I am excited to announce that, starting in Spring 2021, I will be pursing an online Graduate Certificate in Cybersecurity Management at the Auburn University Harbert College of Business. This is in addition to my work towards a Master of Business Administration degree, which began in Spring 2020. I expect to receive this certificate in Summer 2021, and to graduate with my MBA in Spring 2022.2
During this program, I will learn to assess an organization’s risk exposure and implement effective security measures, policies, and contingency plans. I will have the necessary knowledge to obtain the CISSP, CISA, or CRISC professional certifications, which I may choose to pursue, depending on the individual requirements for each.
I have been interested in information security for about 8 years, ever since first discovering the Security Now podcast with Steve Gibson, which introduced me to many important concepts in the domain. I have worked with encryption technologies, building a few experimental products, and took my first class on the subject in 2016 (Network Security, University of Alabama in Huntsville). This knowledge has been beneficial to me in the past, translating into a job offer at a security startup in 2016 (which I did not accept, but seriously considered), and experience that I can leverage in everyday Software Engineering work.
My goals in the near term include expanding my skillset to adjacent areas that bring value to work that I already do. I believe in the talent stack: the idea that it is better to be moderately good at several related things than to be very good at one individual thing. My talent stack is built around product development; design, engineering, business, and security are several of the most important fields that contribute towards that effort. I know a little bit about all of those things, which at the very least helps me identify key issues and communicate with subject matter experts, and in many cases allows me to fill in, engaging experts only for any questions that require deep, specialized knowledge in the area.
In the long term, I may aim for positions in Product Management, or even executive leadership of technology (CTO, CIO). Having such a broad skillset positions me well to either keep doing what I do now with more context, or transition into fields that have a larger scope of responsibility in an organization. As discussed in an earlier post, I can expect a long career ahead, so the earlier I make these investments in myself, the greater total dividends I will receive over time.
Why not Cybersecurity Engineering?
I also considered pursing a Graduate Certificate in Cybersecurity Engineering, which is offered by Auburn University’s Samuel Ginn College of Engineering. I received approval to pursue either as part of my MBA, but I decided to study the management aspects of Cybersecurity instead for the following reasons:
- Overlap: I already have some practical knowledge in the technical aspects of security, gained from Software Engineering work, the Security Now podcast, and an undergraduate course in Network Security, so Cybersecurity Engineering coursework wold overlap more with what I already know.
- Relevance: A certificate in Cybersecurity Management prepares me for many important aspects of Cybersecurity work that are often overlooked, and most useful to those who work in adjacent fields like Product Management, or in leadership positions like CTO. I also want to learn about Risk Management, which is one of the more important responsibilities of any leader.
- Longevity: The CISSP exam is said to focus more on the business side of cybersecurity than the technical side, and for good reason: individual cyber threats change very quickly, but the theory on how to mitigate against them is more fundamental. I will continue to learn about the field even after getting a certificate, but I expect my knowledge gained during this time to bring value to me for a very long time.
Progress Update: MBA Coursework
I have completed 3 of the 13 courses required to earn my MBA, with a total grade point average of 4.0. Completed classes include:
- Marketing and Consumer Behavior: a course in how firms interact with markets, creating and selling products that consumers want to buy.
- Organizational Leadership, Ethics, & Change: a course in the management of organizations and teams, including material on how to hire, empower, engage, motivate, and evaluate the performance of employees.
- Information Systems for Competitive Advantage: an in-depth study of how companies establish and defend market leadership, and the critical role of technology in modern firms.
This semester (fall 2020), I am taking the following courses:
- Financial Analysis: a course in corporate finance, which studies methods for managing a firm’s investments, capital structure, and cash flows.
- Supply Chain, & Quality Management: a course in synchronizing a firm’s supply and demand, ensuring the on time procurement, manufacture, and delivery of quality products to customers.
I will be taking the following courses between Spring of 2021, and my planned date of graduation in Spring 2022. The exact plan may change based on course availability.
- Spring 2021
- Information Technology Auditing
- Security & Information Assurance
- Summer 2021
- Quantitative Analysis
- Information Risk Management
- Fall 2021
- Project Management
- Strategy & the Competitive Environment
- Spring 2022
- Cost Analysis & Systems
- Capstone Project
The most exciting part of the journey ahead, to me, is the prospect of learning new things. As I expand into new fields, instead of shrinking away from these challenges, I approach them head on. And so far, it’s working out well.
I probably won’t move into security work full time. But I will learn more about it, and this will help me make better products, which ultimately delivers value not only to a firm, but its customers too. The data we process, after all, belongs to people too, and as software becomes ever more a crucial part of our lives, I hope to see security and privacy maintain a vital role, so that we can all feel comfortable in the knowledge that our data is in good hands.