During my tenure as an IT auditor, I became familiar with other related areas in the industry. The areas that fascinated me the most were cybersecurity, risk, and compliance. I was drawn to these areas as I was able to use my IT audit experience to design custom solutions to comply with regulations and standards.

I started my career as an IT Auditor with one of the big four accounting firms and realized that implementation was more interesting and enjoyable to me than auditing. I wanted to be on the other side of the table so I decided to change my career path. Since that time, I have worked in different positions in cybersecurity, risk, and compliance. These are very interrelated areas and I am using all these different experiences to assist me in my current role.

I was responsible for setting up from scratch the cybersecurity management foundation for my previous employer. This project was really challenging and I honed my technical skills with hands-on experience. The organization successfully passed regulatory examinations and obtained a banking license.

A thirst for continuous learning, teamwork, analytical thinking and communication skills are crucial for this field.

Anyone interested in the cybersecurity field should read security standards, frameworks and best practices to build a foundation on cybersecurity risk management. They should join professional associations like the Information Systems Audit and Control Association (ISACA), the International Information System Security Certification Consortium (ISC)² and also obtain relevant certifications, like Fortinet’s Network Security Expert (NSE) certifications. There are many subfields under cybersecurity, and it would be better for them to select one and specialize in the field of their interest.