tiero - Fotolia
How to land a job in cybersecurity
Find out if you're a good fit for a career in cybersecurity, the kind of training required, how to start building IT security skills and the types of jobs available.
Cybercrime is increasing at an alarming clip. Year after year billions of dollars are lost and millions of personal records stolen by online criminals. To counter this onslaught of cyber attacks, businesses and governments have come to count on equally cunning and dedicated cybersecurity professionals to protect them from attack.
The scale and impact of cybercrime and its continuing rise has helped make the cybersecurity job market among the hottest career tracts in IT today. In fact, the cybersecurity field now offers several distinct career trajectories that IT security job aspirants can follow, as outlined in the Information Systems Security Association (ISSA) International's lifecycle describing the cybersecurity career path.
With organizations around the world finding themselves in the position of having to fill more and more IT security positions due to existing, new and -- as of yet -- undiscovered threats, now is a good time to consider a career in cybersecurity. A dearth of IT security talent has left numerous vacancies for those with the right skills to beat back the cybercrime menace.
Getting started in the field of cybersecurity requires some important skills to be successful. Let's find out what skills those are, the different kinds of cybersecurity jobs available today and why cybersecurity is so important.
What is cybersecurity and why is it important?
Cybersecurity involves protecting data, networks and devices from eavesdropping, manipulation, sabotage, take over and theft. Cybersecurity professionals are the highly skilled and knowledgeable computer experts tasked with carrying out the various technical duties to defend organizations and their employees, partners and customers from attack.
With computers and networks playing such a larger role in everyday life nowadays, it's paramount that these systems are protected from bad actors. To add to the challenge, emerging technologies like the internet of things (IoT), 5G and artificial intelligence (AI) may very well empower hackers to invent new methods of siphoning off larger amounts of data even more quickly than ever.
In addition, attacks against critical infrastructure systems are becoming more common. State and non-state sanctioned actors from China, Iran and Russia, for example, have already breached sensitive infrastructure and business networks in the United States.
A few high-profile examples include the breach of credit card agency Equifax in 2017, which led to the indictment of members of the Chinese military by the U.S. Department of Justice. Also the hijacking of SolarWinds Orion IT management software last year, which compromised the data and networks of thousands of SolarWinds customers and is highly suspected of being a Russian espionage operation. Furthermore -- and perhaps even more concerning -- hackers breached a water treatment plant in Oldsmar, Fla., in February 2021 in a bid to taint the town's water supply.
Are you a good fit for the cybersecurity field?
From the outside looking in, a career in cybersecurity can seem fairly lucrative. For one, cybersecurity jobs tend to pay well, with the average salary in the U.S. exceeding $107,000 per year. To boot, opportunities for advancement and job security abound and -- if you're the type of person who doesn't like boring workdays -- there is never a dull day in the cybersecurity field.
Attention to detail, curiosity, fast learning, critical/creative thinking and good communication skills rank among the most important soft skills required for cybersecurity professionals. If that list describes you, you just might be a good fit for a cybersecurity job and career.
What type of training is required for cybersecurity positions?
You don't need a computer science degree to land an entry-level cybersecurity job. Although the cybersecurity field is highly technical, many of the best professionals are those who have experience or strong interest in other fields, such as behavioral sciences, engineering, law and journalism.
It's fairly common to see cybersecurity teams composed of members from nontechnical backgrounds. For example, InfoSec teams could include positions that appear more journalistic or librarian in nature, resulting in some companies hiring people with strengths in those areas and then teaching them the necessary cybersecurity skills.
This is more the exception than the rule, however. Generally, there are a few essential tech skills that are vital to learn before you can land an entry-level cybersecurity job, including:
Learning Linux. Most of the infrastructure that powers the modern web runs on Linux. You will find this open source operating system everywhere from laptops and web servers to tiny embedded IoT devices and massive supercomputers. If you're serious about a career in cybersecurity, developing a deep understanding of Linux is a must.
Learning networking. You'll also want to develop a firm grasp of computer networking fundamentals. Most entry-level cybersecurity jobs will expect you to understand the various network nodes (i.e., NICs, hubs, switches, routers, firewalls, etc.), the various network communication protocols (i.e., HTTP, TCP, UDP, IP, etc.), network performance issues (i.e., bandwidth, QoS, congestion, etc.) and network services.
How can you start building real-world cybersecurity skills?
A huge number of free cybersecurity training resources are available online. But all that training has little value if it's not applied to real-world problems. Relevant ways to put your learning to action include cybersecurity certifications, hacking challenges, bug bounties, open source contributions and cybersecurity blogging:
- Most cybersecurity jobs expect at least one recognized certification. Good starter certs are CompTIA Security+, Microsoft Technology Associate Security Fundamentals, ISACA Cybersecurity Fundamentals and (ISC) 2 Systems Security Certified Practitioner.
- Capture the flag and similar hacking challenges require using computer knowledge to either protect or capture a digital flag. Its challenges can vary in intensity and difficulty, but the overall goal is to find security holes in the opponent's system and exploit them in order to claim the flag.
- Bug bounties are cash rewards offered by organizations to any security researcher who finds and reports vulnerabilities in a website or application. Well-known tech companies like Mozilla, Google, Facebook and Microsoft offer bug bounty programs.
- Maintaining an active cybersecurity blog can also help build experience. Technical communicators -- people who can write about high-tech subject matter in plain English -- are integral members of cybersecurity teams. Executives, end users and investigators need clear and accurate documentation to perform their duties.
What types of cybersecurity jobs are available?
There are many kinds of cybersecurity jobs and career paths available today, some of the most common include:
Security generalist. A term used to describe a jack-of-all-trades. Usually, but not always, smaller companies hire generalists due to limited IT budgets that can't afford to build out teams of security specialists.
Network security specialist. Responsible for around the clock monitoring of an organization's networks, network security specialists scan for breaches, unauthorized access and any other unusual activity.
Cloud security specialist. Experts at defending the various network and computer technologies provided by public cloud providers like AWS, Microsoft Azure and Google Cloud Platform.
Identity and access management specialist. This cybersecurity specialty revolves around controlling who can and can't access an organization's systems. Identity and access management helps ensure each user is who they claim to be.
Incident response specialist. Responsible for assessing and responding to threats, incident response specialists use an assortment of tools and techniques to actively monitor, analyze, identify and remedy attacks. These security professionals also create security plans, procedures and protocols to help organizations better respond to threats.
Forensics analyst. Similar to forensic investigators who work homicides or burglaries, computer forensics analysts are the cybersecurity professionals tasked with collecting and analyzing data related to cybercrime.
Security architect. Security professionals responsible for designing and implementing highly secure networks and computer systems.
Penetration tester. Pen testers, for short, are hackers who use many of the same tools and tactics that bad actors use. However, pen testers always have the full permission of the organization they are targeting. The goal is to find security holes and patch them before bad hackers can take advantage.
Cybersecurity trainer. A cybersecurity trainer is responsible for teaching employees how to insulate themselves and the organization from threats.