Developing a successful information security career requires excellent technical acumen as well as the ability to understand the impact that security policies have on people, says Gurdeep Kaur, a chief security architect at financial services heavyweight AIG.
"You have to have the confidence, and you have to have ... the technical skills," she says in an interview with Information Security Media Group. "You need to study ... [and] you must get into the trenches and understand how this whole thing works."
That's advice that Kaur, who also founded and serves as the president of the New Jersey chapter of training and certification organization (ISC)Â², relays to junior information security personnel as well as to the young people with an interest in IT whom she mentors.
Kaur has worked for 10 years at AIG, where she began in a very technically focused enterprise security specialist role that included tackling a range of enterprise architecture concerns. Since then, she's held a variety of more strategic roles inside the organization, including helping AIG disinvest - sell off - various business units in a secure manner, for which she found that technical expertise, business acumen as well as empathy all needed to be brought into play.
"You want to make sure that everyone is comfortable - and it's not that they have this warm fuzzy feeling, but at least they understand what is being done and why it is being done, and why the security team is asking for what they are," she says.
Must Have: Emotional Intelligence
Emotional intelligence - using an awareness of emotions to better guide thinking and behavior - ranks highly on her "must have" list of traits for anyone pursuing an information security career, especially when it comes to moving up the career ladder.
"You need to get into the habit of translating security speak into non-technical business speak, and then you also need to empathize with people," she says. "You simply cannot talk about ones and zeros and not think about how it impacts people, so ultimately, it's not about things - nothing is about things, whatever it may be. It's always about people."
In the interview (audio link below photo), Kaur also discusses:
- Essential skills for succeeding in an information security career;
- How to drive more students to study the STEM - science, technology, engineering and math - disciplines;
- Strategies for communicating security concerns and concepts to a business audience;
- How to entice more women to consider information security as a "cool career" possibility.
Kaur has nearly two decades of experience in IT and information security. She currently serves as the chief security architect for AIG. She has held a number of roles at AIG, including serving as the information security director for its global finance and life insurance divisions. She previously worked as a consultant for IBM Global Services.