How to become a cybersecurity project manager | Cyber Work Podcast

This episode we chat with Jackie Olshack, a project management professional, about the role of project management in cybersecurity. We break down the specific functions of some major project management certifications, discuss things you can do tonight to start your project management training and hear why every security breach story on CNN is a cause for reflection.

0:00 - Intro
3:09 - Getting into cybersecurity project management
4:30 - What does a cybersecurity project manager do?
5:56 - Identity access management
8:35 - Average day for a project manager
9:57 - Managing project resources
11:36 - Getting into project management
12:54 - What happens without a project manager?
14:30 - Highs and lows of the job
17:22 - Training needed for the role
20:18 - What is identity access management?
24:12 - Preferred job experiences
28:02 - Interests and skills to succeed
31:17 - Where do I begin with tech lingo?
33:18 - What can I do to change careers?
35:00 - Has remote work changed workflow?
35:55 - Outro

Have you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Click the link below to get started.

Jackie Olshack worked almost 20 years as legal secretary/paralegal for multiple patent corporate law firms. In the late 1990s, she began to recognize it was becoming harder to break the ceiling on her $58,000 salary as more and more attorneys were typing their own documents, managing their own calendars and making their own travel arrangements, putting the future of her career in jeopardy. After some introspection, she decided to go back to college and pursue a science degree with plans to go to law school to become a patent attorney — but couldn’t get her LSAT higher to get into even a fourth-tier law school. She now proudly thanks all the law schools that turned her down, preventing the dreaded $150,000-$200,000 law school debt she would have incurred. She is now an analytical, top performing SAFe trained senior project management professional with 14+ years of experience managing and implementing IT programs and projects successfully.

– Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/
– Save your spot for the first ever Cyber Work LIVE: https://www.infosecinstitute.com/webinar/cyber-work-live-your-novice-cybersecurity-questions-answered/
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

  • View transcript
    • [00:00:00] Chris Sienko: Today on Cyber Work, I get to talk with Jackie Olshack, project management professional about the role of project management in cyber security. We break down the specific function of some major project management certifications, discuss things you can do tonight to start your project management training, and hear why every security breach story on CNN is a cause for reflection. That’s all today on Cyber Work.

      Also, mark your calendars because Cyber Work is going live on the internet of course. First ever Cyber Work live episode is happening on Thursday, March 25th at 11 a.m. Central Standard Time. On the show I’ll have three guests, Gene Yoo of Resecurity, Mari Galloway of Women’s Society of Cyberjutsu, and Vic Malloy of CyberTexas who will be answering your questions about breaking into the cyber security industry. If you are a newcomer to the cyber security industry, you can ask questions during the episode. But if you want a good place in line, send your questions now to [email protected] and tell us what you want to know about getting started. That’s [email protected] and ask our panel of experts where to get started. Again, [email protected]

      And now let’s begin the show.

      [00:01:17] CS: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of infosec professionals and offer tips for breaking in or moving up the ladder in the cyber security industry. Jackie Olshack worked almost 20 years as a legal secretary and paralegal for multiple patent corporate law firms. In the late 1990s she began to realize that it was becoming harder to break the ceiling on her 58k salary as more and more attorneys were typing their own documents, managing their own calendars and making their own travel arrangements, putting the future of her career in jeopardy. After some introspection she decided to go back to college and pursue a science degree with plans to go to law school to become a patent attorney, but couldn’t get her LSAT higher to get into even a fourth year law school. She now proudly thanks all those law schools that turned her down preventing the dreaded 150k to 200k law school debit she would have incurred. She is now an analytical top performing SAFE-trained senior project management professional with 14 plus years of experience managing and implementing IT programs and projects successfully.

      I’ve been looking forward to having someone on the show that can explain the role of project manager in a cybersecurity sphere because I think it’s an interesting variant on what people in other industries think of as the responsibility of a project management role. So if you found yourself interested in project management as a career role, but also specifically in a cybersecurity sphere but don’t really know where to start, I’m hoping this episode will set you on better footing.

      Jackie Olshack, thank you for joining me today on Cyber Work.

      [00:02:45] Jackie Olshack: Glad to be here, Chris. And I admire your work. So very glad to be here.

