Getting on the cybersecurity ladder
Cybersecurity is an exciting field to work in, with opportunities for people across a vast array of skills. Cybersecurity encompasses many roles as a knowledge domain, from content writers to ethical hackers to security awareness trainers. Proper certifications and continuing education allow movement across these different roles.
Cybersecurity is a massive industry. In the industry, where all voices are needed to drive the development of cybersecurity strategies, security product design, or the deployment of secure infrastructures, diversity acts as a positive catalyst.
Although entry and growth in this industry may seem overwhelming, you can have a successful cybersecurity career by utilizing the proper resources. This article discusses some of the essential resources for new entrants in the cybersecurity domain.
Working in the cybersecurity sector offers opportunities to rise through the ranks, earn attractive pay rates, and have varied, often extremely interesting, tasks. Salaries are generally excellent, and in some cases, they can be outstanding. A Mondo study from 2019 found, in the United States, an information security manager’s average salary in the range of $125,000 to $215,000. Other roles had similarly alluring pay rates.
Some of the most sought-after roles in the cybersecurity industry:
The security analyst has a wide-ranging job that involves responsibility for the protection of company data. The security analyst is a front-line position, dealing with the general security metrics of an organization. READ THE FULL SECURITY ANALYST CAREER PROFILE
The role of a security architect requires knowledge of both software and hardware. Typically, a reasonable understanding of programming is needed. Security architects are expected to analyze a system and network to look for weaknesses and strengths. A security architect does penetration testing, which checks for product and network vulnerabilities, as part of their general duties. READ THE FULL SECURITY ARCHITECT CAREER PROFILE
Technical writers with a grasp of cybersecurity can find work across many domains in the industry. Writers who understand cybersecurity and know how to communicate well often work on security policies, tender bids, security reports, API and software documentation, compliance documents, etc.
Information security manager
Like many management positions, the cybersecurity manager is responsible for overseeing a team and liaison between departments. The cybersecurity manager is responsible for team training and supervision of team member projects. The cybersecurity manager must keep abreast with changing technologies, security threats, and security practices in general.
Security company marketing
Cybersecurity companies, or those with a product stake in the industry, require marketers that understand the industry’s nuances. Marketing security products require a mix of cybersecurity know-how, understanding industry competition, and marketing expertise.
Cybersecurity project manager
Project managers help to ensure that a project runs smoothly. Projects may be internal, for example, running regular Penetration tests against company networks. Project managers also run external projects, for example, delivering a cybersecurity platform to a customer.
The outlook for a continued career in cybersecurity
One thing is sure about a career in cybersecurity; if you want one, there are plenty of opportunities.
- A recent Workforce Study from (ISC)² (The International Information System Security Certification Consortium) identified that in 2020 there was a skills gap in cybersecurity of around 3.1 million. This gap was down from 4 million in 2019. However, this shows the cybersecurity job landscape is buoyant but still understaffed. The study concludes that the shortage is having an unwelcome impact on organizations:
“…more than half of respondents (56 percent) say that cybersecurity staff shortages are putting their organizations at risk.”
- The (ISC)² study also found that almost half of firms expect to increase security staff because of the increased complications afforded by Covid-19 and remote working.
- KPMG has found spikes in cybersecurity activity during the pandemic. The company reports:
“… rapid and unexpectedly broad disruption to businesses around the world has left companies struggling to maintain security and business continuity.”
- In terms of gender equality, there are still gaps between the numbers of men and women in the security industry. Only 25 percent of the workforce are female. However, the industry is actively encouraging women to enter the workforce. There are many networking and advisory groups for women in cybersecurity that you can leverage. LEARN MORE IN THE WOMEN IN CYBERSECURITY GUIDE
Moving up the cybersecurity career ladder
A mix of qualifications and experience with a sprinkle of networking can help you gain the cybersecurity position of your dreams. Certain degrees and certifications allow part-time engagement for students to advance their qualifications while being employed.
As with many professions, cybersecurity has a choice of higher education degrees and courses. Investment in a degree is a big decision. So it would be best if you did your research first. Many career paths may lead to a career in cybersecurity, and not all start with a dedicated cybersecurity degree. For example, college degrees in computer science, law, science, etc., can lead to a career in cybersecurity or enhance job prospects for one. LEARN MORE ABOUT CYBERSECURITY DEGREE OPTIONS
If you didn’t go down the cybersecurity bachelor’s degree route, you may still directly pursue a master’s degree in cybersecurity-related topics to beef up your knowledge. The Master’s degree may be rendered through courses or be entirely research-based. LEARN MORE ABOUT CYBERSECURITY MASTER’S DEGREES
A Ph.D. in cybersecurity is a long-term commitment as it can take 7+ years to complete part-time. However, it allows you to deeply explore a topic and produce original research adding new light on a subject. LEARN MORE ABOUT CYBERSECURITY Ph.D. PROGRAMS
Advanced training programs and certifications
Many professionals in the cybersecurity industry opt for industry certifications to help advance their professional standing and career.
A report from GlobalKnowledge found that 85 percent of IT professionals hold at least one certification, and 66 percent actively plan to take up new certifications.
There are many certification courses on cybersecurity available. Bootcamps are offered by several organizations to help those studying for a specific certification to prepare for the exam. The certification choice comes down to the area you wish to specialize in. Some of the most popular certifications include:
Security+: This is ideal for newcomers to cybersecurity, although the certification requires two-years of IT experience.
CASP+: This one is for more experienced cybersecurity professionals. It provides evidence that you have a deep understanding of security matters and practical knowledge in applying network and mobile security.
PenTest+: A hands-on and performance-based certification for security professionals involved in penetration testing of IT networks and vulnerability management.
Certified Ethical Hacker (CEH): The training required to meet the certification is useful for security officers and more general information security specialists. A CEH shows that you understand the methods and tactics used to attack systems and networks.
Certified Chief Information Security Officer (CCISO): As you move up the cybersecurity ladder, one of the top positions is the Chief Information Security Officer (CISO). This one is an advanced level certification to develop and test knowledge and skills across information security management’s technical and managerial side.
Certified Information Systems Security (CISSP): This is an intermediate exam and one of the most popular security exams. The certificate demonstrates you have the knowledge and experience to design, develop, and manage an organization’s overall security posture.
Certified Cloud Security Professional (CCSP): The CCSP provides advanced technical skills and knowledge in cloud security covering infrastructure, data, policies, apps, etc.
International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP): This is a region-specific certification for those professionals who need to understand privacy law and regulations.
Certified Information Privacy Technologist (CIPT): This certification is for software engineers and those involved in solution architecture and privacy by design.
Certified Information Systems Auditor (CISA): This certification is suitable for those wanting to improve career prospects in cybersecurity governance. The certification focuses on advancement in audit, control, monitoring, and assessing information technology and business systems.
COBIT Foundation: Governance and regulations are an essential part of cybersecurity. The COBIT Foundation exam provides the training to deliver best-fit programs against standards, frameworks, and industry regulations.
Nothing beats hands-on experience for helping to build the skills needed to develop a career in cybersecurity. Some firms, such as the FBI, offer paid internships and training programs.
Helpful advisories and groups in cybersecurity
Cybersecurity is a continuously changing arena, and keeping up with those changes requires commitment. Groups and influential people in the space can help you do this:
Social media and meetup groups
Meetup groups in your local area can be an excellent way to meet industry professionals and learn about the subject. Groups that offer local Meetups include:
You can also find on Meetup, local programs in your area covering cybersecurity, cybersecurity career advice groups, information security, digital identity, cloud security, etc.
LinkedIn has thousands of security-related groups. Some popular ones include:
Information Security Community: 487,000+ members
Information Security Careers Network (ISCN): 94,000+ members
Information Security – Risk Management – Compliance Jobs: 14,500+ members
Several groups exist to encourage diversity in the cybersecurity industry:
Important cybersecurity conferences
Conferences are a great way to learn and network. However, the cost to travel and find accommodation can be off-putting. You may be able to find sponsorship via your company, and if you are a student, there are usually student discounts available. Also, since the pandemic, many conferences are now virtual. Online conferences are often cheaper, and many will provide free access to talks, etc., after the event.
Some popular conferences to check out include:
RSA Conference: A major security event with various locations throughout the year
Diana Initiative: Focuses on women and diversity in information security
InfoSecurityEurope: Large Europe-focused conference
SANS: Includes training events
HACK (in Paris): A focus on hacking
Global AppSEC: The OWASP training conference
Cybercon: A US conference with a focus on training
Codaspy: General conference on security and privacy
Influencers in cybersecurity to follow
Following in the footsteps of some of the great in the cybersecurity space is always useful for finding out what’s going on and how the pros do things. Some influential cybersecurity professionals in the area include:
- Brian Krebs (Krebs on Security): Follow on Twitter and read his blog Krebs on Security
- Troy Hunt: Follow on Twitter and read his blog, Troy Hunt
- Tanya Janca (She Hacks Purple): Follow on Twitter and read Tanya’s blog
- Bruce Schneier: Follow on Twitter and read Bruce’s posts on all things security.
- Shira Rubinoff: Follow on Twitter and check out her YouTube channel
- Katie Moussouris: Follow Katie on Twitter
Establish a professional network
Cybersecurity is an exciting and fulfilling career for anyone who likes to solve problems and fight the bad guys. Because of the skills shortage in the industry, opportunities are plenty. Newcomers, and those who want to transition into cybersecurity from another field, should use the resources and establish themselves in the industry. You can do so by keeping abreast of events by reading cybersecurity blogs, following industry news sites, and attending local Meetups on important areas of the industry.
When you feel ready, you can also look to certification programs or even complete a cybersecurity degree. There are many pathways into the industry, and now is the perfect time to turn that passion into a career.