Why Business Analysis Professionals Should Master Cybersecurity Now
This October, we enter the 21st year of Cybersecurity Awareness Month, a timely reminder of how crucial cybersecurity skills are in our increasingly digital world. Indeed, cybersecurity has played (and continues to play) an integral role in keeping businesses and society safe, especially as high-profile data breaches and ransomware attacks continue to make headlines around the world.
Cybersecurity and business analysis are inextricably linked, even overlapping at times, as are the career pathways laid out by each discipline. Cybersecurity is so critical to how modern businesses function that IIBA offers a Certificate in Cybersecurity Analysis, which equips business analysis professionals to work in cybersecurity analysis. Given that they already have a significant head start, all business analysis professionals should seriously consider investing in their cybersecurity skills.
Read on to discover what the disciplines have in common and tips for moving from business analysis to cybersecurity analysis, at any stage of your career.
What Do Cybersecurity and Business Analysis Have in Common?
Both cybersecurity and business analysis professionals, especially those who work with and in security, share foundational skills. These include scripting, intrusion detection, network security control, operating systems, incident response, cloud, DevOps, and knowledge of threats and regulatory guidelines.Business analysis professionals who work directly with cybersecurity teams to support a company’s data security goals often manage security operations analysis, work with risk management and compliance teams to perform enterprise-level analysis, and connect the business environment to security and risk functions.
Business analysis professionals can also work with project and program management groups that carry out analysis tasks relating to security solution development, design, and deployment. The possibilities for collaboration are virtually endless.
Integrating Cybersecurity Into Business Analysis
As the cybersecurity landscape evolves, business analysis professionals must maintain their place at the vanguard of business change. Before incorporating cybersecurity into your business analysis toolkit, however, make sure you have a firm grasp of:- The business environment and what it values
- Cyber risks
- Cyber requirements
- How to incorporate cyber requirements
- Security frameworks and industry guidance
- How to document and track exceptions
In the IIBA webinar, Cybersecurity for Business Analysis Professionals, Helen Patton, Cisco Cybersecurity Advisor and CISO (and someone who wrote the book on Navigating the Cybersecurity Career Path), commented:
“When you’re thinking about security in the work that you do on a day-to-day basis, ask yourself these questions: ‘Is the project that I’m deploying taking appropriate account of confidentiality of the data, in terms of access controls primarily? Can we trust that the data within our system is accurate?’ We don’t want healthcare systems, voting systems, or COVID research data systems, for example, to have inaccurate data. What are we doing to ensure our systems and our data remain available and can recover if there is a problem with availability after the fact? This gets you into business continuity and disaster recovery planning.”1
As you consider working with and in cybersecurity as a business analysis professional, it’s important to understand the concept of risk. The formula for assigning a risk exposure rating is: risk = (threat x vulnerability x probability of occurrence x impact)/controls in place.2
Remember also that cybersecurity analysis isn’t just about technology and tools. It’s also about people and business processes. As Patton puts it: “The security teams have done a pretty good job of finding tools to manage the technology, but the risk points in our environment where things can go wrong more heavily lie with people and bad business processes.”3
This explains why it’s vital that business analysis professionals gain as much knowledge as possible about people and business processes, as it will improve their cybersecurity analysis acumen.
Stepping Into Cybersecurity Analysis
After taking the time to discover security fundamentals, understand risk, and consider business processes and people, you might choose to make the jump from business analysis to cybersecurity analysis. It’s a great next step for many business analysts on their career path. But how is it actually done?
Patton provides some practical tips for making the switch:
- Learn on the job by actively seeking to work with cybersecurity professionals and security functions. This will be easiest for those in an organization with a security team. “Find a way to get close to the team,” Patton says. “This could look like volunteering to help them on a project or asking them about security conferences, resources, or learning paths they use.”
- Attend cybersecurity conferences and meet-ups to learn more about the industry. This is the best way to network and make industry connections. And since most jobs are gained via networking, it tends to really pay off.