      [00:02:50] CS: That’s always lovely to hear. I really appreciate that. It should be noted that Jackie reached out to me on LinkedIn and said she really liked the show, and I immediately looked at her qualifications and said, “Ooh! Project manager. I want to talk to a project manager on the show.” So here we are. It could happen to you as well. So we’d like to start with our usual sort of origin story question. You talked about a little in your bio, but how did you get interested in project management and cyber security specifically was that something that piqued your interest or was it sort of like this is available to me now and I want to go for it?

      [00:03:24] JO: It was actually by accident. I was a project manager in healthcare and I’d done it for a number of years. And I want to say around 2016 I noticed, it just seemed like more and more folks were moving into project management. And I noticed more and more people pursuing the PMP and I kind of got a little nervous. I thought, “Man! How am I going to differentiate myself from all of these new folks entering in?”

      And I had a mentor, and this gentleman was a senior VP of the PMO where I worked and I said, “Hey, I want to do something different.” I said, “I want to be thrown in the fire. What do you got that’s hot?” And he sent me over to IT. We had fallen out of compliance. We had a number of systems that hadn’t been properly patched. Some of them were old and needed to be end of life. I had no idea what any and all of that meant. And literally I got thrown into it and here I am today.

      [00:04:29] CS: That’s cool. Yeah, like I say, one of the purposes of the Cyber Work podcast is to showcase a variety of career roles and titles within the greater sphere of cyber security. And like I said, I’ve been wanting to feature a guest like you who’s in project management professional and especially one that has such a long and distinguished career, because I think it’s sort of a misunderstood or poorly understood job role. So I’m hoping that people who are intimidated by the possibility of doing something like this, because they can’t imagine themselves with skills to fill the role will get a little better sense of it. So for those just considering this type of work, can you tell me what you do as a project manager or what a project manager does in a cybersecurity space? How does your work fit within the cyber security landscape of a company?

      [00:05:10] JO: Right. So definitely don’t be intimidated. As you heard, I have a secretary background. So it’s doable. But what I do on a daily basis. So I manage risk. I look at myself as someone who project manages an organization’s risk. I make sure that their critical infrastructure, their critical assets, that infrastructure that’s critical to their survival has security built in and we try to do that from the beginning. And I manage all the nuances that goes along with that in the particular project that I’m assigned to. Does that help? And you can dig into it more?

      [00:05:53] CS: Yeah. Yeah, absolutely. So when I think of like a project manager – I come from publishing originally. So when I think of a project manager, the sort of steps are like get the author on board. Get the manuscript written. Get the illustrations found. So this sounds like a similar thing where there’s like a lot of different security things that are not, like you said, up to code or not compliant. So you’re sort of like – Whereas like the actual sort of security engineering team is like, “I don’t know where to start or whatever you’re saying.” Okay, prioritize this, then prioritize this. Is that sort of it?

      [00:06:29] JO: Kind of sort of almost. So I think of cyber security as like medicine. There are many multiple facets, many specialties. You have a heart doctor, eye doctor. So with cyber security there are different areas. I happen to work in right now identity access management. So I’m responsible for managing projects that make sure the various systems that are privileged, those individuals who use those systems and have what I call God-like access. That they are using it appropriately, that they should have that access. And what are they doing when they are using the system? But there are other areas. I mentioned vulnerability management. Systems need to be patched, and we all know that we have certain systems we need to upgrade. We need to install various patches. So project managers manage that. And there’s a whole lot that goes into that.

      Credit cards, the payment card industry, if you’re an organization and you accept credit cards, there’s a whole caveat of compliance issues and regulations and just a whole bunch of nuances that go along with that. So it’s huge. It’s varied. And there’s auditing. The audit function makes sure that the cyber security team is doing what it’s supposed to do or has the proper safeguards in place to secure the infrastructure and those assets I mentioned so that the organization can thrive and survive and do ultimately what the business objective is, whatever that may be.

      [00:08:18] CS: Yeah, that’s great. So yeah, you’re looking at things from every angle in that regard. You’re making sure that not only that it gets done in an appropriate amount of time, but that once it’s done, that it was done correctly to spec and everything. Is that right?

      [00:08:31] JO: Exactly. Exactly.

