Accountants Moving Into Cybersecurity
Accounting and cybersecurity share many similarities, for one they both require their proponents to be detail oriented and fluent with numbers. Forensic accountants, in particular, have many of the skills needed to deftly cross over into the cyber sector bringing their proficiency for getting into the detail of the numbers, and following the paper trail to ultimately build a picture out of financial data. So, for those in accounting considering a move into cybersecurity, what are the facets needed to make that possible?
While many of the skills that apply to accounting have a mutual functionality in cybersecurity, those who make the transition most successfully come armed with a deep technical understanding of what underpins cybersecurity itself. From secure software development, to governance structures, identity access, management issues and data privacy, to name but a few, knowledge of multiple cybersecurity domains is needed for any aspiring cyber bod to be worth their salt.
Cybersecurity is a very broad area, and as an accountant moving into that space it would serve you well to pick a particular discipline or aspect of cyber to specialise in. Opting to become a specialist will certainly garner you more success in the long term, so says Cameron Brown (@AnalyticalCyber), security strategist and cyber resilience advisor, “as long as you can back it up with a good reputation in the industry and demonstrate the solid work that you’ve undertaken in this niche area.” Penetration testers, for example, the ethical or white hat hackers, are experiencing a high demand for their skillset and strong salaries to match as it is a position which requires deep understanding and specialist knowledge coveted by organisations wanting to bolster their cyber defensive posture.
To really procure those deep insights needed to be an effective vulnerability tester and to run assessments and exercises designed to stress environments and evaluate how they cope under pressure, it takes the right people with the right set of skills who aren’t relying on automated processes but real, manual labour. The demand for these types of people means that organisations are more receptive to taking people on at entry level and giving them the training and tools to build the skillset needed when working in cybersecurity. Accountants and others who have an audit background bring a strong skillset to the table; it’s simply about thinking how your existing expertise and experience could magnify your value in the eyes of an employer. “Play to your strengths,” says Brown, “and align your skills with those most relevant to cyber.”
As an accountant, you’re likely very good at following money trails dealing with tax audits or due diligence around taxation which means you possess a strong ability to deal with detail and in understanding the value of information. “Maybe then,” suggests Brown, “your specialisation as you move into cyber focuses on how data is accounted for and protected across particular environments; where it sits inside the infrastructure of a client and how it moves through their supply chain, for example.” Being able to understand how and where information is stored and transmitted and the regulatory impact of controlling that information, including whether it contains personally identifiable information or financial records, will provide a good adjunct to your accounting skills. Not to mention the fact that digitisation is increasingly becoming the norm for modern businesses, with the rare exception of old school accounting firms still wading through paper receipts.
According to Brown, “the experience of working within digitised environments where numbers and mathematical algorithms rule supreme, certainly presents a strong synergy and potential waypoint for pivoting between a career in accounting to one in cybersecurity. Forensic accountants are, after all, adept at analysing, interpreting, summarising and presenting complex financial and business related issues, in ways that can be properly understood by a diverse range of stakeholders.”