What has been your career path?
After completing my bachelor's degree in software engineering, I realized that sitting behind a desk programming and designing software wasn't fulfilling for me. Seeking a more hands-on approach, I explored the hardware side of computer science and completed courses such as CompTIA A+. I also spent time in server rooms observing a colleague control traffic through firewalls and monitor internal communications. It sparked my deep interest in network security. To further my knowledge, I took CCNA and CCNP classes, learning how to configure Cisco routers, along with some Microsoft courses on server administration and Active Directory. The ability to control and eliminate specific behaviors fueled my curiosity so I earned a master's degree in Information Systems Security at Concordia University. There, I delved into cryptography and security. Afterwards I entered the consulting world, where I spent seven years at Deloitte, EY, and KPMG working on diverse projects. This journey has led me to work at Microsoft as a cybersecurity professional.
How has the field of cybersecurity evolved and what are your predictions for the near future?
There has been a shift towards automation and proactive threat detection. For instance, the use of AI and machine learning has become integral in identifying and mitigating threats more efficiently.
We are witnessing the expansion of cybersecurity roles, such as cybersecurity data scientists, to address the evolving threat landscape. The field is dynamic, with new threats emerging almost daily and technologies continuously evolving to counter these threats.
Cybersecurity professionals now need to understand not just technical aspects, but also human psychology, legal implications, and business strategies to effectively protect organizations. This shift has led to a more collaborative approach, where teams with diverse expertise work together to develop comprehensive security solutions.
Many cybersecurity programs require a technical background, why is it not so for the VCC program?
The VCC program focuses on Cybersecurity Governance, Risk, and Compliance (GRC). In GRC, the focus is less on technical skills and more on understanding organizational needs and managing risks in a way that aligns with business goals.
Governance is like laying down the company’s cybersecurity “road rules.” A GRC professional develops guidelines for data protection, like who can access certain files, to ensure employees follow safe practices. This could mean implementing policies for strong passwords or reporting suspicious activities.
Risk Assessment then identifies and evaluates potential “road hazards.” The GRC professional assesses risks to understand where the company might be vulnerable to cyber threats, like phishing or data breaches, and prioritizes which risks to address first. Just like mapping out accident-prone areas, they help prevent security incidents.
Compliance is about making sure the company follows these “road rules” and meets regulatory requirements. A GRC professional ensures that the organization adheres to legal standards, like data protection laws, so it avoids penalties and maintains its reputation.
Success in this field relies on a strong sense of business acumen, attention to detail, critical thinking, communication skills, and an understanding of industry standards and regulations. People with these skills can thrive in GRC.
