Foreword: Navigating the Cybersecurity Career Path xvIntroduction xviiPart I Arriving in Security 1Chapter 1 How Do You Become a Security Professional? 3Create Your Story 8So, You Want to Work in Security 13What's Next? 16Chapter 2 Why Security? 19What Kind of People Do Security? 21What Is Your Why? 24What's Next? 28Chapter 3 Where Can I Begin? 29What Does It Mean to Be a Security Professional? 32How Can You Make Sense of It All? 35What's Next? 39Chapter 4 What Training Should I Take? 41For the Traditional Student 43For the Nontraditional Student 44For the Full-TimeNonsecurity Worker 45Other Things to Consider 46What's Next? 51Chapter 5 What Skills Should I Have? 53The Entry Point --Technology 55Professional Skills 59What's Next? 66Chapter 6 Is My Résumé Okay? 67Linking the Résumé to the Job Posting 70Elements of a Résumé 71Digital Presence 77References 78Cover Letters 79What's Next? 80Chapter 7 Trying with Little Success? 81Physical Location 85Your Company 85Get Specific 86Know Your Market 88Assess Your Efforts So Far 89But I'm Doing All Those Things! 91What's Next? 92Part II Thriving in Security 93Chapter 8 How Do I Keep Up? 97Fitting It Into Your Schedule 99Ad Hoc and Planned Learning 102Take a Mini-Sabbatical 103Where Do I Find the Information? 103What's Next? 105Chapter 9 How Can I Manage Security Stress? 107The Stress of Working in Security 109Managing Security Stress 113What's Next? 118Chapter 10 How Can I Succeed as a Minority? 119Making Security Work for You 124What's Next? 128Chapter 11 How Can I Progress? 129The Security Journey 131The Opportunist 132The Intentional Career Seeker 136How to Get Promoted 139What's Next? 141Chapter 12 Should I Manage People? 143Leadership and Management 145Preparing for Your Next Role 150What's Next? 152Chapter 13 How Can I Deal with Impostor Syndrome? 153Fact-Check Your Inner Monologue 157Know Competence and Incompetence 158Know When to Ask for Help 159Keep Learning and Know When Enough Is Enough 160Keep Track of Your Successes 161What's Next? 162Chapter 14 How Can I Know If It's Time to Move On? 163Are You Happy Where You Are? 165Have You Done All You Wanted to Do? 166Have You Learned All You Wanted? 167What Are Your Long-Term Goals? 168Are You Being Pigeonholed? 169Do You Fit Into the Culture? 170Job Hopping 171Are the Other Options Better than Your Current Job? 172What's Next? 173Part III Leading Security 175Chapter 15 Where Do I Start? 179What's on Fire? 180What Is Your Timeline to Act? 181Who Are Your Partners? 182Find the Strengths and Note the Weaknesses 183Draw the Business Risk Picture 184Do You Have a Mandate? 185What's Next? 186Chapter 16 How Do I Manage Security Strategically? 187Consider Your Industry 190Know Your Business Priorities 191Be Pragmatic 193Address Stakeholder Pain Points 194Threats and Vulnerabilities 195Rinse and Repeat 197Putting It Together 198What's Next? 200Chapter 17 How Do I Build a Team? 201It Is About the How 203Things to Consider 207Identify Important Things 209Identify Areas of Weakness 211Discontinuing a Function 212Building New Functions 213What's Next? 215Chapter 18 How Do I Write a Job Posting? 217The Challenge of Job Postings 220What's Next? 225Chapter 19 How Do I Encourage Diversity? 227Start with Numbers 229Understand Your Cultural Issues 230Attracting Diverse Talent 232Writing the Job Description and Posting 234The Interviewing Process 235Retaining Diverse Talent 236Promotions and Career Development 237Leaving the Team 239What's Next? 239Chapter 20 How Do I Manage Up? 241Who Are Senior Stakeholders? 242Help Them Understand Security 246When Things Go Wrong 250What's Next? 251Chapter 21 How Do I Fund My Program? 253Funding a Team 255Funding a Program 256The Big Ask 260What's Next? 261Chapter 22 How Do I Talk About My Security Program? 263What Story Should I Tell? 264Telling Stories 271What's Next? 273Chapter 23 What Is My Legacy? 275Making an Impact on the Industry 277Making an Impact on Your Company 281What's Next? 283Epilogue 285Appendix: Resources 287About the Author 291Acknowledgments 293Index 295

HELEN E. PATTON has held several senior technical leadership positions in cybersecurity, including Advisory Chief Information Security Officer at Cisco, AVP and Chief Information Security Officer at the Ohio State University and Executive Director of IT Risk and Resiliency at JP Morgan Chase.