Roger Liu is a senior consultant at Michael Page Hong Kong.
Will my employer’s failure to heed my security warnings tarnish my reputation?
I work as a project team leader in cybersecurity for a payments platform. My enthusiasm for the job has waned as a number of my warnings on critical security issues have gone unheeded. I am looking elsewhere for work, most likely in fintech, but I am aware that any eventual security breaches in my current job could tarnish my reputation. Given that I will have to sign a confidentiality agreement upon departure, what is the best course of action to take to protect my reputation in the long term?
As a specialist in the cybersecurity field, you play a key role within the business. In addition to protecting your company from cyberattacks, you are also responsible for safeguarding intellectual property, data and sensitive information from breaches. Although cybersecurity is currently firmly at the top of most companies’ agendas, there are factors which stop a business from driving security initiatives, such as budget and time constraints or top management decisions.
A high-performing cybersecurity specialist should show leadership in driving security awareness within the business. It can be a time-consuming process involving massive effort and persistence. When addressing an audience with no technical background, we would suggest easing into the subject and being ready to educate. You can start by sharing real-life and factual examples, explaining how the business might be affected by the risks, using financial or layman’s terms.
When attending cybersecurity seminars and events, extend the invitation to members of the management team. This is a good way for them to gain industry knowledge. To support your proposals and reports, reference compliance regulations and instructions defined by recognised professional cybersecurity institutions.
Regarding the best course of action to protect your reputation in the long term, remember that at the end of the day, sustaining an invulnerable environment is still the best way to maintain one’s reputation within the cybersecurity industry. This could be measured from a technical perspective as well as by how influential the individual can be with their peers and management team. Even so, support and buy-in from top management is still crucial for achieving this goal, and it is something you do not have complete control over.
If you choose to leave, you should not be legally liable for any security incidents and breaches. Having said that, to maintain a good professional relationship, you could consider producing a final proposal (i.e., a list of potential risks and measures to be taken). A proper handover would allow you to exit on good terms. Since you might not be allowed to say anything about your work in accordance with any confidentiality agreements, your current employer could still play a key role in your future job searches by assisting with reference checks.
This article appeared in the Classified Post print edition as Safeguarding your career in cybersecurity.