      [00:08:33] CS: So to that end, what is your average workday like? I know it’s probably a little bit different every day, but what are some things that you do every day as a project manager? Because I think people think, “Oh, I’ll be a project manager. I’m doing a little of this, a little of that.” But like I imagine most days you’re like, “Ugh, I’m doing three hours of this paperwork or I’m doing this thing or whatever.” So what is your day-to-day look like?

      [00:08:53] JO: So for me, I feel like every day, probably 60% of my day I’m in a meeting. So I’m either facilitating a meeting. I’m either attending a meeting. Someone wants me to give an update. Or we’re putting out fires, trying to fix an issue that cropped up unexpectedly, but meetings, meetings, more meetings, working with dashboards. Usually senior leadership wants to know how are you performing against various metrics. So I’m constantly tracking progress. I’m constantly showing uh value, and that’s usually in the form of dashboards and various executive summaries and status reports that give folks insight into what we’re doing and how we’re progressing. It’s essentially return on their investment.

      [00:09:56] CS: Yeah. Now are you a project manager manager? In the sense, do you have other project management professionals underneath you or are you the entire department?

      [00:10:05] JO: So, no. I am a project manager managing the resources assigned to the particular project I’m on. But there are project managers that definitely manage project, project managers, and usually they’re called the program managers.

      [00:10:23] CS: Okay. Okay. So that’s like sort of like the next step up in the ladder or whatever, or is it sort of a lateral move?

      [00:10:29] JO: It depends on the environment you’re in.

      [00:10:32] CS: That’s what you’re looking for, yeah.

      [00:10:33] JO: It’s definitely people management. So if you’re managing project managers, I think of that as just a people management. But it depends on the company you’re at and the environment, because many times I talk with project managers and they’re what I call functional project managers. Meaning they’re not just project managing. They’re actually doing some of the work. For example, if you have, I don’t know, a coding background, if you understand and work in network security, if you’re doing some of the work and you’re managing that particular project, you can do some of the work. As opposed to me, I’ve got a team and someone on the team is a network specialist or they’re a solution architect and they’re building the security in the system for the project that I’m managing. And I’m not necessarily the technical specialist if you will that can do that work.

      [00:11:36] CS: Right. Yeah. And so I imagine if you want to do project management, that’s beneficial in that you can sort of get into the work from different directions. Like you say, you didn’t have a coding background but you were still able to do it from this angle where someone who might want to still have one foot in encoding and engineering and stuff can also sort of like move their way towards project management, but they’ll have like a different angle on the work that they do.

      [00:12:02] JO: Kind of. You know what? Now, for me, a functional project manager is a double-edged sword, because sometimes you need something done. If you have that skill set, you can get in there and do it, “Oh! You guys didn’t test this particular scenario. We need to make sure the system works this way when you use it in this environment.”

      So if you have that experience, you can kind of jump in and do it. But when you operate in that space, you kind of wear two hats, and sometimes you can’t get out of that when you’ve gone down that path. So I kind of like my area of true, pure project management. I’m making sure all the disparate areas are alive.

      [00:12:49] CS: And you’re the impartial judge, right?

      [00:12:51] JO: Yes. Exactly. Exactly. Exactly.

      [00:12:53] CS: Okay. Okay. So now, is project management in – I don’t know this myself. In cyber security, is this kind of a ubiquitous position or are there places where their cyber security department doesn’t have a project manager on staff or whatever? Is it sort of assumed that anyone that has like a large enough IT department or whatever is going to have project management? Or do people try and get along without them? And if so, like goes worse in a department without a project manager at the helm?

      [00:13:29] JO: So I’ve worked in both environments. I’ve worked at companies where they’ve had a PMO, and all of their major initiatives flow through the PMO. And if it’s a big enough company and the one where I am right now, we are, they not only have a PMO. They’ve got a cybersecurity committee. And so that’s important to them. Now there are certain companies or certain environments for many reasons. They don’t have a security team. They don’t have a PMO. And so they have a project manager. And as the need arises, this particular individual, project manager, is assigned to those roles, to those projects, and it could be IT, it could be security-based. It’s whatever they need that particular individual to do for the moment. Yeah.

