Module 4: Engage with cybersecurity community

Welcome back! I’m Emily, and I’ve been working in security education
at Google for nearly nine years. My team works closely with our remarkable
security experts to craft innovative and engaging educational solutions for our workforce to keep
security at the forefront. I’ll be your instructor for the remainder of the course to discuss
important career-related topics, such as
how to engage with the security community, find jobs in the security field, create a
resume, and navigate the interview process. We’re approaching the end
of the certificate program, what an incredible journey it’s been so
far. We’ve discussed a lot up to this point,
including incident detection and escalation, and the roles that stakeholders
play in protecting an organization. We’ve also explored the sensitive nature
of the communications we share and strategies for conveying critical
information to stakeholders. But does the learning stop now that we’re
approaching the end of the program? Absolutely not! In the following videos,
we’ll identify reliable security resources you can use to stay
up-to-date on security news and trends. Then, we’ll share some ways to become
involved with the security community. We’ll end with a discussion
about how to establish and advance a career in security. Coming up, we’ll highlight some great
resources to help you stay current on what’s happening in the security industry.

As we approach the
end of our program, it’s important to start
thinking about ways to engage with the
security community. As the industry evolves, it’s essential to
stay up-to-date on the latest security
trends and news. Let’s discuss a
few good resources for you to review periodically. What excites me about
the security profession is the constant evolution
of the industry. Take the OWASP top
10 for example. Earlier in the program, we discussed the
fact that this is a globally recognized standard awareness document that lists the top 10 most
critical security risks to web applications. This list is updated
every three to four years, so it’s a great example of the evolving nature
of the field. Continuing your security
education beyond this certificate program
will help you stand out to hiring managers
and could give you an extra edge over
other candidates because it shows your
willingness to remain current on what’s
happening in the industry. A few well-known security
websites and blogs to get you started are CSO Online, Krebs on Security,
and Dark Reading. The CSO Online site
provides news, analysis, and research on various security and
risk management topics. Many CSOs view this site
for tips and ideas. It would be great
for you to review this publication
every now and then. Krebs on Security is an
in-depth security blog created by former Washington
Post reporter, Brian Krebs. This blog covers
security news and investigations into
various cyber attacks. Accessing the Krebs blog
is a good way to stay up-to-date on the
latest security news and happenings around the world. Dark Reading is a
popular website for security professionals. This site provides
information about various security topics like analytics and
application security, mobile and cloud security, as well as the Internet
of Things, IOT. Security is a constantly
evolving industry. As professionals in security, we must evolve with it by
seeking out new information. Be sure to explore a few of the websites and
blogs we discussed in this video to stay up-to-date with what’s
happening in the industry. Coming up, we’ll
discuss how to become engaged with the
security community and ways to establish and advance your career in security.
Bye for now.

I’m Victoria,
I’m a security engineer at Google. When I first applied for
a cybersecurity job, I felt overwhelmed. I was not a traditionally educated
in computer science applicant, I actually majored in biology. So anytime a recruiter saw my resume,
I would kind of get this little like fear that they would see that bio major and
say, why are you even applying? And just immediately disregard my resume. I would consider the team that
I work on to be very diverse. We have a lot of different people
from different backgrounds. One of the benefits that I feel from
having a diverse team is that you can have these different
perspectives on a problem. That if all of you had
the same background for, you might not come up
with this new solution. Having someone that’s new to the team,
maybe new to the industry, and having that perspective can really help to
make things more accessible for everyone. It’s important to continue to learn in
the field of cybersecurity because things change all the time. What was once a big threat a few years ago
might not be the same as it is for today. Trying to keep pace with how things
are changing all the time is something that is a core
part of my job role. To support my continued education
in security, I take courses, try to get certificates if I can along the
way, but a lot of it is just keeping up on current industry news, whether that be
a new blog post about a breach that has happened or a detailed analysis of
a new malware that has been released. Try to keep at least
a surface level knowledge of the different trends in the industry. I often go to BSides Conferences. These are smaller and
locally organized conferences. So you have more of a chance to interact
with your local security community, which is something you wouldn’t get at a huge
conference like, say, DEFCON or Black hat. Meeting people locally is a great way
to see what’s out there in your area, and meet other folks that are local
that you can talk to more consistently, that are also interested in security. Before I got into my role, I wish that I knew that it was okay
that you don’t know everything. You don’t have to know everything. You have teammates and other people that
can help you with areas that you’re weak in, so don’t feel stressed if you don’t
know everything there is about security, because no one does. Working in security is a lot of fun. A lot of things can happen. It’s never the same day to day. So if you like things that are dynamic and
always changing, then security is the right field for you.

