Good choice - There are an estimated 3.5 million unfilled jobs in cybersecurity worldwide right now and the position of cyber risk analyst is on the cutting edge of career choices, as more organizations wake up to the realization that effective cybersecurity starts with solid (and quantified) risk analysis.
Let's talk about three things you can do to help you become a Cyber Risk Analyst. But first…get acquainted with Factor Analysis of Information Risk (FAIR™) the risk analysis method that’s changing the industry’s entire outlook on cybersecurity risk. Read a quick introduction in the eBook by Jack Jones, creator of FAIR, An Executive’s Guide to Cyber Risk Economics, then invest in Jack’s book, Measuring and Managing Information Risk. If you’re an undergraduate, your school may offer the FAIR Institute’s University Curriculum.
1. Review how you think…
From what I have seen, it’s not always about how much education you have but more so your ability to critically think through a problem. Lets look at an example modeled on the philosophical trolley problem:
As a risk analyst, should you be worried about the company’s bottom line or about how many customer records would be affected in a breach? Or in other words do the needs of the one (company) outweigh the needs to the many (customers)?
The answer is, it depends. Being able to break down a problem is the important part. If you can successfully decompose the scenario causing the breach you can help the decision maker answer that question, especially by putting it in quantitative ranges.
Watch this video on creating a risk scenario.
2. Assess what you know…
Continuous improvement is a hot trend right now. As a risk analyst, it important to be able to know and communicate your expertise. As alluded to before, that doesn’t mean you need a specialized degree in a particular field but learning new things about cyber or a new skill set does help. In cyber, it could be as simple as a certification or training (like FAIR training) or learning how to present effectively to executives. Taking steps to develop those “soft skills” is always a good idea. It could even be as simple as checking out various blogs or podcasts on risk.
3. Connect with others…
In the end, be open to what you don’t know. Especially if you are just starting out. To take a quote from Jerry Colangelo former owner of the Phoenix Suns:
“Be a sponge. Spend as much time as possible with people who truly know their craft and be a great listener. That is how you learn!”