      [00:14:28] CS: Okay. Gotcha. Now, so just for you personally, what are some aspects of your work that you like the most? And, conversely, what are things about your job that say stress you out on a Sunday night?

      [00:14:42] JO: Right. I mean, I love what I do. I meet so many smart people. I literally have learned what it takes to run a company or a corporation securely. I don’t know everything, but I’m certainly sensitive and understanding when I hear a sad or a hack story on the news, because I know how hard everyone is working to make sure that does not happen. So I feel like project managers, security project managers, we are sort of many CEOs or many COOs. We’ve got to manage resources. We’ve got to manage our budgets. We’ve got to forecast. We’ve got to deal with disasters that happen unsuspectingly. So you touch a lot of areas as a project manager. I love that.

      What keeps me up at night is I’m constantly thinking what didn’t we consider when we were putting together requirements or testing scenarios. What didn’t we consider? Because, again, you see certain situations on CNN and you think, “Oh my gosh! I feel for them.” And I try to mitigate that, “Guys, did you see that? We don’t want that to happen to us.” Because most companies, the CSO is constantly going, “We do not want to be on CNN trying to explain this.” So that keeps me up at night. Trying to make sure we’ve done a good job just thinking about what we have to do and preparing for possibilities.

      [00:16:21] CS: Amazing. Yeah.

      [00:16:21] JO: Yeah, bad possibilities.

      [00:16:24] CS: So when you see a story like that on CNN or whatever, do you think like, “Oh, I see what they did. I see what they didn’t do.” Are you able to sort of like break it down and say like, “Oh, it was probably because of this, or they didn’t put this in place.” I mean, can you see it inside?

      [00:16:41] JO: Sometimes. Sometimes. Sometimes. And sometimes we’ll get together in the office and we’ll talk that out. Because, again, at the end of the day these folks are really trying to make sure something like the SolarWinds hack never happens, right? I mean, “Oh my gosh!” Yeah, when you see that, I’m certainly not sitting by going, “Yeah, we’ve got ourselves together. That will never happen to us.” We’re kind of like, “Let’s make sure, guys –”

      [00:17:10] CS: Yeah. Yeah. I don’t think that any project manager is going to be like, “We got this 100%. No problem.”

      [00:17:17] JO: Right. Right. Right. Right. Right. Yeah.

      [00:17:17] CS: Okay. Okay.

      [00:17:19] JO: We’re definitely empathetic.

      [00:17:20] CS: Yes. Yeah. Okay. Yeah, I think one of the things that makes project management seem a little exotic to people who don’t do it themselves are just the sheer number of certifications and types of trainings that are offered that show that you do your work well. So can you tell me a bit about some of the search you’ve received? I mean, you’ve got a PMP, project management professional, certified identity management professional, CIMP, certified scrum master, ITIL Certification, CyberArk. Like what is the study required to pass these certs bring to the tool set of a professional? And also what aspects of your work do you do better for having earned these certs do you think?

      [00:18:01] JO: So, for me, when I first got started back in the 2000s, I just didn’t know how to manage a project. So pursuing the PMP helped me understand a methodology and gave me skills and a framework I can apply no matter what project I’m on. So that was definitely a confidence booster. That’s why I pursued that for sure.

      The others, the ITIL one, helped me understand IT service a bit better. So here’s the thing. As a project manager in and of itself, what we do, we don’t have to be the experts. We don’t have to be the experts in what we’re doing, but it sure helps when you can understand the lingo and you can understand the context. So I pursued the ITIL because I wanted to understand what IT folks are thinking when they are building certain things or how are they approaching the work that they do. And nobody wants to be that project manager who is constantly interrupting like, “Could you explain that? What do you mean when you say that?”

      So, for me, pursuing the certifications give me credibility. They help me understand what I’m doing. The CIAM and the CIMP are identity access management certifications. And so I wanted to understand the life cycle around that because that’s the area I want to specialize in. And pursuing those certifications not only helped me understand the area of cyber security that I would be project managing. It helped me – When you understand the context, when something’s a bit off, you can raise your hand and say, “Guys, that’s a bit off.” You didn’t consider whatever it is. Again, that builds credibility, and it gives you a greater sense of confidence in yourself because you know what you’re talking about. You understand it. So that’s the reason I pursued what I’ve been pursuing.

