At Check Point, I am responsible for enabling National Channel Partners to drive sales and increase revenue by developing technical training programs for Partner sales engineers and security architects to keep them up-to-date with new technologies to prevent advanced persistent threats and zero day attacks. I work with Regional Channel Managers and Field Engineers to develop and execute strategies to implement new products across regions.
To effectively protect the cyber sphere, we need to harness the power of diverse perspectives. Diverse teams solve problems faster and are more innovative than homogeneous teams. They’re also widely recognized as critical in strengthening an organization’s cyber readiness, increasing employee and customer satisfaction, and better enabling organizations to achieve long-term goals.
In this interview, Cyber Talk speaks with Check Point expert Miguel Angulo about the topic of cultivating a diverse cyber security talent pool. Let’s dive in:
Can you share a bit about the trends related to diversity in cyber security?
In cyber security, diversity and inclusivity has been a much-discussed topic. Let’s begin by examining the state of the cyber security workforce. According to the ISC2 Cybersecurity Workforce Study 2022 (link), the gap in the number of cyber security experts continues to widen. At the time of reporting, there were an estimated 4.7 million cyber security professionals worldwide in this field. Despite the addition of 464,000 positions in 2022, there are an additional 3.4 million cyber security professionals needed to adequately safeguard corporate assets.
When examining the current threat landscape, the situation appears concerning as revealed by the Check Point 2023 Cyber Security Report. This report highlights a significant surge in phishing attacks, which escalated from 33% in 2018 to a staggering 86% in 2022. The rising volume of threats, the scarcity of cyber security experts, and the complexity of security measures are collectively leading to growing frustration among existing cyber security professionals. As a result, there is an urgent call for an increase in the cyber security workforce.
To ensure the effective safeguarding of corporate assets, it is vital to acknowledge and address the existing gender disparity within the cyber security field. Despite the current male-to-female ratio being 3 to 1, it’s noteworthy that the number of women in cyber security is on the rise, indicating a positive trend. In 2022, the global cyber security workforce saw a 5% increase in female representation, with women now comprising 25% of the total, as opposed to the 20% they represented in 2019. By placing emphasis on certification and education, women are not only making their way into leadership roles, but are also setting an example for other women and future generations to pursue a career in cyber security, where they can succeed.
Another trend in cyber security is the need for diverse skill sets, encompassing technical proficiency, risk management, and effective communication. Diverse teams in security operations (SecOps) and security operations centers (SOCs) are widely recognized as crucial for strengthening an organization’s security readiness. These teams, consisting of individuals from varied backgrounds, bring unique perspectives and innovative problem-solving approaches. This diversity is especially valuable in cyber security, where professionals combat global threats. It results in fresh insights that help analysts understand adversaries better, enhancing threat detection and response capabilities.
You’ve been part of some exciting initiatives! Would you like to share a bit about them?
When I’m confronted with the question, “How did you get started in the cyber security field?” it offers me an opportunity to recount my path. Nevertheless, conveying my story to a solitary individual is insufficient. I actively searched for a platform that would enable me to inspire a more extensive audience to contemplate a career in cyber security.
By collaborating with various nonprofit organizations like HISPA, ISC2 NJ Chapter, and We Are all Human, I’ve found the means to connect with people. Through HISPA, I engage with middle school students and convey my experiences as a cyber security professional. Through ISC2 NJ Chapter, I can mentor college students seeking to enter the field and professionals from other IT sectors looking to transition into cyber security. Furthermore, my involvement with We Are All Human allows me to reach the Hispanic community and enlighten them about the career prospects that cyber security offers.
What points do you make to young people to let them know that this is an interesting and viable career path?
Considering a career in cyber security offers numerous benefits. First and foremost, the field is in high demand, driven by the escalating frequency and complexity of cyber threats. This demand ensures job security, as skills are continually needed to safeguard data and systems. Moreover, the cyber security sector offers diverse opportunities, spanning roles from ethical hacking to risk management, appealing to various interests and skills.
Cyber security experts essentially serve as digital detectives, utilizing problem-solving skills and creativity to outwit cyber criminals, making it a dynamic and intellectually stimulating field. The competitive salaries in the industry reflect the high demand for expertise, which is particularly advantageous for young professionals.
Additionally, the global impact of cyber security is notable, as your work contributes to a safer online environment worldwide. Continuous learning is inherent in cyber security, making it ideal for those who enjoy staying current with technology trends. The field also offers an ethical dimension, allowing individuals to be the “good guys” in the digital realm, protecting privacy and security. Furthermore, the sense of community and collaboration within the cyber security profession offers the opportunity to learn and grow alongside experienced colleagues, making it a fulfilling career choice for young professionals.
How did you get involved in cyber security?
I held several roles in IT, from upgrading hardware on desktops and laptops, deploying Windows operating system, building custom Windows images, rack and stack servers for telecommunication companies and financial services, to cloud infrastructure, virtualization, networking, and backup operations. Given the numerous advantages cyber security offers, I found it to be a captivating career choice. I jump-started my career through comprehensive training, including participation in a SANS training boot camp, Security+ and Network+. I also recognize the significance of partner training, which allowed me to gain insights into cyber security while learning about specific vendor technologies and their approaches to safeguarding customers against cyber threats.
What advice would you give to people from underrepresented backgrounds who are interested in pursuing a career in cyber security?
