Name: Thien Phan  
(ISC)² Exams Passed: CISSP and CCSP
Title: Cybersecurity, Privacy and IT Risk Associate
Employer: PricewaterhouseCoopers (PwC)
Location: New York City, NY, U.S.A.
Education: MBA degree and Bachelor’s Degree in Management Information Systems (MIS) from Binghamton University
Years in IT: 1 year
Years in cybersecurity: 1 year
Cybersecurity certifications: Security+, CCNA Cyber Ops

 

How did you decide upon a career in cybersecurity?

It was back in my third year of college when I interned for a multimedia company as a database administrator. I did not know much about how different technologies worked together. I was introduced to the concept of networking and how a database system can provide output to the front-end web server. I learned about the SQL injection and became fascinated with the idea of accessing and navigating the server without any credentials. That was when I started thinking about pursuing a career in cybersecurity.

  

Why did you decide to pursue certification through the Associate of (ISC)²?

I pursued certification through the Associate of (ISC)² mainly for the knowledge of the different domains. I wanted to get a certification to demonstrate that I met a certain baseline of knowledge, and I hoped that it could prove to my future employer my dedication to the cybersecurity field.

 

In cybersecurity, no two days are the same – what is your main role in your organization?

My primary role is to assist my senior members and managers in our engagements. It is a lot of work ranging from meeting with clients, reviewing the notes and documentation, applying the different frameworks and standards to providing appropriate recommendations. I have had the opportunities to work in different types of engagement such as performing security maturity assessment or a more recent one working on data discovery, data inventory project now that GDPR deadline is coming up. 

 

Tell us about a project that you were particularly proud of –

I was working to assess an insider threat program for a client, and I was not surprised to find that insider threats always exist within any organization. It is one of the biggest threats to them because any disgruntled employees can easily extract confidential information or cause havoc to the systems, and my client was not focusing on mitigating that specific risk. I was glad we were able to help them identify the weaknesses in their policies, system controls, and configurations, give them the maturity score of the current program and guide them using the best practices in the industry.

 

What impact has the Associate of (ISC)² had on your career?

I feel more prepared interacting with clients in meetings, and I now can contribute quality insights to my team in every discussion. As I am just starting out in my career, I hope being an Associate of (ISC)² will also open new doors, create opportunities for me to connect with cybersecurity experts in the industry.

 

What advice would you give to someone who is on the fence about pursuing certification, but doesn’t have the experience required?

If you don’t have the experience required, I think becoming an Associate of (ISC)² is an excellent way for you to demonstrate that you have the cybersecurity knowledge and that you are willing to go above and beyond to achieve your dream career. Employers will always look for a candidate with an eagerness to learn and a passion for the field he or she will be working in.

 

Learn more about how the Associate of (ISC)² can help you start on the path to certification.