As a cybersecurity professional, I have sat through many years of boring, bare-bones and dry security awareness training in which I learned enough to meet compliance requirement and pass the annual training to meet business metrics. I have also been a facilitator for fun and engaging security awareness training mystery events and been a part of intriguing, quality-developed virtual pieces of learning and exciting video games that participants enjoyed and even had them asking for more.
I have seen trickery used in phishing campaigns that were deceitful and questionable all in the name of simulating a real, bad actor. I believe that people should look forward to the next training and be entertained and educated while also becoming more capable of spotting suspicious activity wherever they go.
I write this to say that cybersecurity professionals have it hard trying to keep individuals, businesses, governments and non-profit organizations safe, secure and prepared to be ready to spot suspicious emails, text messages, phone calls, and, today, even more realistic artificial intelligence and deepfake videos impersonating trusted officials online or in their everyday interactions everywhere. It is getting easier for all of us to fall for these tricks and scams and have well-intentioned, unsuspecting individuals giving away their personal and private assets. As a result, our reputations are damaged or, even worse, we cause physical and/or financial harm, such as in healthcare settings and banking, where our actions could be detrimental to our families and the overall economy.
Governments, enterprises, non-profit organizations, small businesses, third parties, contractors and their staff must protect their own business data, and their customers’ and clients’ data, too.
Organizations have a bigger responsibility to protect themselves and the people’s trust by creating and building a cyber-secure culture by continuously educating their staff and monitoring their third parties on how they manage and protect their customers’ and clients’ data. There can be a hierarchy of departments and leadership staff within an organization that has different responsibilities and data types that must be secured at all levels internally and externally in every business transaction for data at rest and in transit. Foremost, leaders at the top must set the tone and influence security awareness and the mindset of its people (NIST.GOV).
Leadership, planning and governance professionals are often the decision-makers and therefore they matter to the organization because, without them, the organization lacks direction and cohesion. These professionals must manage and mitigate overall cyber-related business risks. The information and systems they manage and own and use could include strategic plans, intellectual property and financial records.
Sales, marketing, and communication professionals are those who engage prospective and existing customers and drive awareness of products and services. They matter to the organization because without them the ideas and products and services may not sell, which will affect the bottom line of the organization. These professionals protect the brand, reputation and trust of citizens, customers and partners. The information and systems they own, manage and use may include customer data, partner data, contracts and customer support portals, to name a few.
Finance and administration professionals provide planning, forecasting, and accounting that support all functions within the organization and are critical to the survival of the organization. These professionals are responsible for ensuring that each part of the organization can pay for goods and services that operate within budget. They matter to the overall health of the organization because nothing can take place without financial health. The types of information and systems they own, manage and use may include financial performance records, budgets, tax filings and compensation and benefits information.
Finally, some forms of employee training, such as compliance training or safety training, can help organizations avoid lawsuits, workplace injuries, or other adverse outcomes.” So, as you can see, everyone, whether an individual, business, government agency, partner, or third party, is responsible for protecting private data and information, especially as a trusted fiduciary of other people's private details that could potentially get into the wrong hands and cause extensive reputational damage and possible physical and financial harm. We all have a role to play in securing the future of our economy and the health of our world. We must stay abreast of new security threats and be vigilant and ready at all times to combat bad actors who wish to harm us. If you need help with talent workforce development or cybersecurity awareness education and training contact me at www.certifiedcybersecuritycareercoach.com.
About the author: Sakinah Tanzil is a cybersecurity professional passionate about Science, Technology, Engineering, and Mathematics (STEM). She holds a Bachelor of Information Technology and Security, a Master of Science in Information Assurance (MSIA), a Master of Science in Software Management (MSCIS), and many professional certifications, including Certified Information System Security Professional (CISSP), Certified Information Systems Auditor (CISA), Network + Certified, and Internet and Computing Core Certification (IC3).
Over my 20-year cybersecurity career I’ve had the privilege to become industry leader. My varied career has given me an in-depth knowledge of the industry, from my work as an IT technician to my current role as CEO of STEM Coaching, LLC, which offers career coaching and advisory services to professionals entering the STEM field. My first book, Breaking the Cyber Code, was prompted by the growing opportunities in this exciting career field. In 2012, while in graduate school at the University of Detroit Mercy, I was asked to work on the newly created National Initiative for Cybersecurity Education (N.I.C.E) Workforce Framework. I mapped 52 Information Technology Work Roles to the appropriate functional tasks, skills, abilities, and knowledge (TSAK) desired for these newly defined jobs in cybersecurity. The resulting work [2] became the official publication reference document for describing the interdisciplinary nature of cybersecurity work (and workforce), and rest is history.
References
Tanzil, Sakinah (2020), Breaking the Cyber Code: A Game Changer That Prepares Our Workforce and Secures the Future, Sakinah Tanzil Executive Management Coaching. Amazon.com: Breaking the Cyber Code: A Game Changer That Prepares Our Workforce and Secures the Future eBook : Tanzil, Sakinah , A: Books
National Initiative for Cybersecurity Careers and Studies (n.d.), N.I.C.E Framework. http://niccs.cisa.gov/workforce-development/nice-framework
Cybersecurity is Everyone’s Job: Guidebook Release for National Cybersecurity Awareness Month, October 15, 2018 Cybersecurity is Everyone's Job | NIST
Association for Talent Development (ATD): What Is Employee Training and Development? | ATD
What Is Employee Training and Development? | ATD