UC Berkeley's Jesse Goldhammer Discusses Skills For A Cybersecurity Career

The growing threat of hackers has one happy result: a boom in the demand for cybersecurity experts. UC Berkeley’s School of Information announced last November a new online master’s degree program on cybersecurity. Classes for the program, called cybersecurity@berkeley, are set to begin in 2018.

Jesse Goldhammer, who is associate dean for business development and strategic planning at the school, talked to International Business Times about careers people can pursue in cybersecurity.

Goldhammer, who joined the institution in 2015, was previously a partner at Deloitte Consulting, where he worked with public and private sector clients on multiple areas, including cybersecurity. He now works with faculty and staff to develop new programs, create partnerships with corporations and builds strategies for growing the size, impact and reputation of institution.

What advice would you give those who are thinking about pursuing a career in cybersecurity?

First, I might start by noting that there are many different types of careers that individuals can pursue in cybersecurity. Federal and state agencies offer law enforcement, military and intelligence careers that require deep cybersecurity expertise. There is a robust and fast growing cybersecurity industry that is creating tremendous opportunities for folks with technical skills as well as individuals that possess complementary capabilities, such as sales, marketing, HR, finance, etc. Finally, there is a growing need for professionals trained in cybersecurity in just about every industry sector. The financial services sector was among the first to directly hire cyber security professionals, because banks in particular faced such a wide range of cyber threats. Now, those opportunities have proliferated widely.

Second, and perhaps counter-intuitively, I would recommend that folks interested in a cyber security profession get training and/or experience in how to think like a black hat hacker. That is, learn to think like a highly technical and adaptive criminal, because you’ll be defending networks from those types of actors. Without a keen understanding of the devious, technical creativity that black hat hackers bring to their “profession,” cybersecurity professionals may find themselves able only to react to breaches and other hacks after the fact.

What is the most important thing students should learn when it comes to cybersecurity?

Cybersecurity is not first and foremost a technical profession. That’s not to say that cybersecurity professionals don’t need formidable technical skills to be successful. They do. Yet, from my perspective, cybersecurity is fundamentally about managing human fallibility. Our computer systems are vulnerable because fallible engineers built them. The authorized users who interact with computer systems are fallible. And, the adversaries who try – sometimes successfully - to break computer systems for some advantage are themselves all-too-human. In other words, students should learn about the politics, economics and psychology (to name just a few disciplines) of cybersecurity because, in the final analysis, defending systems requires a deep understanding of human behavior and incentives.

If you had to give only one piece of cybersecurity advice for the ordinary citizen what would it be?

Use long, unique passwords, stored in a password manager and two-factor authentication for your most sensitive authentication needs (i.e., banking and email).