By Tony Vizza, CISSP, CCSP, Director for Cyber Security Advocacy – APAC at (ISC)²

“Tony, why did you get into cyber security?,” I am often asked. Truth be told, I had an interest in IT from a very young age. In second grade, my classroom had an early model Apple which the teacher did not know how to use and which I taught her. In high school, I took computer studies as a subject. Following this, I enrolled and completed an undergraduate degree in computer science. My first job after graduation was as a programmer and network administrator within a large multinational travel agency. Later on, I worked in IT infrastructure design and architecture and even did a stint in sales and sales management. Of course, information security comprised a subset of my day to day technical work, but it was never the predominant part of my workday. So, it often comes as a surprise to people when I explain that my choice of dedicating myself entirely to cyber security only came about at the end of 2014.

Earlier that year, I had accepted a technical sales manager role at a mid-size systems integrator in Sydney, Australia. During that time, I was also studying an Executive MBA through the University of Sydney which included study at Stanford University in California. It was during this time that our cohort was assigned an industry project working with Silicon Valley based companies related to managing organisational growth.

The industry project was with Symantec. The project brief appeared simple: Develop a go-to-market strategy related to IoT security that Symantec could consider and potentially go live with. The cohort was split up into teams and I was the only person who had in-depth IT experience in the team to which I was assigned.  

To support us, Symantec organized a briefing session with some their senior leadership team to provide guidance, support and to answer any questions the team may have. One of the Symantec team members was particularly knowledgeable about cyber security and IoT. He introduced himself as George. George was the director of product management. He was assigned to our team and assisted us with our questions. In conversation, I mentioned to George that the organization that I was working for back home was a top Symantec partner and that we had been trialing one of Symantec’s most recent product launches with a view to adopting it. George’s eyes lit up with excitement and he gave me a “high-five.” He said “Please connect and let’s keep in contact!” He gave me his business card: George Maculley, CISSP. We connected on LinkedIn. Once again, he was listed as George Maculley, CISSP.

It may surprise you to know that I was completely unfamiliar with cyber security certifications up until this point. I was aware that certifications in cyber security existed, but I wasn’t aware which of them were industry recognized and what the certifications meant. Meeting George changed that. More on that later.

At the conclusion of my time in Silicon Valley, I made two career-changing (and arguably life-changing) realizations. The first was that cyber security represented a huge growth opportunity for the organisation I worked for. Returning home and working with senior management, I was able to pivot the organisation’s focus towards cybersecurity. We developed a successful strategy that aligned the business to cyber security and grew the business significantly. The second realisation was that cyber security was the place I wanted to be in. One of my team members remarked that whenever we talked about technology during the Symantec project, she could tell I was passionate about it. It was in my blood. However, I also felt that to be successful in cyber security, I wanted the recognition that came with success. I wanted to be just like George.

What happened next seems like a rather straightforward course of action in hindsight, but with it carried much perseverance, resilience and damned hard work to make it all happen. I resolved to find out what that “CISSP” thing at the end of George’s name on his card and on his LinkedIn was all about. I did my research and found out what it was. I also found out that it was hard. Very hard. Even so, every testimony I read about the CISSP was that it was a huge achievement to earn. I then glanced through the CISSP CBK domains and realized that while I was proficient in some of them, I had practically no experience in others. With that, I purchased the CISSP study guide and got to work studying nights and weekends.

It took almost a year after meeting George for me to become just like him, but I got there. To this day, being told by the official at the testing center that I passed the CISSP exam still remains one of the proudest moments of my professional career. Little did I know that a few years later, I would be working for the association that administers the CISSP, among other certifications, and would be an Advocate for cyber security across the Asia-Pacific region.

Making a career decision to focus on cyber security opened up a plethora of new doors for me. A lawyer friend suggested that I combine my cyber security skills and a law degree and consider a future in cyber law. Now, I am studying for a Juris Doctor to achieve this. I completed my CCSP cloud security certification, a number of other certifications and am now studying to earn a privacy related certification as well. I have written articles, presented on cyber security countless times, was involved in many audits, assessments and incident responses and counselled numerous men and women into careers in cyber security. The journey has and continues to be nothing short of amazing. And it all started by meeting George Maculley, CISSP.

I approached George with the idea for this article. His response was incredibly gracious and humbling. If it were not for George proudly and loudly wearing his CISSP with pride, who knows where I would be working today. I even toyed with the idea of a complete career change as an airline pilot. That story some other time. 

As seasoned, experienced, highly skilled and ethical cyber security professionals, we are often unaware that we represent role models and ambassadors for our industry for those around us. Younger women and men look up to us for guidance and advice. Our peers look to us for knowledge and support. Our leadership trusts us with the most valuable resource they possess – information.

Those who know me know that I wear my CISSP and CCSP certifications with pride. They are on my business card, my email signature and on my LinkedIn profile. I have Acclaim badges that show my certifications. My certifications are listed in my presentations, in my articles and I mention them in podcasts.

If showing off my certifications with pride piques the curiosity of just one person to decide to join our industry, it has been worth it. I encourage you to do the same.