      [00:20:17] CS: Okay. Can you talk a little bit specifically about identity management, identity access management, as you sort of pursue it as a project manager? We’ve had people talk about the issues of identity access. And as you said, that companies tend to over-prescribe like God-level admin privileges to everybody and that’s where like people can sneak in and so forth. So like on a day-to-day basis, like what do you do with identity access management to make sure that people are only getting as much, as many credentials as they need to do their work?

      [00:20:53] JO: So all corporations can do a better job in making sure access is as streamlined and as limited as it should be. But for me – And again, this is a huge area. So think about this. When you do your job, whoever you are, let’s say you are an accountant. What do you need access to to do your job? Well, you may need to get access to whatever the accounting software is that the company has. If you are a manager, you may need to see certain information about staff.  You may need to see salary. Depending on what you do, you have access to private or what we call PII, personally identifiable information, that Jackie Olshack is a project manager with that accounting system doesn’t need to see. I don’t need to see your salary. I don’t need to see certain private information.

      With regard to access, think about this. If you are a manager and you approve, I don’t know, vendor paychecks. You shouldn’t be able to write yourself a paycheck.  You know what I mean? So you have to be able to limit access, limit permissions, restrict access based on someone’s role, the work they do in a company. As we say, folks should have the type of access or the amount of access required to do their job and no more. If you’ve got more access than necessary to do your job, we and IAM, we are failing. So, yeah, yeah.

      [00:22:39] CS: Yeah. And that’s where the next story on CNN can come from.

      [00:22:43] JO: Very much so. Very much so.

      [00:22:45] CS: Do you have to sort of like speak with people in the company and say like, “Hey, just curious why you have so much access here. Is this all stuff you need?” Or are you just sort of flipping switches behind the scenes?

      [00:22:56] JO: No. It doesn’t necessarily work like that. Maybe auditing, they’re just performing their duties, and in the process of doing their work they’ll notice this individual or this group has a certain access that they don’t need. And so that may turn into, “Okay, if that group has access they shouldn’t have, perhaps we need to have a project where we test access against roles in the corporation, in the company.” So that’s kind of how it works, because I certainly don’t have the ability to go and say, “Oh my goodness! Look at this.” But there are certain individuals in the security space who review logs, right? Who perform various functions and they’re checking to see who’s on the system at midnight or who’s doing what. Should they be doing that? And that in and of itself can send an alarm and cause us to check various areas out and make sure we are turning off the switch as you say.

      [00:24:11] CS: Okay. So I want to go back. You talked about the certs you’ve had and how they’ve sort of prepared you for the work that you do now. And I’m always thinking of these sort of career things as this this ladder that you’re moving up. So you’ve climbed pretty far up the ladder in the project management sphere. You’ve been doing it for 14 years. Are there certain combinations of skills or experiences that you want to work on next to reach whatever the next highest level would be for you? And if so, are there like types of projects that have master level project managers that need to do like a next level cert that’s too complex for someone who’s just entering the industry?

      [00:24:48] JO: So there’s a lot there to unpack. Let’s see. So, first, for me, what do I want to do next? I don’t necessarily want to people manage. That’s not necessarily new. But I do get my feel of that in the project management space. But where I’m focusing my attention now over the next year 24 months is to move into portfolio management. I kind of like IT, identity access, portfolio management. So that’s where I’m focusing my attention.

      I’m looking at the CISM and I’m looking at PMIs portfolio management certification. So don’t necessarily know that I’ll pursue that, but I’m studying for it because it’ll help me pursue and achieve the career next step that I want. And then your other question, was it that –

      [00:25:47] CS: I was just sort of curious like if there are sort of even – Apart from sort of people management, are there sort of – And I guess you were talking about with portfolio management. I was asking if there’s like a type of project management that’s even more complex. Maybe like some sort of like global project management thing where you’re dealing with like an entire sort of like mega corporation or something like that. But I’m just sort of trying to get a sense of like what are the next levels.

