Flexibility, critical thinking and problem-solving are just some of the skills and traits that Gerald Pierce, CC, has found invaluable in his cybersecurity career.

Gerald Pierce, CCEarly in my career, one of my managers gave me a copy of the book Strategy of The Dolphin, by Dudley Lynch and Paul Kordis. I found it to be a great read and it has influenced my approach to my career in a number of ways. At its core, the book is about adapting to change, being flexible, and effective ways to go about acting upon one’s own vision.

At the beginning of my career, I had the opportunity to work for a well-known and respected conglomerate. During my time there, I built a skill set and competency around Lean Six Sigma. That role gave me the opportunity to apply my critical thinking and problem-solving skills to fix business processes, as well as to use the principles of six sigma to develop commercial products. Most recently, I led the Global Quality and Compliance organization at a multi-national transportation and logistics company. In that role, my responsibilities involved overseeing our quality and compliance programs and leading the development, delivery, and operationalization of enterprise quality management, workplace safety, supply chain security, and trade compliance applications.

For the past year and a half, I have worked as an independent consultant, undertaking projects focused on digitizing business processes and doing some work performing information system audits. This included projects centered around topics like enterprise master data management, supplier management, and privacy program management.

The Trigger Event

As I transitioned away from my role at the transportation and logistics firm, I realized that what I wanted to do next was more IT- and information systems-related than it was general operations-related. But being considered an “Ops guy” – so to speak – transitioning into an “IT role” was not going to be easy.

However, I felt very strongly that there was a correlation somewhat when it came to management practices such as Design for Six Sigma – with which I was totally comfortable – and concepts and practices such as Privacy by Design and Secure by Design. The fact was, I had demonstrated as much in previous roles.

During one of my early projects as an independent consultant, the project sponsor recommended that I consider adding one or two cybersecurity certifications to my set of credentials. The reason as they put it was that “when it comes to application development, you clearly have an idea of what goes into protecting data and information assets and identifying risks in the design and maintenance of an application.”

As luck would have it, ISC2 just about simultaneously introduced its Certified in Cybersecurity (CC) Certification. For me, it was a no brainer: I dove into the study materials, took and passed the exam, became CC certified.

The Journey Continues

I’m now looking to advance my knowledge in the cybersecurity domain even further; there’s still a lot of work still to do to get to a point where my level of confidence in this domain is on a par with my level of confidence with lean and six sigma.

That being said, as someone with a thirst for learning, pursuing the CC certification was a great start, enabling me to strengthen and validate my knowledge about concepts like software hardening, pen testing, encryption techniques, etc. and to learn about other components like threat actors, threat vectors and attack surfaces. It also enhanced my ability to speak a common language with DevOps and IT Security folks. Quite frankly, the deeper that I dive into it, the more excited I get about it. It is like the early days of my Six Sigma journey all over again.

I am considering pursuing two more certifications. The CGRC and ISSMP certifications are closely aligned with both my CC certification and my quality and compliance management background. They are also in line with my professional and career objectives. Achieving these two qualifications will put me in position to continue building on current fundamentals such as CSSBB, CISA, CIPM and to do so in a way that delivers value to key stakeholders.

My new goal is to continue to find opportunities that put me in position to demonstrate – in hands-on, tangible ways – how to apply these learnings. I’ve not found it simple to break through into an IT role, as I am not your traditional IT guy. But I am up for the challenge. Stay tuned.

Gerald Pierce, CC, completed the Certified in Cybersecurity qualification in February 2023. He has worked for over 20 years in Quality and Compliance Management roles for various organizations in the telecommunications, energy services, retail, fintech, and transportation/logistics industries. He is currently working in a management consulting role for a technology start-up.