Ask a cybersecurity firm or a big financial services company with a huge cybersecurity staff what they’re looking for in new cybersecurity talent, and they will tick off their requirements in rapid-fire succession, barely stopping to take a breath.
They want somebody with a bachelor’s degree in computer programming, computer science or computer engineering. They also want to see an academic background replete with courses in statistics and math. They want cybersecurity certifications as well, and, of course, experience in specialties plagued by staffing shortages, such as intrusion detection, secure software development and network monitoring.
Sound too demanding, especially if you’re relatively fresh out of school? Don’t despair.
This is more like a wish list than actual requirements because there is an enormous shortage of cyber talent, estimated to reach two million positions globally in 2019.
What Would-Be Cyber Pros Need To Do
What is really needed to get in the door is training at a cyber boot camp or a two-year associate’s degree in cybersecurity from a community college, a background in IT, and a demonstrated interest in and some knowledge of cybersecurity fundamentals. People with backgrounds as programmers, systems administrators and certified network engineers are particularly strong candidates. More important, however, is that you have -- and can demonstrate -- a passion for learning and strong research instincts.
What, exactly, is a cybersecurity specialist?
He or she works with organizations to keep their computer information systems secure. They determine who requires access to which information, and then plan, coordinate and implement information security programs. They also use their expertise and up-to-date knowledge to help protect against web threats that facilitate cybercrime, including malware, phishing, viruses, denial-of-service attacks and hacking. And, too, they troubleshoot company-wide security threats and implement creative solutions.
Cyber jobs are pretty much all over the place, in, among other places, government agencies, military contracting firms, IT services companies, the armed forces, professional services firms, financial institutions and cybersecurity consulting firms. There are also a growing number of industry-specific cybersecurity specialties, such as security work in the development of autonomous vehicles, sadly reflecting that motivations to hack self-driving cars are almost limitless.
Even Ambitious Novices Have a Shot
If you don’t have a competitive background but still want to break into cybersecurity, this, too, is doable. The answer is to attend a cyber boot camp, albeit it can be expensive, or to enroll in a two-year associate’s degree program being offered by a growing number of community colleges.
Cyber boot camps are intensive programs that accept non-programmers, train them in key skills and help them land jobs. In Denver, for example, Securest Academy has graduated a number of cyber pros and placed all of them in respectable cybersecurity jobs, helped by its partnerships with top security employers. Other boot camps include Evolve Security Academy in Chicago, and Open Cloud Academy in San Antonio.
A hybrid between a boot camp and community college program is the City Colleges of Chicago (CCC), which recently became the first community college system in the country to partner with the Department of Defense on a new free cybersecurity training program for active military service members and civilians. This effort is modeled after an intensive six-month cybersecurity boot camp tested with government personnel at Fort McNair in Washington D.C. The program has been initially funded by $1 million from the City of Chicago and $500,000 from the Defense Department.
Another, perhaps better start to a path in a cybersecurity career is attendance at a community college. Community colleges with two-year cybersecurity degree programs include Anne Arundel Community College in Baltimore, Herkimer County Community College in Herkimer, N.Y., Thomas Nelson Community College in Hampton, Va., Umpqua Community College in Roseburg, Oregon, Clark State Community College in Springfield, Ohio, and River Valley Community College in different cities in New Hampshire. Still others are Northern Virginia Community in different cities in northern Virginia, and Tidewater Community College in different cities in southern Virginia.
Most starting positions in cybersecurity are for security analysts, who plan and activate computer system security measures. Once a cyber specialist gains more experience and expertise and earns a certification or two, such as a CISSP (Certified Information Systems Security Professional), he or she can aspire to focus on more advanced cyber specialties.
- Intrusion detection. Experts in this area search for potentially harmful activity that could undermine the confidentiality, integrity or availability of information.
- Secure software development. Most data breaches are successful because of vulnerabilities or flaws in software code. Specialists in this area patch code on a routine basis.
- Cloud security. Cloud security specialists analyze threats particular to cloud security. Dangers include data breaches, system vulnerability exploits, hijacked accounts, inadequate diligence and malicious insiders.
- Network monitoring. This requires professionals who know what they’re looking for in networks and can make decisions rapidly when suspicious behavior is detected. They work in concert with advanced network monitoring apps.
- Risk mitigation. This entails tracking security risks that have been identified, discovering new risks, and tracking risk throughout select projects. This position also involves brainstorming what might happen if there is a breach.
- Data security. This has become a common job as organizations move to cloud computing. The job of data security pros is to protect company information from threats.
Regardless of specialty, cybersecurity pros need valuable soft skills. These include:
- Strength in research and writing. To establish sound policies, cybersecurity staff must be equipped to conduct exhaustive research into industry best practices and work with end users to understand how they use technology on a daily basis. They must then synthesize these insights into a thoughtful policy.
- Collaboration. It’s essential for cybersecurity specialists to know how to navigate projects and difficult conversations with a wide array of people, ranging from the CIO to end users and vendors. Security pros must be friendly, patient and open-minded.
- A teacher’s disposition. Cyber pros must be able to educate their colleagues about safe technology habits. They must also instill awareness about the risks of poor IT hygiene.
- A passion for learning. Cyber pros need to be lifelong students as much as teachers because the IT threat landscape is constantly changing. Cyber pros must be proactive, always exploring for ways to get ahead of tomorrow’s biggest challenges.
- A consultative mindset. Cyber pros must think like a consultant. Every company of any size has different constituencies. Cybersecurity experts need to be able to look at the big picture and ask the right questions of colleagues and senior management to solve cybersecurity issues. They should also understand how their work impacts the bottom line.
The Future of Cyber Teams
What about cybersecurity teams of the future? What will they look like?
The staffing of teams is likely to evolve with fewer generalists and more cybersecurity domain experts. In particular, it will be important to deeply understand how previously “siloed” security concepts and domains evolve into a horizontal structure. This will require cyber experts from different areas of the business working together cohesively.
Cybersecurity teams will also adopt more geographic diversity as the talent shortage persists.
It’s obvious that the search for qualified cybersecurity talent will remain a priority indefinitely. Companies, consulting firms and government agencies already know this. They are also slowly learning they have to be somewhat flexible about the cybersecurity professionals they hire. They will have to speed the pace because the deluge of increasingly sophisticated cyberattacks will not stop. Let’s face it: The protectors of data need all the help they can get.