Editor’s Note: This is the fifth of six installments of an information security column provided to The Nonpareil to help our readers be smart and stay safe when it comes to electronic information, privacy and avoiding identity theft. October is National Cyber Security Awareness Month.
Cyberattacks are costing organizations more every year.
According to their annual reports, Target incurred $292 million in damages after its breach in 2013 and Home Depot incurred $298 million from its breach in 2014. In the week following their breach announcement, Equifax’s stock lost almost $6 billion in value, though it has begun recovering.
With the cost of attacks increasing, companies want to hire more cybersecurity professionals to help protect their information and profits. However, companies have only begun these massive hiring pushes in the last few years, so there is not an equivalent pool of candidates entering the field. In fact, most of the current cybersecurity workforce are seasoned veterans of the information technology field and are nearing retirement.
Several studies have assessed the growing shortage of cybersecurity workers. According to Cyber Seek, a project supported by a grant from the U.S. Dept. of Commerce, the current U.S. shortage is around 300,000. Studies estimate that number increasing to between one and two million by 2022.
It doesn’t take an MBA to see that increasing demand plus decreasing supply means that cybersecurity will be a lucrative career field for the foreseeable future. So how can you take advantage of this opportunity?
It doesn’t matter if you are a student thinking about a college major, a working adult looking for better job opportunities or a seasoned professional looking for a new challenge before retirement. Cybersecurity isn’t just super geeky hackers ripping apart computers, though there is some of that. There are many different types of jobs that may appeal to a wide variety of personalities:
• Analyst. One of the most common jobs in cybersecurity is analysis, where you assess risk and provide advice about securing systems. If you like talking with people, figuring out what problems they are facing and how security can help them and researching solutions, this job is for you.
• Engineer. Another common job is engineering, where you design and build security solutions for systems and networks. If you enjoy building things and working on projects where you get to see your work come to life in a finished product, this job is for you.
• Manager. Somebody has to manage the employees and make sure tasks get completed. Like in the movie “Office Space,” a cybersecurity manager might say, “I deal with the … customers so the engineers don’t have to! I have people skills!” If you have the rare ability to translate between technical jargon and normal language, this job is for you.
• Coder. Software coding has been a standard technology job for many years, now requiring people who can design and build security software, like anti-virus, as well as securely build normal software to prevent bugs and vulnerabilities. If you like solving logic problems, this job is for you.
• Pen Tester. Penetration testing is the term for attempting to break software or a system to find and fix weaknesses. If you like taking things apart to see how they work and rebuilding them, this job is for you.
• Investigator. Digital forensics is growing along with the increase in cybercrime, requiring investigators who can gather and analyze evidence to solve crimes. If you like solving mysteries, this job is for you.
• Incident Responder. Organizations with requirements for strong security, like the military, often have people who actively monitor and fight attacks on their systems. If you like challenges where you compete against others to think two steps ahead, this job is for you.
Fortunately, you can start from anywhere and become successful.
Certification is an important part of the cybersecurity profession, as well as other technical fields. A certification is a test that shows you know a certain topic or have specific skills. Most certifications do not require any specific class to take; you can just sign up and take them. More advanced certifications require a few years of experience.
In general, the cybersecurity profession can be broken into three general categories. The education, certifications and skills listed are not exhaustive, but they give you an idea of the most common requests in job postings.
1. Entry Level. People just entering the cybersecurity field, whether from school or transitioning from another field.
• Education: high school diploma
• Certifications: CompTIA’s Security+, GIAC Information Security Fundamentals (GISF), (ISC)2’s Systems Security Certified Practitioner (SSCP)
• Skills: computer administration, coding, security awareness
2. Intermediate Level. People who have been in the field for a few years or went to college for cybersecurity.
• Education: bachelor’s degree in cybersecurity, computer science or information technology
• Certifications: GIAC Security Essentials Certification (GSEC), EC-Council’s Certified Ethical Hacker (CEH), (ISC)2’s Certified Authorization Professional (CAP), ISACA’s Certified Information Systems Auditor (CISA)
• Skills: security tools, risk assessments, security frameworks and laws
3. Advanced Level. Professionals who have been in the field for many years or who have advanced education or experience in specific roles.
• Education: master’s degree in cybersecurity, computer science, information technology or business
• Certifications: (ISC)2’s Certified Information Systems Security Professional (CISSP), GIAC Security Expert (GSE), Offensive Security Certified Professional (OSCP)
— Keelan T. Stewart is an information security analyst for Boys Town. He is a certified information systems security professional. Contact him at firstname.lastname@example.org.