Last year, Cybersecurity Ventures predicted that by 2021, cybercrime would cost $6 trillion annually. As the threat landscape continues to evolve, and the volume of cyberattacks rises, now is the perfect time to begin working in cybersecurity.
Not only is cybercrime one of the most diverse and thrilling fields, but it is also facing significant talent shortages. Research by (ISC)² estimates that almost three million cybersecurity positions remain unfilled due to the lack of cybersecurity professionals. As cybercriminals become more creative and sophisticated in their attacks, this number will only grow. Businesses will suffer as they struggle to cope with the risks, lack of knowledge, and consequences of an attack.
As a result of the skills shortage and urgent demand, cybersecurity is now an incredibly lucrative career choice. It’s also quite a fulfilling one, as you’re essentially an IT crimefighter helping to make the world a better place every day.
What do you need to work in cybersecurity?
A career in cybersecurity is no longer as elusive as it once was. A computer science degree provides a good starting place. However, it is no longer necessary. The tradition of turning applicants down because they lack such a degree has contributed to the current incredibly small talent pool. As companies realise this, we’ll start to see a rise in applicants getting selected based on potential rather than degree status or experience.
Of course, you can’t expect to waltz into an interview and immediately snag a job as a security architect. How do you get started? Well, reading this blog is an excellent first step. The path to cybersecurity success is all about learning and demonstrating drive and passion.
If you’re currently, say, a systems administrator, there is plenty of training that you can do to help you transition into a cybersecurity role. However, don’t feel disheartened if you’re currently in a non-technical position. Mid-ladder career changes are becoming increasingly common, and it’s easier now than ever before to discover everything you need to do so successfully online. Some of the brightest cybersecurity minds hail from non-technical backgrounds – psychologists, artists, military officials, medical doctors, and stay-at-home parents.
What’s more important than a technical background?
Organisations realise that a dedicated passion for learning new things and understanding how both people and technology function is critical. There are a growing number of areas in cybersecurity that focus less on the technology itself, and more on the human behaviour that drives it.
It’s essential to identify your transferable skills. Programmers will know what malicious code looks like, and web developers will find learning to defend against cross-site scripting easy. However, if you think there’s nothing relevant in your non-IT background, think again. The chances are, you have an Aladdin’s cave of soft skills to help you get your first cybersecurity position. Do you work in car sales? You could get an IT position at a car dealership. If you are a receptionist, consider working at a help desk. Perhaps you are a writer. If so, there are opportunities to become a technical writer.
Today, businesses need a mix of employees with competencies in technology, law, psychology and sociology to handle their security effectively. A non-technical background can help you stand out from the competition. Problem-solving, communicating technical topics to non-technical people, working with a team, and understanding processes are all invaluable abilities in a cybersecurity role.
Which path is right for you?
There are countless roles to choose from, all of them evolving. For example, we’re seeing new positions such as malware analyst and incident responder. The scope of responsibilities of chief security officers (CSOs) and chief information security officers (CISOs) is growing. Analysts and engineers realise that they need to be working with other groups within their organisations.
So, take the time to research all your options. Is it the management side of things that interests you, or something more technical? When it comes to the latter, there are three main areas to choose from:
- Security architects – both the highest qualified and highest-paid and design all or parts of a system.
- Security engineers usually create systems for automated logging, respond to incidents, and create and implement new technologies to fight cyber threats.
- Security analysts search and test for vulnerabilities, often assisting in implementing solutions.
Properly exploring these areas could pave the way to a prosperous and exciting career as a security auditor, a malware and forensic analyst, an incident response analyst, a penetration tester (a pro hacker who identifies vulnerabilities), a governance, risk and compliance pro, a network security engineer, a cryptographer (finding new ways to encrypt sensitive data), a data security strategist or security software developer (both of which are fast-growing careers as AI and IoT initiatives grow). The list is endless.
Get your foot in the door
First, try to understand the basics. What does the threat environment look like? How are various companies tackling it? Then, focus on your interests. After all, you can’t be an expert in every field. Identify the skills required for your dream career and then look for starter positions with supportive employers that will help you get them.
The most straightforward route into cybersecurity is through training and involving yourself with a data-handling company that’s eager to improve its network security. Get something entry-level like an account executive role or a junior penetration tester and transform yourself into the office security expert. Then, earning potential is all determined by how much effort and work you put in – it’s easy to make around £55k as a cybersecurity analyst, for example.
Your entry-level IT job should teach you the basics: administering and configuring systems, networks, database management and coding, running and maintaining common applications e.g., web server, database or DNS servers, a sense of procedures and business operations. However, make sure it also offers some cybersecurity practical experience, too.
Consider the following 7 steps as you start your new journey:
- Say yes to everything and be willing to start at the bottom or in an internship.
- Teach yourself to understand code and the basics and take some online training courses. Read blogs, news, websites – become passionate about network security, endpoint protection, application security, mobile security, cryptography, authentication, threat intelligence, identity and access management, phishing and social hacking, and so on.
- Find yourself a mentor.
- Make some industry connections. Attend networking events. Join LinkedIn groups and professional networks to make a name for yourself. Participate in workshops and seminars. Get to know and offer to help the IT and cybersecurity professionals in your organisation – they could yield some great advice and think of you when a job opens in their department.
- Volunteer to do a cybersecurity project for a non-profit or charity or set up a solo or collaborative open-source side-project.
- Search open-source projects and sites for bugs and weak points, documenting everything for future interviews.
- Build a computer and security lab and practice securing and hacking it.
Educating yourself and those around you is always the key to growth. Skillsoft’s Security Training offers a variety of cybersecurity courses. Our technology portfolio makes cybersecurity easy to understand, to acquire new skills without needing to apply for a specialist degree or enrol at a university.
Here are just a few of the security courses on offer:
- Information Security – compliance content for the entire organisation. Informs everyone on the fundamentals of what employees can do daily to minimise risk
- Certified Ethical Hackers (CEH) – in this course learn how to spoof actual hackers’ attempts to attack your organisations’ network. Discover how to find vulnerabilities before a real attacker finds them
- CompTIA cybersecurity certifications Security+, CompTIA Cybersecurity Analyst (CSA+) and CompTIA Advanced Security Practitioner (CASP). CompTIA CSA+ is an internationally recognised professional qualification created to fill the gap in cybersecurity credentials and address the unique role of the cybersecurity analyst
- Cisco certifications in security CCNP Security or CCNA Security
- (ISC)²certifications Certified Information Systems Security Professional (CISSP)
Skillsoft is also running a hacker webinar series. We plan to kick-off this intensive training programme with Not all hackers wear balaclavas, the first in a two-part series of webinars hosted by Skillsoft’s Christopher Sly and Robert Schifreen, one of the most infamous hackers in the UK. The complimentary webinar takes place on 18th September 2019 and will cover:
- What is in a hacker’s toolkit and how to stop them before it’s too late
- The common attack methods used to compromise a network, server or device and how to mitigate the risk of these attacks
- The real cost of a cyber breach to your organisation
- Impersonations attacks – how to tell if your company’s email is secure
- How the cyber skills shortages are impacting your business
- Why it is better to upskill in-house rather than outsourcing your cybersecurity solutions
Stephen Roberts is the Marketing Director at Skillsoft EMEA.