Cyber Security Advocate: Meet Chris Niggel
As the ongoing dialogue on threats, standards, and best practices continues to drive awareness of cyber security issues, we noticed something slipping under the radar: the contributions of security professionals working behind the scenes to stay ahead of the curve. To us, cyber security means people, and we’re celebrating the Cyber Security Advocates who strengthen our industry by helping to bridge the technology and talent gap.
One of those advocates is our own Chris Niggel, Regional CSO, Americas. Chris came to Okta over six years ago. Previously, he worked for LinkedIn, where he helped with the professional network’s Okta implementation. However, before joining us here at Okta, he had no formal training in cyber security. Chris drew on other life experiences to craft his cyber security career—and he emphasizes that others can do the same.
Amanda Rogerson, Director, Solutions Product Marketing, sat down with Chris to discuss the biggest challenges he sees in cyber security and how we can attract new people into the industry.
Amanda: It’s widely acknowledged we’re struggling to attract entry-level people into tech and security. Do you think it’s due to a lack of college-level training or the high level of knowledge required?
Chris: I think it’s a combination of both. The roles available in tech companies tend to be at senior or management level, and there are few opportunities for newcomers to get training. In the security field, we have lots of open, unfilled roles, and that number’s only going to increase.
One of the biggest challenges is that security professionals are so overwhelmed with work that they can’t create entry-level roles for new talent. There’s been some improvement, as colleges are now offering cyber security programs to give people some experience. But we still need to do more to create new opportunities.
Amanda: What can we do to close these gaps and create new opportunities for entry-level individuals?
Chris: As security leaders, we need to create more entry-level roles and programs to help newcomers get that training and move up in seniority, and support these programs in our organizational strategy and resourcing. As candidates looking to create a cyber security career, we need to be creative in describing how our previous experience applies. That was a significant challenge for me when I moved to Okta. I didn’t have a lot of formal background, especially in risk management and auditing.
I previously worked on a backcountry ski patrol in California. That experience gave me training in leadership, risk assessment, and risk management. We had to make quick decisions on safe travel, navigation, outdoor survival, and when to stop moving and wait for better weather or more resources. I was able to take that experience and apply it to the needs of a security role, and I think that’s partly why I received a job offer from Okta.
Amanda: What advice would you give people who are new to or want to get into the tech and security industry?
Chris: Security is a way of thinking, not a rigid structure. It relies on how you identify and approach problems. As a candidate, find ways of tying the work that you’ve done into the role you want to have. You can often achieve that through telling stories and creating a connection with the person you’re speaking to.
Always look for problems in your organization and propose solutions. For example, third-party risk didn’t exist ten years ago when I was at LinkedIn, or at least not in the context of the cloud. So we spoke to vendors and industry groups, and researched risk in order to create it. And that set the foundation for my career path from then on.
Finally, you don’t have to do it alone. There are lots of great resources and communities in cyber security that are free to join and offer certifications that help you demonstrate your proficiency in different areas. So look for industry groups in your area, like (ISC)² or the Cloud Security Alliance, as well as community groups such as Women in Tech, and use those to network.
Amanda: For Cyber Security Awareness Month, we want to elevate the voices of people who are bridging the technology and talent gap to make an impact in cyber security. What can people do to get involved?
Chris: It’s crucial to work with industry groups, as well as with mentorship or access programs like Genesys Works and Year Up, that connect you with candidates from multiple backgrounds. From a hiring manager perspective, I think structuring your job post to look for troubleshooting capabilities, versus just technical qualifications, will help you find the best-qualified candidates from fields that may not have traditionally thought of security as a career path.
We talk about diversity a lot, and it’s very important in security. We are responsible for the security of a company, so we have to protect everything, while the attackers only have to find one gap. The world is tilted heavily in the attackers’ favor. And when we have individuals on our team who can look at problems from multiple perspectives, it gives us as much of that coverage as possible. Security as a function is changing as well—we need people from a wide range of experiences and skill sets.