There is no shortage of opinions on cybersecurity roaming the internet, as one of the fastest-growing industries only looks set to increase its hold over life as we know it. Slated to generate over $100 billion annually by 2020, opportunities for cybersecurity professionals demand a certain skillset that only the few have mastered. For those working in IT Audit, now is the time to retrain your expertise to align it with the wonderful world of cybersecurity where your experience with internal controls, risk assessment and knowledge of hardware, software and data will make you an asset in cyber defence.
Considering specific skills and the experience of judging data from a technical standpoint, an IT Auditor moving into cybersecurity brings certain insights to the table. Possessing a passion for technology is undoubtedly an asset for a transitioning IT Auditor, however where this needs to evolve when making the move to cybersecurity is taking it beyond the mechanics of coding and system configuration to achieve complete familiarity with exactly what you are protecting and where its vulnerabilities originate.
This goes hand in hand with committing yourself completely to the pursuit of continued self-education in the field. Subscribe to mailing lists, root out credible news sources and websites that serve to keep you up to date and informed on the evolution of cybersecurity. Cybersecurity is undergoing constant development which requires candidates who are willing to be flexible and innovative in their thinking and actions. A useful bridge between IT Audit and cybersecurity would be to get involved in cybersecurity projects within your organisation, exposing you to the realities of working within the sector.
While there are many overlays between IT Audit and Cybersecurity, there is a core difference in the focus each area applies to business. Company infrastructure and complying with regulatory measures is key to the objectives of the IT Audit function as they evaluate an existing internal control structure to reduce the risk to the enterprise. Meanwhile, although cybersecurity analysts are examining the same areas it is with a different set of priorities. Their aim is to prevent threats in order to protect the organisation’s systems, physically and electronically via continuous monitoring, penetration testing, ethical hacking and vulnerability assessments.
The shadow of a skills shortage looming over the cybersecurity industry makes for ripe opportunity for those with the expertise employers are desperately seeking, whether they come from a technical or IT background or not. However, while there may not necessarily be one clear path to a career in cybersecurity, IT Audit is a strong contender as a beneficial Launchpad into the space. Recruiters advise to spend at least a year working in IT Audit as it enables you to build up the relevant experience and understanding of a company’s infrastructure in the guise of analysis and evaluating where valuable changes can be made or improved upon. As you move into cybersecurity, this knowledge will better serve you in making the right judgements on detecting and preventing cyber-attacks and making your enterprise as cyber-resilient as possible.
From technical expertise to proficiency in areas such as project management required to implement the release of new software or hardware, an IT Auditor transitioning into cybersecurity must be aware of the fine balance between hard and soft skills. Negotiating network issues and database management as effectively as informing departments at all levels of the business of the processes and procedures needing to be introduced, are the cybersecurity skills employers are looking for.