Discussing Cyber Security Talent with Mohamed Noordin, CISO at Circles.Life
Receiving his first computer at the age of 12, Mohamed remembers dialing up to access early websites known as bulletin boards. His earlier memories of interfacing with computers quickly turned into a passion for technology, in particular security technology with Mohamed buying security tools and building them into his bulletin boards.
With the advent of the internet, a whole new world of possibility opened up. After revealing vulnerabilities in a cinema’s website, Mohamed’s curiosity grew into a desire to help organisations secure their infrastructure applications.
After being called for his National Service and absorbed into regular service, Mohamed managed to ply his trade and work within cybersecurity. Sent to work at the Police Technology Department for five years on security auditing and consulting on mission critical projects as well as incident response. Keen to accelerate his career with his recently obtained Diploma, Mohamed moved straight on to get his Masters in Security before getting his CISSP and then taking the plunge into the private sector.
After sending out his CV and hearing nothing back, Mohamed knew he needed to start networking himself. Joining the Information Systems Audit and Control Association, Mohamed attended various events, seminars and even had to speak at one himself. Surrounded by senior figures in the Security space, Mohamed wanted to make as good an impression as possible.
Moving from the Police, Mohamed wanted to try his hand at security auditing. Working on internal auditing with Barclays Investment Bank, Mohamed then got an expatriate role with Qatar Petroleum. For 5 years, Mohamed worked on IP auditing and investigation. Taking this experience, Mohamed moved to accountancy giant KPMG. Working on the IP Security function at KPMG, Mohamed then moved on to Circles.Life to moving into the position of CISO – a position of leadership that Mohamed relishes.
Now more than ever, schools are relying on their online IT and ed-tech services to help with teaching and admin tasks. Staff can play a key role in keeping these IT services (and the information they access) secure and available.
However, a recent school cyber security audit showed teachers and support staff did not feel very knowledgeable when it came to cyber security. The survey highlighted an appetite for more staff training, and new resources to help bridge this knowledge gap.
The reality of the cybersecurity situation is that it’s constantly changing. In fact, security breaches have increased by 11% since 2018 and 67% since 2014. How do you teach something that is in a constant state of evolution? For Mohamed, the answer is a lot simpler than you may think.
“Tech education should start from a young age and security should be a part of that. Then it’sm about bringing the community together. I have 10 minute networking sessions to encourage individuals because I feel now we are very reactive. The question is what are we doing to engage people to have an interest before they need to?”
The Difficult Part is Working With People
When people think about a career in Cyber Security it’s usually the technology, the qualifications and the certifications that bring people reservations.
For Mohamed, it’s the people that provide the challenges.
“You need to have the right people skills and you have to be able to engage with your stakeholders. You need to take your curious and analytical mindset and translate that into language that everyone understands.”
An inquiring mind, good communication skills and the ability to listen and understand your clients’ challenges – these are skills that no certificate, degree or qualification can give you and are absolutely essential to driving organisational security change instead of taking a prescriptive approach.
For Mohamed, who often serves as the middle ground between the security tech and the stakeholders at the business, it’s key that a security professional become chief communicator.
The nature of security, confidential and sensitive, makes it hard to develop a mindshare culture. Whereas in engineering and opensource communities you’ll be able to find likeminded individuals who can help you reach your goals, in security it’s a bit more difficult.
“If I’m talking to other CSO, he will not be able to tell me anything confidential. This restricts the scope and hinders us from coming together as a community, as a group of senior leaders in cybersecurity, to share knowledge, not only from how cybersecurity works in your organisation, and from hiring perspectives but also from a threat analysis point of view.”