Developing Your Career in Cyber Security: Q&A with Howard Shin | Coursera Community
Coursera Header
Q&A

Developing Your Career in Cyber Security: Q&A with Howard Shin

  • 27 November 2019
  • 13 replies
  • 507 views
Developing Your Career in Cyber Security: Q&A with Howard Shin
Userlevel 7
  • Community Manager
  • 1270 replies

Coursera’s Senior Application Security Engineer Howard Shin will be taking your questions on the topic of developing a career in cyber security. 

Between now and 8 December 2019, reply to this post with your questions about working in different cyber security domains, how to improve your cyber security skills, and getting hired into various cyber security jobs.

Howard will answer as many questions as he can during the following week.

About the Q&A Host

Howard Shin is a Senior Application Security Engineer at Coursera, where he works on securing the services that Coursera provides. Before Coursera, he worked as a cloud security engineering manager at Oracle, reviewing and testing different cloud services Oracle offers. Howard enjoys participating in various CTF (Capture The Flag) events and, as a new Courserian, exploring Cyber Security courses in Coursera. He attended Carnegie Mellon University, where he earned an MS degree in Information Security Policy Management.


13 replies

Userlevel 7

Tagging a bunch of people here who have asked or answered questions about cyber security here in the community! Maybe you’d like to ask Howard a question or two? 

@swaraj, @Ivan Ignatiev, @RahelAG, @McCloud77, @goodwillsandy, @Muhammad Faizan, @idelossantos30, @Amar Kumar, @WaqasGilani, @Manoj Kumar, @Luis Gerardo Ayala B., @Ali Wajd, @Hafiza Munshi, @Silentbychoice, @sushant_19, @MLarouche, @Amjad, @kavin boss, @legioneroff, @gaius, @aqei, @youngdestinya, @Beck2785, @Jerviso, @kennedymasiye1

Userlevel 1
Badge +1

Thanks, @Laura  for adding up in this post.  I would like to know the road map to being a Cyber Security expert. If you can provide guidance on this Mr Howard Shin it will be very helpful.

Userlevel 1
Badge

Hello Howard,

According to the latest workforce study from ISC2, the global cybersecurity workforce needs to grow by 145% to meet the ongoing demand. In the U.S alone, the cybersecurity workforce needs to grow by 60%. Moreover the unemployment rate for cybersecurity professionals in close to zero. Based on this information, I would like to ask you the following:

  1. What would you suggest someone starting out do to obtain a position in cybersecurity? Someone looking to pivot into the field?
  2. What are the biggest misconceptions you hear about the cybersecurity field? 
  3. This is an opportunity for institutions like Coursera. What is Coursera and partners doing to address the cybersecurity gap in a timely manner?

Thank you,

Badge +1

thank you @Laura  for mention me to this post.

Hi Howard,

i would like to ask you few things. first, im 21 years old, just graduated from my dip, in Network and computer Tech. But my interest is cyber security and ethical hacking field. i need to improve my skills and find a good career one day.

  1. So, advise me what are the courses that i need to take?
  2. i need to know the pathway success my ambition. 
  3. and how to find a better career?where? 

thank you. :metal:

Badge

I am interested in social engineering field. What are the opportunities in this field? How is it structured? 

 

My background: I am in edtech industry, working as a learning experience designer. Before that I worked in business.

My education is BA International Affairs + EdM Technology, Innovation and Education

Badge

Do I need to be a hacker first to be the best security engineer in the future?

Userlevel 6
Badge +4

Cordial Greetings,

 

Happy first of December to the whole community, that this month be with a balance full of many goals achieved and new projections for this next year, also thanks @Laura for the mention, very appreciated.

It's a pleasure to meet a such dedicated person with a high level of knowledge as Mr Howard Shin, my regards to him and thank you for taking the time to give advice and share your experiences for those who are interested in this field, such as cybersecurity is.

 

This aspect has become very fundamental due the new aspects of how technology has evolved in these terms, we have seen that is not only based on access codes, but also on aspects such as fingerprint, facial or voice blockage reoccurrence, to the point that new ways have been sought for generate new alternatives on this, and it can be said that cybersecurity doesn't only give value to data protection, as well as other benefits for those who make use of them, such as:

- Reduction of impacts by knowing in depth our vulnerabilities and risks.
 
- Ability to offer a greater guarantee and security in the service to our clients.
 
- Increase in company and brand image value.
 
- Increased security in the company, as far as internal procedures and confidential information are concerned.

 

Saying that, for those entrepreneurs who have large amounts of data or interested in use this more deeply, could you tell us about the importance of conducting security audits and what types of security audits they could perform?

 

 

Thanks for your attention with all of us.

Userlevel 1
Badge

Thanks, @Laura  for adding up in this post.  I would like to know the road map to being a Cyber Security expert. If you can provide guidance on this Mr Howard Shin it will be very helpful.

@goodwillsandy 

I found the pathway(s) in below link is pretty helpful. 

https://www.cyberseek.org/pathway.html

I think that it’s better not to focus too much on the differentiation among “entry, mid, and advanced” levels, though. The chart is useful to see the relationships between different roles. What I really like about the chart is “the feeder roles” since this is where we start when we want to “pivot into the field” (thanks @idelossantos30). 

In my opinion, building up a firm knowledge/experience in some of the feeder area is really important to gain expertise in any cyber security domain.

 

Userlevel 1
Badge

Cordial Greetings,

 

Happy first of December to the whole community, that this month be with a balance full of many goals achieved and new projections for this next year, also thanks @Laura for the mention, very appreciated.

