Learn the 3 pillars of cyber security risk management and leadership
If you want to effectively perform cyber security risk management training for any organization, you need to know what the organization’s end goal is, says Infosec Skills author Cicero Chimbanda.
“You need to be able to reverse engineer your cyber security program or strategy with the end in mind. You need to understand what the mission, the vision, the strategy and the goals are for your organization because you don't want to just plug in security and inhibit your company’s growth," says Chimbanda, a senior cyber security professional in the investment banking industry who recently released a series of Cyber Security Leadership and Management courses in Infosec Skills.
FREE role-guided training plans
His three pillars of cyber security leadership, based on the CIA triad, are:
- Security, which must be aligned with organizational strategy to provide confidentiality
- Trust, which must be aligned with regulatory obligations to provide integrity
- Stability, which must be aligned with operational excellence to provide availability
A leader or manager needs to recognize these as the foundation for cyber security, says Chimbanda. “Anyone that's in cyber security or wants to get in cyber security understands that is the deliverable: confidentiality, integrity and availability.”
Cyber Security Leadership — Get Started
Cyber security risk management training bridges the gap
A good cyber security leadership plan should align with your company’s goals and not inhibit your organization, says Chimbanda. That means you need to start with your end goal and work backward instead of focusing exclusively on security.
“If your security inhibits your actual end goal, then it's not security. It's just an inhibitor,” says Chimbanda. “These courses will help you align cyber security strategy with the organizational strategy.”
Cyber security leaders should be able to articulate how it benefits the business as a whole. “There's a chasm when it comes to cyber security and actual business value,” says Chimbanda. “Cyber security leadership has to be able to articulate security to those in the front lines — to the stakeholders, to the customers, to the employees.”
A good cyber security leader must be able to “in layman's terms, bridge the gap so that individuals understand not only how they benefit from it, but also how they're protected from it."
If someone doesn’t understand the significance of cyber security in their organization, they’re going to be less likely to follow through with good cyber security practices. On the flipside, someone who has a clear understanding of the role of cyber security is going to have an easier time.
Two roadmaps for cyber security careers
With cyber security careers, there are two main roadmaps you can take: depth or breadth.
You can either go down the route of being a subject matter expert or aim for breadth and the ability to move laterally. For Chimbanda, breadth means “you're basically the glue of all the other components that make up cyber security. You understand the business. You understand different roles, and you're able to be a conduit for cyber security.”
This is especially important if you want to be a chief information security officer. It's also important to understand all the different cyber security roles.
“You have your compliance experts. You have your managers for cyber security. You have your analysts. You have your intel. You have your forensics. You have your pentesters.” For cyber security leaders, Chimbanda says you need to ask yourself, “What do I need to do to help them get there? That includes understanding required soft skills, understanding people that are in mentorship roles, providing internships. There's a whole roadmap I use for that.”
What should you learn next?
Hands-on learning and diverse experiences
Chimbanda makes sure to gamify his courses wherever possible, rather than rely only on lectures and theory-centric content. “This helps students to have fun, compete within the teams and go to different levels,” says Chimbanda.
Having a diverse team in cyber security is also important because life experiences make a difference in how different people are going to approach a problem.
“Somebody might not be a guru in math or might not be a coder, but they may have other experiences that will help them in cyber security,” says Chimbanda. Those diverse experiences can be particularly beneficial at the leadership level.
Create your free Infosec Skills account to try his cyber security leadership training yourself.
- Expert instruction
- Hands-on labs
- Unlimited access
In this Series
- Learn the 3 pillars of cyber security risk management and leadership
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity