This tweet from a Brazilian programmer has been retweeted over 6,000 times.
I felt like saying this. pic.twitter.com/mHJ1rENoX1
— Hisham (@hisham_hm) December 13, 2015
If you are a risk or assurance professional working for a comms business, you also need to know about computer science, just like you need to know about network technology, and about industry regulations, and about accounting, and about intellectual property, and about…
You get the picture. Even if you specialized in one of the many fields that are pertinent to risk and assurance in our sector, like computer science or financial auditing, you would find that endless changes to technology or the competitive marketplace would force you to keep re-learning and re-evaluating your existing knowledge. There is no definitive list of what you need to know.
I am a bit older than Hisham, but I learned about telecoms risk management around the same time as him, whilst I was working for Deloitte and studying for my chartered accountancy qualification. Thinking about how much has changed since then, I felt inspired to follow his example…
When I first learned about internet security, the solution was firewalls and virus checkers.
When I first learned about handsets, StarTACs were cool, Nokia was big, and Apple made Macs.
When I first learned about bypass, there was no OTT bypass because there was no OTT.
When I first learned about authentication, nobody used their mobile as their second factor.
When I first learned about RA, few had heard of it, and they thought it was switch-to-bill.
When I first learned about electronic money transfers, there were no bitcoins, and no M-Pesa.
When I first learned about risk management, there was no ISO31000 and risk had a different definition.
When I first learned about BCM, there were no backups to the cloud because there was no cloud.
When I first learned about data protection, most people only worried about Subject Access Requests.
When I first learned about passwords, nobody mentioned the need to use characters like &, ! and $.
When I first learned about controls-based auditing, there was no SOX 404, and AA was in the Big 5.
When I first learned about the mobile internet, it was called i-mode and they looked forward to WAP.
When I first learned about RA software vendors, Azure was #1 and Subex was run by Subash.
When I first learned about credit risk, they sent many more dunning letters and nobody was prepaid.
When I first learned about the rapid growth of mobile data, almost all its revenues came from SMS.
When I first learned about hacking exchanges, they did it by whistling.
When I first learned about multiplay, they thought it meant one bill for both phone and electricity.
When I first learned about maximizing shareholder value, fixed-line networks were selling their mobile offshoots and electronics retailers were selling their ISP offshoots.
When I first learned about social engineering, there were no phishing websites.
When I first learned about selling music over networks, every song was a ringtone.
When I first learned about next generation networks, none of them had been virtualized.
When I first learned about information services via the television, it was called Teletext.
When I first learned about googling, it was by using Yahoo!
Perhaps you feel that you know everything you could possibly need to know. Even if that is true today, your knowledge will still be out of date by the end of this year. That is why job descriptions that list of a lot of particulars, and professional courses that list lots of detailed facts, will generally miss the point. What matters is having a good conceptual grounding and then being able to continuously adapt and update your knowledge, because the list of what you need to know will be different twelve months from now.
So follow the advice of Hisham from Brazil: learn the fundamentals, then expect to keep learning as the details keep changing.