Jamal Mekdachi, Head of Operations, Cyberteq, is a 20-year veteran in information technology and security. A performance-driven and result-oriented professional, Mekdachi has worked for a number of reputed organizations in the past. He talks to CISO MAG about his journey, cybersecurity skill gap, and gender neutrality in the domain.
Tell us about your journey. Why did you choose cybersecurity as a domain?
To become a good cybersecurity professional, you must be able to simulate the activities of the hacker (the robber) or the person with malicious intent as well as the security analyst (the cop). You have the opportunity to take on both roles (all in one job!), both attack and defend-how cool is that!
Cybersecurity has become critical to the fabric of any modern business. As breach after breach hits the headlines, it’s clear to everyone that organizations need more professionals focused on cybersecurity.
Security professionals get the chance to work directly with teams on technologies and systems from robots to cars to websites serving millions of users and its needed in almost every domain, from the government to corporate, military to medical, financial to personal, because each one collects, stores and transmits data, much of which is sensitive information.
As the amount of digital data and transactions grow, so does the need for cybersecurity professionals in a variety of roles. This has opened the doors to a career move for both seasoned IT professionals and those making a lateral career move into a new field.
There was a recent article that said, ‘there are millions of cybersecurity jobs waiting. And they need more than just experts’. Do you think there is a skill shortage in cybersecurity space?
There is no better time than now to get involved in the cybersecurity space. The rising demand is overtaking the number of cybersecurity experts qualified for the roles, to the point that companies are looking at Artificial Intelligence (AI) for solutions, thus so many career opportunities are available for cybersecurity professionals.
How important is cybersecurity education or training for employees to keep cyber threats at bay?
Businesses continue to be hit harder and harder by ever increasing cyber-attacks from outside company walls and inside (employees). Employees are at the heart of every business and can be a company’s greatest asset or its biggest threat when it comes to securing sensitive data and information.
Lack of employee cybersecurity education and awareness, along with human error or careless behavior have been the cause of many major security breaches from phishing attacks luring employees to click suspicious links that contain spyware, to weak passwords and leaks on social media. All attack vectors can be avoided with effective cybersecurity awareness training. It should be conducted base on employee’s role, responsibilities and risk profile, and it should be supported with enforceable policies and keep on updating it as well as a program for testing employee cybersecurity knowledge by simulating attacks.
Moreover, it is very important to make cybersecurity awareness training part of the onboarding process.
The representation of women in cybersecurity has remained stagnant at 11 percent for the past four years. This is despite growing awareness on cybersecurity, and expanding career options. Most of the times, the reasons cited is the lack of women role model and the impression the industry carries. What can be done to break the gender stereotype so that women, even in their teens are inclined to join the cybersecurity space?
There are many initiatives that corporations can take to attract more women in cybersecurity, including specifically asking for female applicants, sponsoring more female professionals, etc. Businesses have to ensure that both men and women receive equal professional development support in their industry
What advice would you give to a budding information security professional?
Security professionals must continually adapt to stay a step ahead of cyber-criminals. This involves monitoring current trends in cyber-crime, the latest methods and exploits used by attackers to infiltrate systems, and new developments in technology
The most important quality a security professional require is a strong ethical code. They often work with highly confidential information and have access to critical infrastructure. It is important to maintain integrity and accountability.
An inquisitive nature and ingenuity in discovering new methods to achieve desired outcomes and, at a technical level, an understanding of web development, programming, security fundamentals and networking is crucial.
Get professionally certified based on your career path. Attend info and IT security training courses and conferences.