      [00:26:13] JO: Many of us work with multinational companies, and our groups are dispersed all over the globe. That doesn’t necessarily in my opinion make the project complex. What I find, for me, complexity tends to be the scope, the magnitude of what you’re trying to accomplish. And is it broken down in, I don’t want to say bite-sized chunks, but work-sized chunks and the folks on the team understand what they need to do when they need to bring it together so it’s integrated, aligned, coordinated. So that when we say we should be up and running January 1st, we are up and running January 1st and someone didn’t forget their part.

      So, to me, the complexity is the scope, the magnitude and making sure the individuals on the team understand what’s needed from them and then they do the work and complete the work. But yeah, that’s what I think of as complexity. Now there are many, many, many, many people in the field and they don’t have any certifications. So I’m always amazed at those folks. How they did that? I don’t know. But I work with many people, they don’t have certifications. They learned on the job. So it’s not required. But I will say from my experience, certifications can be used to weave you out. So many jobs are, “You must be PMP certified, or you must have edge.”

      [00:27:54] CS: Yeah. You’re not even going to show up to their filtering software.

      [00:27:58] JO: Exactly. Exactly. Yes. Yes. Yes.

      [00:28:01] CS: Okay. So flipping from certifications to sort of the hard and soft skills of project management, what are some things, skills or interests that people who want to be project managers should have? Like what are some aspects of people’s skills that would make them succeed and thrive in a project management space?

      [00:28:20] JO: I always think to myself, if a boatload of school teachers or kindergarten teachers ever moved into project management, they would displace all of us who are there, because they are used to dealing with little –

      [00:28:31] CS: Occasions.

      [00:28:33] JO: Exactly. And they’re used to dealing with children. And with children, all kinds of accidents and unforeseen incidents crop-up. They handle that very well. So the minute a group of teachers decide, “We’ve had enough of this. We’re moving to project management.” A lot of us are going to be looking for jobs.

      [00:28:55] CS: Put that down. Put that down. Put that down.

      [00:28:57] JO: Exactly. Yeah, they’re ready for this. I would say definitely. Project managers, you need soft skills. You’ve got to be comfortable with change. You’ve got to be comfortable dealing with stressful situations. I mean, there are times I’ve had people on my projects just break out and cry. Just literally, “What in the world? I got to deal with that. We still need this system put in place.” And then you’ve got to be able to work with people who don’t necessarily want to be on the project team but they were assigned. And in addition to all of that, when you’re working in cyber security, what we do is critical. What we do is important. And making sure all of these moving parts are fitting together. You’ve got to be able to do that. So I would say, for me, I’m kind of a critical person. I always find what’s wrong. So this works well for me, because project managers need to be problem solvers. They need to be able to handle or uncover risk and handle unsettling situations. So soft skills, the ones I mentioned, I say work on work on those.

      Again, if you are someone who can handle problems, if you’re someone who can handle things cropping up unexpectedly, I think this would be a great, great opportunity for you. And I think cyber security is never ever going away. We are always going to want to secure our bank accounts. We want to secure our systems. Just think about those folks who work for car, auto manufacturers. We have computer systems in our cars these days. You’ve got to secure that. Imagine if someone hacked into that. So there’s always going to be work. The future is bright for us. So, yeah, yeah.

      [00:31:16] CS: Okay. So to that end, you said that you don’t really need a lot of tech knowledge to do this at the start, but is there anything you would recommend people who want to get into this sphere who feel like, “I don’t even know the lingo. I don’t even know where to start.” Like what are some sort of like cliffs notes or some sort of like easy fixes where when you were starting, like how did you sort of get up to speed with the sort of tech lingo?

      [00:31:42] JO: Oh boy! When I first started, man, my first year was painful. What I would say is you don’t need to be techy like a computer science or an engineering degree per se. I am evidence.  You do not need that. But I would definitely say you want to know the Microsoft Office suite pretty well. You should be able to put together a solid PowerPoint presentation because you’re constantly presenting and talking and sharing results, and people want to see a visual of that. I think you should be comfortable with Excel. I think you should be comfortable with Vizio.

      Now, if I could do it over, I would have pursued a Security+ certification sooner, because, again, that’s such a – I don’t want to say a basic cert, but the information that it covers, you can use that and it will benefit you no matter what security project you’re working on. It covers the gamut. So I would recommend, if you’re excited about cyber security and this sounds like something you want to do, I would look into the Security+ certification. Even if you don’t take the exam, study the material, because that will take you far and save you a lot of headaches. Yeah. Yeah.

