I’ve been put in charge of security and I have no idea what I’m doing.

Navigating Cybersecurity Responsibilities Without Experience: A Newcomer’s Dilemma

On starting a new job, many of us look forward to contributing in ways that align with our skills and expertise. However, what happens when unexpected responsibilities land on our desks, especially in areas we are not well-versed in? This scenario becomes particularly daunting when those responsibilities revolve around cybersecurity—a field riddled with complexities and critical importance.

Recently, I found myself in such a situation. While my role was initially described as offering assistance with computer-related tasks, it became evident that my employer expected me to take charge of the company’s cybersecurity measures. Surprised? You’re not alone! I had no prior indication that managing cybersecurity would fall upon me, and to add to the challenge, the company had no established protocols in place. To say I felt overwhelmed would be an understatement.

While the organization is currently flying somewhat under the radar, there is an anticipation of increased scrutiny in the future. This realization has prompted us to start preparing for the time when a professional security consultant will be brought on board. The aim is clear: we want to ensure that when we do seek external advice, we won’t be met with disdain for our apparent lack of readiness.

So, where does one even begin in such a complex and critical field?

1. Assess the Current Situation: Understanding where the company stands in terms of cybersecurity is your first step. This could involve conducting a basic risk assessment to identify potential vulnerabilities within the current systems.

2. Educate Yourself: There are countless resources available online, from free courses to webinars, that can help bridge your knowledge gap. Familiarize yourself with fundamental concepts of cybersecurity, such as threat modeling, data protection, and network security.

3. Engage Your Team: Don’t hesitate to collaborate with colleagues. There could be hidden expertise within your team, or at the very least, sharing insights will create a joint understanding of the issues at hand.

4. Develop Basic Protocols: Even without extensive training, you can draft basic security protocols. This could include guidelines on password management, Software updates, and incident response actions.

5. Prepare for the Consultant: Document your findings and any measures you’ve implemented to provide a clear picture of the company’s cybersecurity posture when the consultant arrives.

While the road ahead may be intimidating, there is a wealth of support and resources at our fingertips. I am grateful for the input I’ve received from colleagues