Build and implement solutions for nonprofits with Microsoft

You cannot go a day without a cyber incident followed up with a discussion about the shortage of InfoSec professionals needed. These incidents have a lasting impact and take years for organizations to recover and some close due to the magnitude of the event.  The brand reputation of an organization can last years, not to mention the financial loss. Target, Home Depot, OPM, and Equifax are prime examples of some of the more significant data breaches that come to anyone's minds when discussing cyber incidents.  

Many reports are indicating by 2021, there will be over 3 million vacancies in InfoSec globally, with over 500k in the US alone. Fortunately, there is a push to build up the InfoSec workforce; unfortunately, most of this effort is placed on K-12 students. There is a  large group of individuals that would be perfect for a career in InfoSec, public safety.  

Most public safety has 20-year retirements, allowing individuals to retire and start a second career. Twenty years in public safety create an individual that is well versed in crisis management, security, investigations, communication, and, most importantly the ability to learn new skills. These skills, combined with learning a more technical skillset, will be invaluable to organizations looking to fill vacancies in InfoSec. 

Foundationally physical security and cybersecurity are the same; the tools are different.  Nearly everyone in public safety has dealt with an event needing to be contained. Typically for a physical event (i.e., sporting events), you need a parameter around the incident comprised of a soft closure (limited public access) and a hard closure (restricted access) around an event containing that event. The restricted access is typically controlled by specific points in the hard closure allowing individuals to gain access to the event. After the individuals have been permitted access to the restricted area, they are continually monitored, ensuring they are not performing malicious actions inside the restricted area.  Even within the restricted areas, there are still parts that are off-limits unless an individual has the proper credentials.  In a cyber world, this event would involve firewalls, DMZs, IPS/IDS, SIEM, etc. 

Many larger organizations have Security Operations Centers (SOCs) as the first stop of a security incident. No matter the level of SOC analyst there is a level of investigation needed for any incident that may occur, no matter the size of the incident. Public safety individuals have been investigating incidents for at least 20 years and have developed the ability to report on the facts while identifying the root cause of an incident.

With a couple of certifications and a little retooling, public safety individuals would excel in nearly any InfoSec position. Public safety needs to consider developing the technical skills to enter into an InfoSec industry; at the same time, the industry needs to look at public safety as a viable source of InfoSec professionals. 

GingerSec can help prepare public-safety transition to a career in InfoSec. A public safety retiree is a perfect candidate to investigate cybercrimes.