Public Safety to Cybersecurity, from a friend of GingerSec

Reasons why Infosec is a good job for prior law enforcement: 

 

1. The ability to articulate 

 

Summarizing your probable cause for 4 felony charges based off of one DUI stop into one sentence is a skill that takes years to master, and can transfer well into other fields. The complex, technical nature of cyber investigations demand this ability, and it is sorely lacking in the technical workers in the industry. 

 

2. Report writing for an investigation 

 

This goes hand-in-hand with the previous point, but reporting your findings in a logical manner is another skill that's highly valued. The first time I documented my findings from a phishing attack our organization had fought, my manager read it while yelling, "THIS IS SECURITY PORN!!!" 

 

No, it's just a report detailing the incident. But that's such a foreign concept that's so highly valued, it's easily worth close to 6 figures, if not more. 

 

3. Slowing your roll 

 

We've all been that rookie who gets way too excited about every toned outcall, but hopefully, we grow out of it. That ability to slow down and get all the facts before rushing to judgment is critical. The first time I saw the Emotet spam campaign hit us with thousands of unique, custom-tailored phishing emails, some of us were convinced this was an advanced nation-state attack. No, it's not. Slowing down and getting all the facts before hitting the big red button is something you learn from experience and feeds your intuition. Again, this is something that comes from your current experience skillset and takes years to develop. 

 

This also feeds into prioritizing. There will always be more issues than resources to fully investigate them. By slowing down and understanding the threats we can make the best decision possible. 

 

4. Risk Management 

 

You've been doing risk management your entire career. Juggling competing priorities of ethics, liability, legal considerations, case law, and the whim of your lieutenant is a balancing act you've managed to figure out. These are all risks, and the ability to find a path forward and make decisions considering the myriad of factors is an example of managing risks. 

 

The cyber-world has the same demands, although the consequences are counted in dollars per minute. I've heard examples from colleagues in the e-commerce world who rate downtime in terms of $100,000 increments per X seconds. Evaluating competing business priorities is a complex thought experiment. Being able to articulate that in a succinct manner requires all of the previous skills. 

 

5. Doing a good, defensible, investigation 

 

You're used to doing an investigation and answering the questions that are bound to come up. You're used to defending your work in an adversarial environment and making your case, so you're accustomed to asking yourself the questions you're bound to encounter that will call into question the thoroughness of your work. 

 

This includes evidence collection. On numerous occasions I asked colleagues about ongoing issues and asked for logs, to which I was told, "Well, we never saved any." This, of course, is unacceptable, and illuminates the underlying issue: they don't understand how to support their statements. 

 

By approaching technology with a mindset that has been through litigation and the courts, you're fundamentally better prepared to defend your work and back up your statements. The first time you present something to HR complete with a synopsis, narrative, screenshots, and timelines, it will blow their minds. 

 

6. Learning deeply nuanced and technical work 

 

One of the biggest excuses I've heard from family and friends is that "they can't do that nerd stuff" and "it's too technical." 

Did you memorize a series of Title 28 and Title 13 statutes? Their underlying elements? The difference between negligent and intentional? 

 

Did you memorize probable cause? 

 

Have you maintained a running list of statutes the county an attorney is issuing felony waivers for this week? 

 

You can memorize some ports, what they do, and the attacks associated with them. Easy. This is just a continuation of the skills you already have. 

 

That skill is the ability to learn and be dynamic in your thinking. 

 

The only constant in law enforcement is changing, and this is just as true in the cyber world. These are all conditions and dynamics you're already accustomed to. 

 

7. There are fridges and bathrooms 

 

At my first cybersecurity job I was shown where the refrigerators were and the bathrooms on the first day. And then it hit me: I can go hit them whenever I want. I could just get up, get a refill of water and go to the bathroom, as soon as the urge hit. It was amazing. 

 

Coupled with today's remote workforce and this is amplified: now you can work from home. The benefits are as good as they sound, if not better. Trust me on this one.