Throughout 2019, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity. This month’s edition features Aaron Johnson, Global Cybersecurity Governance, Risk Management and Compliance Leader at Dana Incorporated, as he shares his story about:
“When joining the Navy, they administer a standardised test called the Armed Services Vocational Aptitude Battery (ASVAB). ASVAB does not tell the individual what they are proficient in; rather, the test demonstrates where they may achieve the best results. I wanted to be military police officer. However, I was instead recommended as an electronics technician. While I had no prior electronics experience, I was eager to dive-into the experience.” Johnson’s early career as an electronics technician drove his desire to pursue computing and networking courses at university. “I had not initially considered cybersecurity; however, I connected with a government cybersecurity assurance professional in my network and they asked if I was interested. I jumped at the opportunity!” These are his insights. How would you characterise your role within the cybersecurity ecosystem? Johnson describes his role as the Cybersecurity Governance, Risk Management and Compliance (GRC) leader for a global manufacturing organisation. “The role of GRC can serve various purposes based on the company and the sector. The scope of the conversation can also elude to the differences between the role and responsibility of an enterprise resource planning (ERP) system GRC team and their Corporate Information Technology (IT) GRC counterparts. In this global organisation, I am responsible for cybersecurity:
In cybersecurity, we are laser focused to secure our environment leveraging the Confidentiality, Integrity and Availability (CIA) model in line with business expectations. This model is at the forefront of every governance-related decision. Our goal is to securely enable the business to achieve their goals and objectives.” How did you identify and explore various opportunities during your career journey? “I never had a pinpoint focus around what I wanted to do; however, I was always open to new opportunities. I may not have always had a specific target company when I was exploring the job market. Rather, I had a general idea of what I wanted to do and evaluated the needs of an organisation against my interests. I continued to find career-related success by leaning on my professional experiences, continuously learning new skills and leveraging the leading practices I had acquired during my journey. I leveraged ASVAB to apply a similar approach with cybersecurity positions – evaluate open roles and their requested skills or qualifications against my prior experiences and desire to continuously up-skill. While organisations may have targeted specific skills, I tailored my approach around my experiences to demonstrate my ability to adapt to numerous situations and learn quickly. I see many young people today that analyse if they are proficient in the skills advertised in a job application and refuse to apply if there is a mismatch. This may be less about a person’s proficiency, and rather their aptitude and curiosity to learn something new. If cybersecurity is an area of interest, I would first suggest gaining an understanding of the foundational components and ask how these apply to your current role as a student or working professional. A similar approach can be applied at home to drive more risk-aware behaviours. This approach has continued to open doors to new professional opportunities. This change in mindset is why I believe I have 30,000 cybersecurity professionals working side-by-side to deliver more secure outcomes for our business.” What, if any, information you would have liked to know starting out in your career? “I wish I would have started my IT education earlier. When I was younger, my grandmother would recall how my grandfather advised to ‘stay away from computers. They were just a fad that will go away. You did not want to find yourself working with something that would not be be around in 10 years.’ This was a wide-spread theory in the mid 1980's - computers were only a trend and would vanish in a decade. I stayed away from computers due to this pressure; however, I wish I would have started my learning earlier. Always pursue your passion and interests irrespective of your career path. This, in combination with your life lessons, education and experiences can serve as a cornerstone to any professional journey. Be prepared for any opportunity - you never want a road block like the lack of formalised education to prevent professional doors from opening.” What motivated you to pursue your passion? “I always had two primary motivations:
How would you suggest others new to the field get involved? “I have three recommendations for those pursuing opportunities within the cybersecurity space.
Cybersecurity is intriguing, in-demand and considered as an excellent career starter. Please be on the lookout for next month’s edition of Decoding Cybersecurity: Interview Insights with Leaders as the journey continues. Please leverage the comment box below to suggest future topics or guests, provide feedback or share with others.
1 Comment
|
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |