Oasis Kauppila, Online Cyber Security Student

Oasis Kauppila is currently studying Cyber Security Online.

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

When I talk about cybersecurity, I like to highlight just how many different paths there are not only for people who are technically inclined but also for those interested in strategy, policy, or communication. A lot of people still picture cybersecurity as just “hackers in hoodies,” but it’s so much broader than that. It’s a growing field that truly needs capable people who are willing to stay and grow with it. With the number of connected devices constantly increasing, the need for strong security will only keep expanding. That’s why I see cybersecurity as such an exciting and stable industry to join. It’s not going anywhere anytime soon.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

My long-term goal is to move into the GRC side of cybersecurity. I’m aware that it’s not usually something you can step straight into without experience, so I’m planning to build my foundation first in roles like SOC Analyst or on an Incident Response team. I’m genuinely fascinated by the standards and regulations that shape security

practices — not just what they are, but why they exist and how they’re developed. I find it really interesting to see how these rules and frameworks influence the way organizations approach security, and that’s what draws me to GRC.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

My friend has been the biggest influence on my cybersecurity journey so far. She’s an Incident Response Team Manager at an insurance company and was actually the one who first suggested I try the ISC² Certified in Cybersecurity (CC) course. At the time, I was wrapping up seven years of teaching English in Japan and feeling unsure about what to do next when I returned to Canada. We spent a lot of time talking about my options, and she quickly said, “You should try cybersecurity.”

I took her advice and completed the ISC² CC online course while I was still teaching and I loved it. She’s also the one who encouraged me to explore GRC, and from everything I’ve read so far, it feels like the perfect direction for me to grow into.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?

I’m currently working toward my ISC² CC certification and have my exam scheduled for early September 2025. Once that’s complete, I’m planning to jump straight into the CompTIA Security as my next step. I chose these two certifications because they’re solid entry-level credentials a perfect match for where I’ll be at the end of my course. Looking ahead, I’m excited to keep building on this foundation by earning more certifications as I grow in my career.

I’m really looking forward to diving into standards and regulations, because that’s the part of cybersecurity I genuinely enjoy. I’ve always been fascinated by rules and figuring out how to navigate them smartly without breaking them. We haven’t reached the GRC section of my course yet, but I’m excited to explore which regulations and standards apply in different situations, why they exist, and how they shape the way organisations handle security.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

I think everyone can benefit from improving their communication skills it’s such a vital part of any job. Clear and respectful communication can make all the difference, while misunderstandings or poor communication can create tension within a team or organisation. I’ve met plenty of people who thought they were great communicators but weren’t always getting their message across. In the workplace, strong communication can really lift a team and help people thrive, while weak communication can hold everything back.

What is your preferred source for staying informed about cybersecurity trends and general information?

I keep up with the latest in cybersecurity by reading TLDR InfoSec articles and listening to the CyberWire Daily podcast about five days a week. I do like to take a break now and then, though with how much is happening in the field these days, it can get a bit overwhelming to stay on top of everything every single day.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I take my personal cybersecurity pretty seriously. I always have a VPN running on my devices, and I make it a point to change my passwords every three months, keeping them strong with at least 16 characters, a mix of uppercase and lowercase letters, numbers, and symbols. Any email from an unknown sender gets a quick Google check or I just delete it if it seems suspicious. I also keep my social media accounts private, so anyone who wants to follow me has to be approved first. It might not help me build a huge online following, but I’d much rather be safe than sorry.