I’ve been put in charge of security and I have no idea what I’m doing.

Navigating Cybersecurity Responsibility Without Experience: A Newcomer’s Journey

Taking on new responsibilities in a job can be an exciting yet daunting experience, especially when those responsibilities involve something as critical as cybersecurity. Recently, I found myself in a situation where, despite my initial role focusing on “helping with computer stuff,” the responsibility of managing the company’s cybersecurity unexpectedly fell into my lap.

I must admit, when I joined the company, I was not prepared for this level of responsibility, especially given that I lack formal training or certifications in the field. Moreover, it became clear that there were minimal protocols in place—my predecessors didn’t handle cybersecurity, leaving me to navigate this uncharted territory.

Fortunately, the company is not currently facing intense scrutiny. However, it’s essential that we prepare for an anticipated increase in visibility. We plan to bring in a security consultant in the future to help guide our efforts, but I want to ensure we’re not caught off guard or unprepared when that day comes.

So, where should I begin on this journey into cybersecurity?

After seeking advice and resources, I’ve garnered some strategies that could help someone in a similar situation. Here’s how I’m approaching this challenge:

1. Educate Myself: The first step is to build a foundation of knowledge. I am diving into online courses and resources that explain the basics of cybersecurity. Platforms like Coursera and Udemy offer excellent introductory courses that can help demystify key concepts.

2. Establish a Basic Framework: Even without formal protocols in place, I’m focusing on fundamental security practices such as password management, regular Software updates, and data backup strategies.

3. Utilize Online Communities: I’ve connected with various online forums and communities dedicated to cybersecurity. Engaging with professionals who share their experiences can provide invaluable insights and guidance.

4. Prepare for Expert Consultation: As we plan for the eventual hiring of a cybersecurity consultant, I aim to compile a list of questions and topics that I hope to discuss with them. This preparation will make our collaboration smoother and more productive.

5. Document Everything: Keeping detailed records of our current practices, vulnerabilities, and the steps we’re taking toward improvement will not only help in maintaining accountability but will also provide a baseline for future evaluations.

While the weight of this new responsibility is significant, I feel optimistic about learning and adapting as I go. I’m grateful for the input I’ve received so far, reinforcing my confidence that I can