Name: Wai Sheng Cheng
Title: Security Analyst
Employer: Cboe Global Markets
Location: Kansas, U.S.A.
Degree: Master of Science, Information Systems Engineering, Johns Hopkins University
Years in IT: 6
Years in information security: 3
Cybersecurity certifications: SSCP
How did you decide upon a career in cybersecurity?
I decided on a career in cybersecurity when my email account was first compromised in 2011. I learned about this when my friends and family called to ask if I had sent out emails asking for money. As an engineer-in-training, I was curious to know why and how this had happened. It was through this experience that I first became interested in information security.
Why did you get your SSCP®?
My former boss at the Kansas City Chiefs said to me one day that we will always need more knowledge in the department. He encouraged me to take any IT certification exams that I could. As I previously stated, I was interested in information security and had already earned my Security+, so the SSCP was a good next step for me. I took the CISSP exam after passing my SSCP exam and am currently an Associate of (ISC)² working toward achieving my full status as a CISSP.
What is a typical day like for you?
I currently work in the Security Operations Center (SOC) tier 1 and tier 2 issues that come in. Issues may involve log reviews, firewall configuration and monitoring network traffic, for example. Most recently, I have been tasked with the Data Loss Prevention Program. In short, as a team, we are all responsible in maintaining a secure infrastructure via administrative, technical and physical controls.
Can you tell us about a personal career highlight?
The first is I received an offer from the Kansas City Chiefs Football Club to work for them. The second was receiving an offer from the National Security Agency. In short, I have been processed by the NSA. To go through full-scope polygraph and PAB (Psychological Assessment Battery) was unique experience. There is nothing else like it.
How has the SSCP certification helped you in your career?
I believe the SSCP was a step in the right direction in demonstrating to my potential employers that one, I take information security seriously, and two, I can be trusted. To take any certification involves time and money. What I mean by that is this: it takes time to prepare for the exam, and time and money to sit through an exam. It is the process that the employers look for.
What is the most useful advice you have for other information security professionals?
Personal growth and professional development are important to me. One has to pick and choose the right place that one wishes to work. There are many organizations out there where all they want you to do is to keep your seat warm. Sure, it’s a steady paycheck, but it will stunt your skill-set, and can hurt your career.
Information security is unlike information technology. It is why security is in its own department, and why the department would report to CISO. Security is a challenging and lucrative career. However, be mindful of what this is all about, because at the end of the day, information security is a service. It is about people helping people.
For more information on the Systems Security Certified Practitioner certification, download our Ultimate Guide to the SSCP.