ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > The Path to a Cyber Security Governance Career

The Path to a Cyber Security Governance Career

Gbadamosi Folakemi Toyin, CGEIT, CRISC, Ibadan Chapter President
| Posted at 1:24 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (0)

Cyber security governance jobs are growing significantly faster than information technology jobs. However, this very exciting industry lacks the number of skilled professionals required to fill the available jobs.

Some common roles within cyber security include cyber security governance manager/consultant, information assurance, security analyst, forensics consultant, penetration tester and malware analyst/reverse engineering. With these types of opportunities available, new or aspiring cyber security professionals should focus on continually increasing their skillsets, because the cyber security industry is continually changing.

The path of an employee in an organization may be vertical most of the time, but they also can move laterally or cross-functionally to different roles. This blog explains the possible routes that individuals can take from their first foray into the job market of the cyber security governance profession.

Why Cyber Security Governance?
Workforce Shortage:  There is a severe workforce shortage of skilled, experienced and seasoned cyber security professionals in labor market. By 2021 there will be a predicted 1.5 million shortage of cyber security professionals worldwide, according to Symantec CEO Michael Brown.

According to the CSX Cybersecurity Fundamentals Study Guide, “There are an estimated 410,000 to 510,000 information security professionals worldwide, and jobs are expected to increase 53 percent by 2018 with over 4.2 million jobs available. However, recent studies and reports suggest that there are simply not enough skilled professionals to fill them.”

Role in Security Objectives:  Governance plays a vital role in achieving the security objectives of organizations; not only for current needs but also to ensure well-drafted mitigation plans for future challenges from new emerging technology.

Nation-state-sponsored Attacks and Advanced Persistent Threats (APTs):  Both public and private organizations need to define and implement strategies addressing adversarial threats related to their dependence on cyberspace. Cyber security governance professionals are needed to help organizations articulate their strategies for addressing the nation-state-sponsored attacks and APTs. These professionals will use a framework to define levels of organizational preparedness, characterized in terms of the organization’s perspective on, and/or assumptions about, the threats it faces. Cyber security governance professionals assist in applying sound principles for information systems security governance and making effective use of standards of good practice for security management.

With a significant shortfall of cyber security professionals worldwide expected in five years, who will carry out these safety/security checks? For these reasons, there is great need for students, fresh graduates and professionals to key in to the cyber security profession now.

Cyber Security Governance Education and Career Path
As with most IT jobs, individuals working in cyber security generally hold at least a bachelor’s degree. Typically, a degree in an IT-related field and one or more of the following certification(s) is always required:  Certified Information Security Manager (CISM), Certified in Risk Management and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP). Some employers prefer advanced educational qualifications, such as an MBA in Information Systems or a related field.

Career paths can vary. For example, someone who wants to oversee database security might first work as a database administrator. In a similar fashion, an individual who wants to work in cyber security governance might begin as an IT auditor, risk manager, compliance officer, IT control manger or internal control officer/manager.

No matter the chosen career, certain skill sets will apply. A cyber security governance professional must be organized and able to concentrate on complex challenges for lengthy periods. In addition, the ability to think like a hacker is invaluable, as is knowledge of the latest methods used in cyber attacks.

Required Knowledge for Cyber Security Governance Professionals

  • Network Basics:  Define types of networks (mixture of networks, infrastructure, general technology), OSI model, TCP/IP
  • Techniques:  IT audit risks, security risk assessment, assessing IT risk, designing IT controls, business process controls, general process controls
  • Standards:  Knowledge of COBIT, ISO/IEC 27001, NIST framework, SANS
  • Regulations:  US Sarbanes-Oxley, GLBA, HIPAA/HITECH, privacy and EU Data Protection Directive

Taking the Next Step to Cyber Security Governance Profession
The Cybersecurity Nexus (CSX) Cybersecurity Fundamentals Online Course provides learners with principles of data and technology that frame and define cyber security. Learners will gain insight into the importance of cyber security and the integral role of cyber security professionals. The interactive, self-guided format will provide a dynamic learning experience where users can explore foundational cyber security principles, security architecture, risk management, attacks, incidents, and emerging IT and IS technologies.

The target audience for this course includes:

  • Zero to three years cyber security experience
  • Audit, risk, compliance, information security, government and legal professionals with a familiarity of basic IT/IS concepts who:
  • Students and recent graduates

Editor's note:  October is Cyber Security Awareness Month in many locations around the world. For more information click here. ISACA is a 2016 Champion sponsor organization of the National Cyber Security Alliance’s (NCSA) National Cyber Security Awareness Month.


MBASkool, “Career Path,”
Binwal, Prakash, “Creating a Cybersecurity Governance Framework:  The Necessity of Time,” Security Intelligence, 29 June 2015,
ISACA NL, 2014 Governance of Cybersecurity, The Netherlands, 2014,
Bodeau, Deb; Steve Boyle, Jenn Fabius-Greene, Rich Graubart; Cyber Security Governance, MITRE, USA, 2010,
University Alliance, “Cyber Security Professional Career For Military Spouse,” New England College,
Impact Makers,


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.