I’ve been put in charge of security and I have no idea what I’m doing.

Navigating the Uncharted Territory of Cybersecurity: A Newcomer’s Journey

Stepping into a new role can feel like an adventure filled with excitement and challenges, especially when unexpected responsibilities come your way. Recently, I found myself in such a situation: I was tasked with managing the cybersecurity for my new employer—despite my background not being in IT. While my job description mentioned “helping with computer stuff,” I didn’t anticipate that it would lead me into the complex world of cybersecurity management.

The situation at my company is somewhat unsettling. There are minimal protocols in place, and for a while, this critical function has simply been neglected. As we stand on the brink of increased visibility and potential scrutiny from external stakeholders, it’s essential that we prepare to present a robust security posture. Although we plan to hire a security consultant in the future, I want to ensure we possess a foundational understanding and framework before that expertise arrives.

But where do I begin? As someone with no formal training or particular experience in cybersecurity, the challenge feels daunting. The good news is that while the stakes may be high, I’m determined to take on this responsibility and learn as I go.

Initial Steps to Build a Cybersecurity Strategy

1. Assess Current Systems: Start by conducting an inventory of existing systems, Software, and hardware. Understand what you’re working with, even if the level of sophistication varies. Know what assets you need to protect.

2. Establish Basic Protocols: Begin to outline some fundamental cybersecurity measures. This can include setting strong password policies, ensuring Software updates are routinely applied, and defining user access levels.

3. Educate Your Team: Engage in knowledge-sharing within your organization. Familiarize your colleagues with basic cybersecurity practices, such as recognizing phishing attempts and proactively addressing potential threats.

4. Seek Resources and Guidance: There are ample online resources, webinars, and forums dedicated to cybersecurity. Ingathering knowledge from experts and even participating in relevant courses, I can become better equipped to tackle this role.

5. Document Everything: As I learn and implement changes, it’s crucial to keep meticulous records. This can be beneficial for both the future consultant we plan to hire and my development in this field.

In the face of uncertainty, I am committed to not only surviving but thriving in this new challenge. With the right approach, I believe we can lay a solid foundation for effective cybersecurity practices within our organization. I appreciate the supportive responses from the community