A career in security for the government might have nothing to do with configuring firewalls and protecting IT systems.
With democracy threatened by fake news, educating your colleagues and the Canadian population is the nature of the game, as well as creating trust in a digital world, says Angela McAllister, who heads up Academic Outreach and Engagement for the Canadian Centre for Cyber Security (CCCS). The digital charter recently announced by the federal government demonstrates that cyber security today is just as much about protecting people from fake news as it is from malware and other threat actors.
The good news is the CCCS doesn’t see Canada’s upcoming federal election being affected to the degree the 2016 presidential election was south of the border, she says, and Canada still uses old school paper voting, so fake news to sway votes through websites, emails, and social media accounts is more of a threat thanks to our ability to easily share information without thinking about the source—not unlike instinctively clicking on an attachment without thinking about where it came from.
The threat of fake news and the digital threats to democracy demonstrate how nebulous the role of a cyber security professional is today. Yes, cyber security work could involve configuring anti-virus software for end users, but it can also entail writing reports, teaching courses or even practicing law.
No matter what, says McAllister, it’s a policy and education job, going beyond the typical stereotype of the traditional IT security job. “It sits outside. It sits with our teachers, it sits with our parents, it sits with the parents of young children, and it sits with lawyers and businesspeople and communications professionals.” They can have an impact on whether people believe fake news, she says. “Once people stop believing it, and it becomes an inefficient tactic, our adversaries will stop using it.”
Outside of fake news, thinking around security and privacy permeates everything the CCCS does. “Our HR people need to be aware of the types of cyber skills that are out there and be able to understand what skills the managers want,” she says. “Our businesspeople have to be thinking about things that are related to cyber in regards to contracts, and be able to understand that.” Meanwhile, CCCS communications people are updating the website and tweeting things, others are teaching courses to government staff, and others safeguarding the network—cybersecurity is part of everyone’s career.
McAllister says most people don’t realize how diverse a “cyber career” can be, and part of her job today is working with academic institutions to try and get them to add more cyber education into all their programs, and open up their eyes to the fact that every single program has a need for a cyber education piece. “If you go to see a psychologist, your psychologist has very sensitive information about you. They talk to you, and they type it up on their laptop. And then they’re also surfing the net on their laptop and they’re receiving emails on their laptop,” she says. “Wouldn’t you want your psychologist to have a degree of cyber education, so they don’t fall for a phishing email? So that someone can’t hack into their computer and access your sensitive files?”
This makes advice on what education to attain if you want to pursue a cyber security career in government a little murky, said McAllister, who herself has a diploma in electronics engineering and a BSc in technology. “Most of the stuff that I’ve learned, I’ve learned on the job or through a few training courses.” She recommends supplementing any education with a short cyber security course or a one-year certificate program that you can build on top of your degree or three-year diploma. “Those are starting to become much more prevalent, and not all of them are highly technical. I would build more cyber education into my degree where possible.”
Want to learn more? Find top-rated cyber security courses near you.