact on security and security careers: Organisations people, processes and technology are increasingly spread across different geographical areas and management of security requires not just alignment of the three areas, but recognition of different cultures and their impact. Remote access means that security activity (or activity that seeks to undermine security) does not require physical presence. So, if you use your MSc. enhanced skills to work for global organisations, You may or may not have great travel opportunities, but you will definitely need to consider other cultures and legal jurisdictions. 11
More than just a qualification…. You’re probably already aware of the high regard for the RHUL MSc. Apart from the quality of the course that reflects the reach of the network which RHUL has: Strong links with industry and co-operative working ethos of the ISG "Academia and Industry in Harmony”. Partnerships with, inter alia – I4, ISF, IISP, CREST, OWASP, ISSG, HP (HP open day). External lecturers with wide ranging industry and government experience. UK academic centre of excellence in cyber security. I’d encourage you do use it! 12
In summary Business’s ever greater use and dependency on technology makes information security more important than it has ever been. The opportunities in information security are more varied than they have ever been. High quality, relevant qualifications are in demand and increasingly expected by employers. The value of your MSc. can be further enhanced if you consider some of the types of skill some careers require. Questions? 13