Cybersecurity job trends: An interview with Eric Handy
As the CEO and general manager of Handy Information Assurance Solutions, LLC, it’s fair to say that Eric Handy is immersed in the art and science of cybersecurity. He began his path toward cybersecurity by earning an undergraduate and two graduate degrees, and achieved a string of IT certifications, namely the CISM, CISSP, CIPP/G and PMP. Eric is also part of the Mission Critical Institute (Mission Critical Institute) faculty team that teaches the Cybersecurity Graduate Program at Concordia University, St. Paul.
As a cybersecurity expert Having worked within information technology and healthcare, as well as with government agencies and Big 5 consulting firms, Eric knows the job market and how cybersecurity fits in to each sector. We interviewed him to get his take on trends in cybersecurity jobs, skills that employers are looking for and tips for becoming job-ready.
What do you see as the top significant areas of cybersecurity job growth in you’re industry?
Enterprise risk management, cloud security, privacy, and security program management
What are the top three hiring criteria you’re organization uses for cybersecurity positions? For example, what special skills do you look for? Are certifications important to the hiring process?
Our top three hiring criteria are:
1. Information security job experience
2. Formal information security education at the university level
3. Security certification (preferably the CISSP)
Information security job experience is also critical to gaining a client’s confidence that a resource can perform the job as required. According to (ISC)2, there are at least eight domains of security, so job experience gives you an idea of where best to position the resource in order to be successful.
Formal information security education at a university is also important. It provides insight as to whether the candidate has the necessary background to be successful in the field. In many cases, a degree also helps an employer determine which skills outside of information security that the resource could transfer to the position of need. For example, a person with an undergraduate degree in English and cybersecurity education or experience could serve as an ISSO System Security Plan (SSP) documentation writer.
A security certification is key because employers expect that it verifies specific skills and indicates a person can perform the duties assigned. In that respect, certification serves as assurance that due diligence was followed in the hiring process. In some instances, an organization can receive higher ratings for certified versus non-certified personnel.
How can a graduate degree in cybersecurity advance a person’s career in you’re organization?
A graduate degree shows that a person is willing to continue to learn and improve his or her skillset. It also indicates willingness to put forth the extra effort required to be successful. Because the cybersecurity has a rapidly changing risk and technical enviroments employers need candidates who can rapidly acquire new knowledge and apply it immediately on the job. As a result, when combined with other transferable skills, a cybersecurity degree can help an individual acquire a job even though he or she may have limited hands-on information security experience.
Most importantly, a cybersecurity degree often allows a job candidate to get a face-to-face interview. Once at the interview, the degree can be part of the candidate’s sales pitch as to why he or she is a great fit for the position.
How does Mission Critical Institute’s Cybersecurity Graduate Program offered at Concordia University St. Paul compare to other programs of its kind?
The Mission Critical Institute Cybersecurity Graduate program is one of kind. The curriculum is cutting edge. It focuses on NIST Special Publication 800-53 Rev. 4, and the cyber lab provides a simulated real-world experience for students. The program is taught by experienced practitioners who actually work in the field and understand today’s challenges regarding implementation of the NIST RMF into various environments.
As of this writing, there is no other curriculum in the world that addresses the NIST Risk Management Framework (RMF) to the level of detail that students experience at Concordia. For example, students learn how to create each of the NIST RMF documents. Most of the time they get this type of experience only through on-the-job training. As a result, students are job-ready once they complete the graduate program.
What is the best way for a person to move into the field of cybersecurity?
In my opinion, a person needs to acquire the following:
• Formal cybersecurity training at the university level
• Cybersecurity certifications, such as the CISSP, CISM, CAP and CEH
• Relevant cybersecurity training or job experience
Ready to plan you’re cyber career? Complete the Mission Critical Institute cybersecurity career planning tool.