- Consider self-directed or formal training. Bootcamps, LinkedIn Learning, and free training on YouTube and Coursera are all founts of knowledge for prospective cybersecurity analysts.
Patton also suggests earning the Certificate in Cybersecurity Analysis, offered by IIBA and IEEE Computer Society. Why? “Self-directed learning will be an indicator to hiring managers that even though you may not have worked directly in security before, you have an interest in cybersecurity and you know how to learn. You’re ready to make that move,” she says.4
It’s wise to think about getting a job in cybersecurity analysis—a viable, lucrative, and diverse career path for business analysis professionals. After all, cybersecurity is for everyone, and everyone is hiring security professionals. Cybersecurity analysts have their pick of careers in finance and banking, health, transportation, safety, energy and utilities, communications, and government.5
Certifications vs. Degrees
Many business analysis professionals question whether they need a security-related degree to get into cybersecurity. The short answer is no. Cybersecurity certifications are solid alternatives to degrees and can prove to employers that candidates have the skills to do the job they’re applying for.Patton agrees: “It doesn’t matter if you don’t have a degree in cybersecurity or even technology. Some of my best employees are music teachers or historians or archeology majors. My undergraduate degree was in business administration. If you already have a bachelor’s degree, I don’t recommend you go get a cybersecurity undergraduate degree. Instead, and if you are already a working adult, I would want you to think about a cybersecurity certification.”6
The future is bright for cybersecurity analysts. By taking simple steps toward a greater understanding of cybersecurity and self-directed learning credentials like cybersecurity certifications, business analysis professionals can position themselves for a role in cybersecurity analysis and gain greater influence in the fight against cybercrime.
In celebration of Cybersecurity Awareness Month, IIBA is offering members a 20%* discount on Cybersecurity Analysis packages until October 31. Not an IIBA member? Purchase your membership first to take advantage of this offer.
*Terms and Conditions: This 20% discount offer applies to active IIBA members who purchase the IIBA-CCA bundle, IIBA-CCA exam, IIBA-CCA exam rewrite, or IIBA-CCA online resources between October 1 to October 31, 2024, until 11:59 PM Eastern Time (ET). Non-members are welcome to take advantage of this discount by first becoming an IIBA member before making their eligible purchase(s). The offer does not apply to bulk, volume purchase agreement (VPA) purchases, or partner program (formerly corporate program) members. The discounted offer is non-transferable or redeemable for cash or credit. The offer may not be used in conjunction with any other promotional code, discount, or offer. This offer is subject to change without notice. Please Note: The discounted prices are automatically displayed in the cart once you log in as a member.
References
- IIBA, “Jan 26, 2022 | Cybersecurity for Business Analysis Professionals: Working in and with Security,” October 16, 2023, https://vimeo.com/670318428/0c52a20cd6?share=copy.
- John Davis, “Formula for Calculating Cyber Risk,” MSI :: State of Security, January 22, 2021, https://stateofsecurity.com/ formula-for-calculating-cyber-risk/#:~:text=Combining%20 these%20factors%20allows%20you%20to%20assign%20 a,x%20probability%20of%20occurrence%20x%20impact%29%2Fcontrols%20in%20place.
- IIBA, “Jan 26, 2022 | Cybersecurity for Business Analysis Professionals: Working in and with Security.”
- Ibid.
- Canadian Centre for Cyber Security, “Cyber Security Career Guide - Canadian Centre for Cyber Security,” Canadian Centre for Cyber Security, September 8, 2022, https:// www.cyber.gc.ca/en/guidance/cyber-security-career-guide.
- IIBA, “Jan 26, 2022 | Cybersecurity for Business Analysis Professionals: Working in and with Security.”
About the Author
Tiffani Iacolino is a Senior Manager, Product Marketing at IIBA and has over 15 years of marketing experience across the legal, technology, telecommunications, publishing, media, and professional services industries. She’s passionate about delivering meaningful products and solutions to the business analysis community. Hailing from the Greater Toronto Area, she enjoys an amazing cup of coffee, running, and yoga—between chasing her two adorable children!