101 uses for an Information Security MSc.

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 4 months ago)

57 views

101 uses for an Information
Security MSc.

Andrew Beard



2 years running First August


an Information and Corporate Security Security
Consultancy.



15 years in a variety of business and technology roles with PricewaterhouseCoopers
(with a common IT risk or Security theme).



Have recruited dozens of information security staff over the last 20 years.



While at PwC joint author of the Information Security Breaches survey between
2004
-
2010.



Worked with many Banks and Insurers as well as Main experience in the financial
services sector



But also worked with DWP and previously worked for
Telecomms
, Energy and Local
Government
organisations.



Have been involved with RHUL for about 15 years.











Background

2

Information Security related qualifications



Historical focus on technical knowledge and skills.



Wider range of related qualifications has emerged over the last 20
years (CISSP, ISO auditor).



Recognise new security (cyber) challenges



RHUL MSc. offers core skills and selective areas for depth



Becoming
more
important to employers.













Background

3

Why did you choose an Info Sec MSc.?

I’ve spoken with many former MSc. students over the years and their reasons
were wide ranging…….


“I wanted a qualification that I believed would help me get a good job in the Security industry”


“My company thought I needed a qualification to position myself as an Info

Sec expert”


“I saw a television
programme

on Cyber crime and decided I wanted to make it my career”


“I wanted to work in Security product Sales and thought I needed to understand”


“I believed that formal security qualifications were going to become a requirement to work in the
industry”


“I had a strong
Maths

background and wanted to become a cryptography expert”


“I wanted to broaden my understanding of Info Security, and gain a qualification that demonstrated
that breadth”


“I felt I needed ta qualification to become a CISO”

Where are they now?

Plus many other roles including:



IT audit



Law enforcement


a variety of roles



IT forensic investigators



CISOs



Security product development and support

Noted alumni

Linking your MSc. To a career choice

The RHUL course is structured so that compulsory (core modules) are
supplemented by selective modules.


You may have some guidance already, but if you have clear idea of a career
you want to follow, try and align your selective modules so they are
consistent.


For some security related roles,
organisations

expect non security specific
skills and you will need to balance those expectations if you want a career
rather than just a job……..


The right skills for the right career

Role

MSc.

skills and knowledge

Complementary

skills often required

Security consultancy

Varied: Core

skills almost always relevant and
t
echnical skills often

in demand. Specialist
skills e.g. cryptography, tend to attract
specialist salary salaries.

Analytical skills, business awareness, presentational
skills, clear report writing, people management, Wider

IT enterprise architecture awareness.

IT

risk assessment and

audit

Core

skills and information security
management skills often relevant. Breadth of
knowledge generally required but t
echnical
skills also

in demand.

Business awareness

(ability to answer the so what?
question)
clear report writing, risk management
principles. Understanding

of audit principles.
Regulatory awareness.


Security product
development/support


All aspects potentially relevant, but

specialist
areas often sought e.g. detailed network
security, mobile device security.

Market and commercial awareness
, strong project
management discipline.

Penetration testing

Depth of knowledge of
network, operating
system and database security, mobile device
security.

Naturally inquiring

mind (what if?), connected thinking,
(so what?). IT architecture and programming. Report
writing

Security

management
(Incl. CISO)


Core

skills and information security
management skills often relevant. Breadth of
knowledge generally required but t
echnical
skills also

in demand.

Business awareness, wider IT knowledge,

people
management,

risk management principles, effective
process development and management.


Cyber crime
investigations


Cyber crime course components. Network
security, database, operating system security.



General investigatory skills, understanding

of
motivation, some legal knowledge, particularly of
jurisdictional impact.


.
Some examples are:

Get the balance right and there are wide range of ……..

Opportunities!

With a wide range of
organisations..


…and public sector

In the private sector ….

In short, growing, reasonably well paid and no longer a restricted
career path.


It seems to be a growing market..


10

There’s a global element too

Globalisation, the erosion of perimeter security, and the outsourcing of back
office services has had a significant impact on security and security careers:



Organisations people, processes and technology are increasingly spread across
different geographical areas and management of security requires not just
alignment of the three areas, but recognition of different cultures and their
impact.



Remote access means that security activity (or activity that seeks to undermine
security) does not require physical presence.


So, if you use your MSc. enhanced skills to work for global organisations, You
may or may not have great travel opportunities, but you will definitely need
to consider other cultures and legal jurisdictions.

11

More than just a qualification….

You’re probably already aware of the high regard for the RHUL MSc. Apart
from the quality of the course that reflects the reach of the network which
RHUL has:



Strong links with industry and co
-
operative working ethos of the ISG "
Academia
and Industry in
Harmony”.



Partnerships with, inter alia


I4, ISF, IISP, CREST, OWASP, ISSG, HP (HP open day).



External lecturers with wide ranging industry and government experience.



UK academic centre of excellence in cyber security.


I’d encourage you do use it!

12

In summary


Business’s ever greater use and dependency on technology makes
information security more important than it has ever been.



The opportunities in information security are more varied than they
have ever been.



High quality, relevant qualifications are in demand and increasingly
expected by employers.



The value of your MSc. can be further enhanced if you consider some of
the types of skill some careers require.



Questions?



13