There’s a common misunderstanding about the nature of cyber security. Many individuals envision cyber security professionals as solitary figures in dimly lit basements, surrounded by numerous screens, munching on Cheetos and sipping Mountain Dew, while writing code to breach networks. This portrayal often stems from the way the movie industry depicts cyber security experts. Even the adversaries in the field are often shown working in regular office settings, but that’s a topic for another discussion. Here, I’d like to offer some advice that I typically share with my mentees:
Do not get intimidated. Many individuals believe that a technical foundation is a prerequisite to launch a cyber security career, but this is a misconception. Cyber security primarily involves understanding the workings of technology as it evolves over time.
Network and Seek Mentorship. In the realm of cyber security, it’s a continuous journey, and mentors play a pivotal role in providing direction on commencing your cyber security career. They can offer insights on where to begin, recommend the suitable training and certifications, and help you steer clear of common pitfalls along this path.
Connect and Pursue Mentorship. Navigating the world of cyber security is an ongoing voyage, and having a mentor can help steer you in the right direction when commencing your cyber security career. They can advise you on how to initiate your journey, identify the necessary training and certifications, and help you avoid problems along the way.
Engage with local non-profit cybersecurity organizations. I highly recommend becoming a part of a nonprofit cyber security organization as a valuable step on your journey in the cyber security field. These organizations are composed of experienced cyber security professionals, many of whom serve as mentors or trainers dedicated to supporting individuals interested in entering the industry. They offer the tools and skills necessary for entering the workforce. These organizations are typically organized into chapters, and they organize year-round events to assist you in shaping your career. These events cover various aspects, including resume building, interview skills, training, and the opportunity to network with existing chapter members who are actively engaged in the field. Networking within these organizations provides a fantastic opportunity to gain deeper insights into the industry, understand certification requirements, and explore potential job openings.
Continuing education, training, and certification. Ongoing learning, training, and certification are essential in the ever-evolving realm of cyber security. Commit to continuous education, keeping yourself informed about the most recent trends, tools, and threats. Contemplate the pursuit of pertinent certifications and formal education in the field, as these credentials can boost your reputation and expertise within the cyber security domain.
Broadly speaking, how can companies create a more inclusive environment for professionals of diverse backgrounds?
In today’s workplaces, diversity, equity, and inclusion (DEI) have become a central focus. When I observe individuals who resemble me occupying positions at higher levels of the organization, such as directors, C-level executives, and board members, it instills a sense that the company is actively taking strides to establish a more diverse environment. This environment not only fosters opportunities for learning, personal growth, and voicing opinions, but also makes individuals feel valued.
Numerous blogs discuss best practices and initiatives for cultivating a more inclusive workplace. However, I’d like to emphasize a few key points. Firstly, organizations need to establish an inclusive atmosphere where every individual is treated with respect, granted equal empowerment to contribute, and provided with equitable access to resources and opportunities, regardless of their demographic characteristics.
To foster a greater sense of inclusivity, companies can begin by conducting a self-evaluation to gauge their current status in terms of diversity, equity, and inclusion (DEI). Establishing a baseline understanding of their workforce will reveal any disparities and enable them to take targeted measures to rectify these issues.
Senior leadership, spanning from C-level executives to the board of directors, must demonstrate their endorsement of DEI endeavors. In the event of a significant crisis occurring in a specific global region, it is crucial for the senior leadership to extend their backing to employees hailing from that area. This message should be conveyed not only internally but also externally, reaching both their customers and business partners.
Review your recruitment procedures to identify non-inclusive language in job postings. For instance, if you’re seeking a software developer proficient in Java, Python, or GO, but your job description mandates a college degree, you might inadvertently discourage qualified candidates who lack formal degrees. When job descriptions and hiring practices create barriers for certain groups, the organization will encounter challenges in attracting a diverse workforce. Ensure that the definitions you set for job descriptions and their associated requirements are in harmony with the actual expectations of the role.
Through their investment in Employee Resource Groups (ERGs), organizations provide employees with a platform to connect, share experiences, and contribute innovative ideas aimed at improving the workplace. Furthermore, supporting mentorship and sponsorship initiatives allows employees from diverse backgrounds to connect with seasoned mentors who can provide guidance and advocate for their professional advancement. Companies that actively encourage these internal mentorship and sponsorship programs not only enhance employee satisfaction, but also tend to retain their workforce for more extended periods.
What strategies do you recommend for attracting more underrepresented groups to cyber security at an early age?
Getting underrepresented groups interested in cyber security from a young age is a key step in fostering diversity. Here are some strategies:
Early Education Programs: Collaborate with schools to develop cyber security educational programs for students at the elementary and middle school levels. These programs can introduce cyber security concepts in a fun and engaging way.
Youth Cybersecurity Clubs: Support and sponsor youth cyber security clubs or organizations. These clubs can provide a safe and inclusive space for young individuals to learn and explore the field.
Mentorship and Role Models: Connect young students with mentors and role models from underrepresented backgrounds in cyber security. Seeing someone who looks like them in the field can be highly motivating.
Scholarships and Grants: Offer scholarships and grants specifically aimed at underrepresented groups pursuing cyber security education. Financial support can make a significant difference.
Hackathons and Competitions: Organize hackathons and cyber security competitions for students. These events can be exciting and provide practical experience.
Curriculum Integration: Advocate for the inclusion of cyber security topics in school curricula. Make it a part of the standard educational experience.