As part of Cyber Security Awareness Month, explore the career experiences of four Aon’s Cyber Solutions employees helping businesses navigate the ever-evolving cyber threat landscape in North America.
Dynamic, rewarding, opportunity, critical, essential…are just some of the words used when four Aon’s Cyber Solutions team members were asked to sum up their career in cyber security. For anyone looking to work in an industry that needs skills drawn from all walks of life, it’s clear that cyber security is much more than a one-dimensional role. Read on to find out what they do, why and how they do it, and how you could also build a career in cyber security.
Working in cyber security…
Many people see cyber security as “frightening,” says Katharine Hall – Canadian Cyber Practice Leader/ Professional Liability Broking Leader, “but it’s not. The space is exciting; fast-paced; it’s never the same day twice, and it’s extremely dynamic.” And, puncturing another cyber myth, neither do you need to be a computer scientist to be a part of it. “There are so many different facets to this business – you don’t need to know how to build a firewall, but you need to know the route around it,” says Katharine who found her career route into cyber security via a happy combination of “curiosity and fate.”
Much like Stephanie Dingman – Managing Director for the US Cyber/E&O Broking team, who also arrived in cyber security by taking an opportunity that came her way and revealed the broadness of the industry: “The technical skills on the broking side are more around the insurance policy language than the security controls. It’s a willingness to learn and grow, and be curious and help clients solve their problems.”
Fronting up to the challenges and enjoying the rewards…
And these aren’t just any problems, adds Noah Rubin – a Director in Digital Forensics and Incident Response: “People come to us at their worst moments. Their business is on the line and they need help. Part of the challenge is doing forensics and trying to figure out what’s going on, but it’s also about being a good listener so you can both remediate technical issues and make them feel better about their situation.”
It’s a view shared by Emmy Friedler – an Analyst in the Office of the CEO, Cyber Solutions North America, who sees the challenge as having to “figure out where to prioritize and focus my time.” But she enjoys helping people when they’re having their worst day and solving problems that they can’t solve themselves. “Knowing that I’m contributing to something people need, I find really rewarding.”
There is no typical day…
It’s clear too that there is little room for boredom with a career in the cyber security world. “You never know what’s coming at you in a given day. You need to be able to pivot,” says Stephanie, who thrives on the variety. “I remember asking my daughter who was eight years old at the time what I do for a living and she said, ‘you solve problems.’ I feel like I do more and more of that in this market where cyber insurance costs for our clients are increasing.” That also means a lot of talking adds Katharine: “I spend most of my time talking to clients about what is happening in the market, what their cyber risk looks like and why they need to mitigate it. If I’m not talking to clients, I’m trying to build solutions with my broking team. It’s not just me in my own country, we’re talking about developing solutions across the globe which is super exciting.”
Tackling the big cyber security concerns…
That fast-changing nature of the risk means that the threats are constantly shifting says Noah: “Fraud through business email compromise and ransomware, are huge concerns because of the amount of money that can be lost in a single incident.” This means that cyber security can’t be seen as an afterthought, Noah adds. It can’t be just the responsibility of one corporate stakeholder either. “The risk manager needs to be in contact with legal, with the CISO, with the CFO, CTO – all stakeholders need to be engaged in security,” says Emmy.
There is also a lot of work to do around general cyber security awareness. “I get concerned about how many companies are weak links for the bad guys,” says Stephanie. “Many don’t have the budget or inclination to make themselves decent risks. Some say cyber insurance is too expensive and won’t buy it – that’s fair enough if they invest more in better controls and improving their cyber security. But there are so many who can’t quite keep up with the protection of their technology.” And it’s been even more of a problem since the pandemic. “It got intense when people started working from home and technology was implemented faster than the security controls could be put in place. It was like companies closed the front door but left the back door open, and the security gap has gotten bigger,” warns Katharine.
How to get into cyber security…
If this feels like a career that appeals, Stephanie has some great advice: “Go for it. There is so much room for people who are eager to learn, who are curious, have learning agility and want to roll up their sleeves. Cyber security is a huge challenge for the global economy – if you can help with it, the sky is the limit.” And don’t feel constricted by a lack of technical knowledge either. “There is a place in the industry for every skillset and every personality type. Don’t be afraid. I’ve never met a larger group of people around the globe who are interested in helping you learn. This is a very supportive community,” says Katharine.
One way into the industry for students, advises Noah, is to take advantage of security-related coursework to get exposure to the various aspects of cyber security and better understand what might be of interest. “Otherwise, a good way to start in cyber security if you don’t have much experience is in a junior-level IT role – something like a SOC (security operations center) engineer, which will give you really good experience of what it takes to defend a network. That can make you a better defender or attacker,” says Noah.
Being proactive is key says Emmy: “Find a company you think is interesting and a job that fits your skillset, and take every learning opportunity you can from there. There are so many opportunities to get your foot in the door and transition into a more technical role or advance in the non-technical side. You can get into the industry from almost any background.”
But whether you’re a new graduate or an industry veteran, the speed of change in the industry makes it a great leveler. “We’re all learning together. It’s a young, fresh exciting place to be in,” concludes Stephanie.
About Cyber Solutions
Aon’s Cyber Solutions offers holistic cyber security, risk and insurance management, investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.
Visit our Careers page to learn more and to view our current vacancies.