Overlapping Skillsets

Transitioning to a completely new field has progressed from fear to assessment. It's not that fears magically disappear, but there are constructive and destructive ways to handle fear. I find myself oddly at home during crises unfolding at a high rate of speed. Now that I am over 30 days in, I am identifying what professional skillsets I have that will be useful in cybersecurity. More after the jump. 

A colleague once told me I had compressed 15 years of career into 3. This is something that has stuck with me. I have repeated it multiple times in interviews and other professional settings. While at the time, much of it was stressful, the lessons learned can be used in a variety of ways. 

Focusing on the management side of my resume, I gained a lot that applies to cybersecurity. Specifically, compliance with laws, policies, and all applicable regulations. Thanks to my 8 years in the Pharmacy world, HIPAA is familiar to me. There was also a strong focus on state regulations. More than that, I have been present for many audits. How knowledge unfolds on a more practical basis is experience that cannot be gained in any setting other than the real world. I also know, in very real ways, the consequences of mistakes in healthcare. Not mistakes I made, but frequently I was the primary leader in charge of holding others accountable. 

Another of those skills gained is in the area of loss prevention. To this day, I know how to handle investigations before handing it off to those dedicated to this specific area. The most applicable to cybersecurity would be the internal investigations. In the pharmacy world, I made something of a name for myself finding fraud and various malfeasance. Most of it was through repetitive accounting practices that I understood from top to bottom. One summer we had more than 1 week of software problems with our daily accounting. This led to me reconstructing the days business, but completely backwards. I was trained to do this before training roles at corporate had been eliminated. We had one class(a couple hours long, total) that taught me how to do this. 

One example of an internal investigation was a person who was doing mental math for fraudulent purposes. They shorted customers small amounts in order to take money out later, but the drawer would balance. This individual made one mistake, one day, and I caught them. The truth came out later during the interview with loss prevention. A much shorter one was an individual who stole on their first shift. That investigation took a total of 5 minutes due to how fast I was able to move through the steps to investigate. 

I view this sort of repetition as what begins pattern recognition. Identifying anomalies comes with experience and time. The accounting/LP side was enjoyable because math was math. It was fair and unambiguous. My investigative process followed where the data led. I would not stop until I had the suspects and actions specifically for loss prevention to review. There was always a cause for imbalances in funds. Strange variances in our inventory.

The information I have gathered thus far leads me to believe that in cybersecurity, the underpinnings of those skillsets are applicable to investigating logs, reviewing events, and determining root causes. Over the years, I have honed a professional curiosity. This allows me to gain everything I can from the opportunities I have to learn. Asking questions the insecure perceive to be "stupid" is just part of the growth process, in my view. 

Onwards!