Building Your Security Career Ladder: Connecting with the Community

Welcome, aspiring security champions! This tutorial equips you with the strategies to build a robust network within the vibrant security community, propelling your career growth. Remember, a strong foundation of connections can open doors to valuable opportunities, mentorships, and career-defining roles.

The Power of Community:

Imagine a vast jungle gym of knowledge and support, teeming with experienced security professionals. That’s the essence of the security community. By actively engaging with its members, you gain:

• Exposure to Cutting-Edge Trends: Stay ahead of the curve by learning from industry leaders and pioneers.
• Mentorship and Guidance: Seek advice and support from seasoned professionals who have walked the path before you.
• Collaboration and Knowledge Sharing: Bounce ideas off peers, brainstorm solutions, and learn from diverse perspectives.
• Job Opportunities: Network with potential employers and discover hidden gems through community connections.

Building Your Network Ladder:

Level 1: Social Media Savvy:

• Follow the Trailblazers: Identify and follow CISOs, security researchers, and thought leaders on platforms like LinkedIn® and Twitter. Engage with their content, ask insightful questions, and participate in discussions.
• Connect with Your Tribe: Search for security analyst groups and communities on LinkedIn® and Facebook. These platforms offer excellent opportunities to connect with like-minded individuals, share experiences, and learn from each other.
• Join the Conversation: Actively participate in online discussions, webinars, and conferences related to your area of interest within cybersecurity. Showcase your knowledge, ask questions, and build your online presence.

Level 2: Beyond the Screen:

• Seek Out Associations: Research and join professional cybersecurity associations aligned with your career goals. These organizations often host events, workshops, and networking opportunities that connect you with industry experts and potential employers.
• Volunteer Your Expertise: Offer your skills and knowledge to volunteer projects within the community. This could involve contributing to open-source security initiatives, mentoring junior professionals, or speaking at security meetups.
• Attend Industry Events: Immerse yourself in the vibrant atmosphere of security conferences, hackathons, and meetups. These events provide invaluable networking opportunities, allow you to learn from industry leaders, and showcase your skills to potential employers.

Level 3: Building Lasting Connections:

• Nurture Relationships: Go beyond initial introductions. Engage in meaningful conversations, offer help and support to others, and actively build genuine connections with individuals within the community.
• Seek Mentorship: Identify experienced professionals you admire and approach them for mentorship. Express your interest in learning from their experience and seek guidance on your career path.
• Become a Contributor: Share your knowledge and expertise by writing blog posts, presenting at conferences, or even starting your own security-focused podcast or YouTube channel.

Remember:

• Authenticity is Key: Be genuine and transparent in your interactions with the community. People connect with those who are true to themselves and passionate about security.
• Give Back to the Community: Actively contribute to the community by sharing your knowledge, helping others, and supporting initiatives that advance the field.
• Continuous Learning: The security landscape is ever-evolving. Stay committed to ongoing learning and skill development to remain valuable and relevant within the community.

By strategically building your network within the security community, you open doors to a world of possibilities. Embrace the power of connection, nurture relationships, and watch your career ladder reach new heights!

Additional Resources:

• SANS Institute: https://www.sans.org/
• OWASP: https://owasp.org/
• International Council on E-Commerce Consultants (EC-Council): https://www.eccouncil.org/
• Black Hat: https://www.blackhat.com/
• DEF CON: https://www.blackhat.com/us-23/defcon.html

Start climbing your security career ladder today! Build your network, embrace the community, and let your passion for security guide your مسیر professional journey.

