How did you get into cybersecurity? Starting in 1993 I was watching the X-Files and thought it was...
From finance to cybersecurity GRC: Steve McMichael's inspiring career shift in 2020
How did you get into cybersecurity?I made a mid-career transition from Finance to cybersecurity Governance Risk & Compliance (GRC) in 2020. Some catalysts were:
- learning that it’s a private-public partnership to fight crime, espionage and war in the fifth domain of cyberspace ( I can't think of a more compelling mission),
- growth in mainstream headlines of the cyber crisis, skills shortage and advances in technology,
- a mentor program at work.
I signed up for a “Your Cyber Path: Get Your Dream Cybersecurity Job” course, learned what GRC is, found a surprising amount of overlap in transferable skills coming from Finance and the rest is history.
Tell us about your journey, challenges, people, programs or companies who helped you?
A key barrier that prevented me from applying to cybersecurity roles earlier was the myth that it requires a computer science degree, technical diploma, or 10,000 hours of hands on keyboard IT administration experience. Mentors and coursework eventually busted that myth, helping me understand that while a respect for technology and a continuous learning mindset are paramount, cyber risk is a business problem that needs diverse skills to solve.
Tell us what you believe others need to do to succeed in cybersecurity.
If you have grit, a continuous learning mindset and an understanding of the business outcomes that need protection in cyberspace, you’ll go far. Other key success factors include making contributions, networking, mastering professionalism, understanding the business and finding your passion.
Tell us something interesting about yourself and how that makes you who you are.
I spun up a hobby YouTube channel this year with a mission to:
- create approachable, actionable security awareness training for my friends, family and the general
- address the skills shortage with advice to help people with business or non-IT profiles like mine
cross over, and
- translate between the language of business and the language of technologists.
https://www.youtube.com/@cpatocybersecurity/ I drew some inspiration from CISA’s call for
evangelists to close the security awareness gap.