      [00:33:16] CS: Yeah. Yeah. Yeah. That’s awesome. We said in your bio that you had been working in other roles, secretary roles or transcription. So for people who feel stuck in their current job, as you said you did, and maybe intimidated by the prospect of trying to get into project management, what’s something you’d recommend that they can do tonight after they’ve watched this video that could get them one step closer to sort of making this career change?

      [00:33:42] JO: So first thing is I would probably just go on YouTube and maybe do a search. Search for cyber security project management, or visit Infosec Institute, visit ISACA. These are associations and they will break this subject down for you. And remember, cyber security is vast. Visit pmi.org, Project Management Institute. You don’t necessarily need to pursue a certification. You don’t need to join. But just availing yourself to the information, it’s going to answer a lot of questions you have. And I think it’s going to put to rest some of the fears or anxiety you may have, “I can’t do that,” or “I need to be a genius in order to do this job.”

      [00:34:35] CS: Yeah. Or, “I don’t know where to start.”

      [00:34:38] JO: Exactly. So I just think if you had to do something tonight, do a YouTube search. Go to Infosec Institute, ISACA, PMI. Do a little bit of research.

      [00:34:53] CS: Beautiful. So as we wrap up today, this has been so much fun. Thank you again for joining me today, Jackie. But I was curious if project management has changed at all sort of procedurally in the face of work from home and COVID. Has this changed your workflow in any way not being on premise?

      [00:35:11] JO: That’s so funny. No. When I started back in 2006, I was work from home, and that was so hard to get used to. It’s like, “Work from home? I can do that?” For me and many project managers that I know, it hasn’t impacted us. This hasn’t changed our work style. It hasn’t impacted the work I do.

      Now, I do know there are folks who this is new to them. They’ve always been in the office. So it’s getting used to it. But for the most part, and I’ve worked at some large companies, most of the PMs were work from home.

      [00:35:52] CS: Okay. Oh, nice. All right. If you’re already doing work from homey type things and you like it, then you’re in the right direction. So as we wrap up today, do you have any projects you want to promote or the company you work for? Or just sort of tell our listeners like what’s next for you, and if they want to find out more about Jackie Olshack, where they can go?

      [00:36:15] JO: Oh my goodness! I enjoy mentoring folks. I love telling people, “Come onboard. We need you. You can do this.” Absolutely, reach out to me on LinkedIn. I would love to talk to you. I would love to answer your questions. You can do this. You can do this.

      [00:36:34] CS: I love it. Well, Jackie, thank you so much for being here and telling me about this aspect of cyber security that I don’t think we get to hear about all the time. So I really appreciate it.

      [00:36:41] JO: Absolutely. Yes. Yes.

      [00:36:44] CS: So as always, thank you all for listening and watching. New episodes of the Cyber Work podcast are available every Monday at 1 p.m. Central both on video, at our YouTube page, and on audio wherever fine podcasts are downloaded. I just wanted to point out that we are having our first Cyber Work Live on March 25th, that’s a Thursday, at 11 a.m. Central Time. We’re going to have three former guests of the show. We’re going to have Gene Yoo of Resecurity, Mari Galloway of the Women’s Society of Cyberjutsu, and Vic Malloy of CyberTexas, and they are going to, as Jackie has said here, they’re going to answer questions from listeners who are novices in the field. People with zero to four years of cyber security experience, of what to do first and what to do next. If you want to ask a question for Cyber Work Live, we have an email address now, [email protected] infosecinstitute.com. Drop us a note, drop us a question.

      Thank you again to Jackie Olshack, and thank you all for watching and listening. We will speak to you next week.

Cyber Work listeners get a free month of Infosec Skills!

Use code "cyberwork" to get 30 days of unlimited cybersecurity training.

Weekly career advice

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Carbon Black, IBM, CompTIA and others to discuss the latest cybersecurity workforce trends.

Hands-on training

Hands-on training

Get the hands-on training you need to learn new cybersecurity skills and keep them relevant. Every other week on Cyber Work Applied, expert Infosec instructors and industry practitioners teach a new skill — and show you how that skill applies to real-world scenarios.

Q&As with industry pros

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.