Earlier we discussed the importance of
staying up-to-date on security trends and news. In this video, we’re going to share ways
to establish and advance your career in security by connecting with people
who are already in the industry. Social media is a great way to connect
to other security professionals in the industry. However, it’s important to be mindful of
the information you share on your social media page and when responding to
messages from people you don’t know. With that in mind, let’s discuss ways
to effectively use social media to establish or advance your security career. One way to use social
media is to follow, or read the posts of, leaders
in the security industry. Chief Information Security Officers, for
example, are great individuals to follow. They often post interviews they’ve
done in the security space and share articles they’ve read or
contributed to. Here’s a question you
might be asking yourself: How can I find CISOs to
follow on social media? The best way would be to conduct an
internet search for the name of the CISO of a popular organization or an organization
you’re interested in working for. After you find their name, you can simply
go to a social media site to look them up. Ideally, you want to use LinkedIn® when
following security professionals. That’s because the LinkedIn® platform
focuses on connecting professionals with other professionals in the same or
similar field. Another way to use social
media to establish or advance your career in the security
industry is to connect with other security analysts currently employed in the field. On social networks like LinkedIn®,
you can find security professionals by searching for cybersecurity
analysts, or a similar search term, then filtering for people and people
who talk about #cybersecurity. Once you’ve found other professionals
you’d like to connect with, you can send a connection request
with a brief comment such as: Hi, I’d like to connect to
learn more about why you became interested in security and
your experiences as an analyst. Additionally, you can set your
filter to locate events and groups that focus on security
related topics that interest you. While social media platforms
like LinkedIn® are excellent for connecting with professionals, some people are more comfortable with
being active on social media than others. For those of us who aren’t very active
on social media, there are other ways to connect with security professionals or
find mentors in the industry. Joining different security associations
is a good way to connect with others. There are many associations out there, so you’re going to have to do a little bit of
research to find the best ones for you. Here’s a tip! In your internet
search engine, type: cybersecurity industry associations. This search term will populate
a variety of different associations, so be sure to select ones that align
with your professional goals. Now that we’ve discussed ways to
engage with the security community, consider following a CISO on LinkedIn®,
connecting with other analysts, or searching for
cybersecurity organizations to join. That’s all for now.
I’ll meet you in the next video!

[MUSIC] Hi everyone, I’m Sarah and
I am a senior program manager on Google’s privacy safety and
security engineering team. One of the communities I’m most
involved in is a group called Women in Cybersecurity. And so I found that community really
helpful to me when I first joined because, I felt super new and slightly overwhelmed. I listened to a lot of their webinars, I kind of look in on
their forum board, now I always attend their conference and
actually I just joined their board, which I’m super excited about. One of the things that I find
most exciting is that ability to be within cybersecurity
without this long history. I don’t have a computer science degree, I
don’t have a masters, I don’t have a PhD. But through networking and figuring
out where my areas of interest lie, I actually was able to get into this field
and grow and advance within this field. I’ve really found that, it is a welcoming
community that is looking and needs more people to be a part of it. There’s a huge range of people that are
coming into this again with the big wide range of experiences, and
I think everyone has found or is exploring what their passions
and the areas they want to dig in. Networking is really important to be able
to meet peers who might be at the same stage as you or people who might
have hiring opportunities. I definitely recommend connecting with
your peers in the certificate program, it’s a great form of motivation for
yourself and to motivate others. Having these points where you’re either
talking about the specific content or just doing a check in is
going to be really helpful for you to continue through
the course program and to help others continue through
the course program as well. There’s also the series of conferences
that exist called BSides. So these are super informal security
conferences that take place in communities around the world.
Many also have virtual components. They’re kind of a fun
place to meet people. A big piece of advice is,
to not let yourself get overwhelmed, and don’t feel nervous that you don’t know
all the answers, because you know what, nobody knows all the answers. It’s okay to come into this with not
a ton of background in computer science, not a ton of background in tech and still,
you will bring value to the field.

Great job! Now you’ve had an opportunity to learn about
different ways to stay engaged with the security community. Let’s take a moment to
review what we’ve covered. First, we identified
reliable security resources. Then, we discussed different ways to
engage with the security community. We also explored the usefulness of social
media to connect with other security professionals and stay informed
about current topics of interest. Finally, we shared ways to establish
and advance a career in security, including following a CISO on social media
or joining a professional organization. We’ve come a long way in this journey. You should be proud of your progress and
how far you’ve come. I’m certainly proud of you. In the final section of this course,
we’ll take the time to prepare you for the job search and interviewing process. How exciting is that!?