It's a pleasure to meet a such dedicated person with a high level of knowledge as Mr Howard Shin, my regards to him and thank you for taking the time to give advice and share your experiences for those who are interested in this field, such as cybersecurity is.

 

This aspect has become very fundamental due the new aspects of how technology has evolved in these terms, we have seen that is not only based on access codes, but also on aspects such as fingerprint, facial or voice blockage reoccurrence, to the point that new ways have been sought for generate new alternatives on this, and it can be said that cybersecurity doesn't only give value to data protection, as well as other benefits for those who make use of them, such as:

- Reduction of impacts by knowing in depth our vulnerabilities and risks.
 
- Ability to offer a greater guarantee and security in the service to our clients.
 
- Increase in company and brand image value.
 
- Increased security in the company, as far as internal procedures and confidential information are concerned.

 

Saying that, for those entrepreneurs who have large amounts of data or interested in use this more deeply, could you tell us about the importance of conducting security audits and what types of security audits they could perform?

 

 

Thanks for your attention with all of us.

@Luis Gerardo Ayala B. 

Thanks for the question. As the size of collected (user) data gets bigger and bigger, the risk associated with these data, and the privacy concern, grows dramatically as well. Keeping these data safely and securely becomes more challenging not only to the entrepreneurs but also to the people who handle those. IMHO, the most important thing to keep these safe is the will of top level management, the senior executive team responsible for making strategic decisions within the organization. And also the consensus/awareness about this topic in the organization, since security is ultimately the responsibility of all employees within an organization. The goal should be creating organizational culture that cares information security. 

When it comes to the auditing, we probably want to check the data flow and see if proper protection is set in place for each control point, in which the threat-modeling process can be helpful. We also have a lot of checklists available for the purpose from compliance requirements like GDPR, CCPA, PCI-DSS. etc. and from the standard like ISO 27001. Most important thing, though, is how to make it as practical as possible when we apply them to our organization. 
 

Userlevel 1
Badge

Do I need to be a hacker first to be the best security engineer in the future?

@Elisy 

Not necessarily if you want to build your career in the cybersecurity field. But I have to say that it is essential to be a hacker if you want to be “the best” and “the engineer”. Here, by the term “a hacker”, I mean a personality of digging deep in the behind the scene process and of being curious. You don’t have to be a hacker “first” but you’ll find yourself to become one as you develop your career to the best security engineer.

Userlevel 1
Badge

thank you @Laura  for mention me to this post.

Hi Howard,

i would like to ask you few things. first, im 21 years old, just graduated from my dip, in Network and computer Tech. But my interest is cyber security and ethical hacking field. i need to improve my skills and find a good career one day.

  1. So, advise me what are the courses that i need to take?
  2. i need to know the pathway success my ambition. 
  3. and how to find a better career?where? 

thank you. :metal:

@kavin boss 

I haven’t explored all the cybersecurity related courses in Coursera yet but to my best effort these are the courses and specialization I can recommend.

https://www.coursera.org/specializations/cyber-security
https://www.coursera.org/specializations/secure-coding-practices
https://www.coursera.org/specializations/computer-network-security
https://www.coursera.org/learn/crypto

If I’m correct it seems you have a technical/academic background in networking and computer system. And I think network security engineering job is something you can try first.

If you currently are working in a company, you can try to find an opportunity in the security team you are working with. I started my career as a network/system engineer and found an opportunity in a corporate security team, which was the start of my career as a security engineer. And as you develop your cybersecurity related skills there, you’ll find more interesting opportunities outside and move on. In my personal experience, participating in various CTF events[1] also helped me to build my skills up.

[1] https://dev.to/atan/what-is-ctf-and-how-to-get-started-3f04

Userlevel 1
Badge

I am interested in social engineering field. What are the opportunities in this field? How is it structured? 

 

My background: I am in edtech industry, working as a learning experience designer. Before that I worked in business.

My education is BA International Affairs + EdM Technology, Innovation and Education

@Anna Butuzova 

I’m afraid that I can not tell if there’s any specific “social engineering” job out there. I think what “Red Team” is doing involves a lot of social engineering but they require a certain level of technical ability above initial social engineering. 

Companies who provide “Security Awareness” training can be a candidate for your career change and you can learn relevant technical skills while you are working in the industry to shift your career toward more technical jobs. (consulting jobs also will be a good fit for you I guess)

Userlevel 1
Badge

Hello Howard,

According to the latest workforce study from ISC2, the global cybersecurity workforce needs to grow by 145% to meet the ongoing demand. In the U.S alone, the cybersecurity workforce needs to grow by 60%. Moreover the unemployment rate for cybersecurity professionals in close to zero. Based on this information, I would like to ask you the following:

  1. What would you suggest someone starting out do to obtain a position in cybersecurity? Someone looking to pivot into the field?
  2. What are the biggest misconceptions you hear about the cybersecurity field? 
  3. This is an opportunity for institutions like Coursera. What is Coursera and partners doing to address the cybersecurity gap in a timely manner?

Thank you,

 

@idokoken 

For the career development in cybersecurity field you can refer to the other answers I provided. Hope it will help.

Lots of security solution providers claim that they provide one-stop solution for the cybersecurity and that is not the biggest but the most frequent misconception I am encountering these days. Security indeed is a process not a product and the emphasis must be put on the implementation detail not on the deployment of security solutions.

I can not detail the efforts Coursera is giving on cybersecurity but it involves keen monitoring of malicious behavior, continuous testing on the security of the services, secure design review and threat modeling.

Reply