How to get the cyber security job you want or to move up in your existing
cyber security career
As far as employment opportunities go, experts far and
wide agree that the cyber security career field is booming for job seekers. Between
rising cybercrime activity and more exacting laws and regulatory standards, the
demand for skilled and knowledgeable cybersecurity professionals in 2019 continues
Ventures reports that the cost of cybercrime is anticipated to reach
unprecedented levels in 2021 — when damages are anticipated to cost the world $6
trillion annually. As such, companies worldwide are upping their game to increase
their defenses in this war against cybercriminals — meaning that they need the
best cybersecurity experts in place.
But, where does this leave you as a job seeker who is
looking for a cyber security career? Whether you’re looking to get a start in
the industry or seek to revitalize your existing cyber security career, there
are things you’ll need to know to be most successful.
We’ve consulted with several industry experts and picked
their brains on what new and established cyber security professionals can do to
enhance their cyber security careers:
Let’s hash it out.
9 tips to help you as you seek to start or grow your cyber security career
1. Network and market yourself
Simply put, if you’re a professional with cyber security
experience, you’re in high demand. Cybersecurity Ventures reports
that the unemployment rate for cyber security professionals is at 0%. Compare
this to the national unemployment rate, which the U.S. Bureau of Labor
Statistics (BLS) reports
was 3.7% in June 2019.
How can there be so many open positions? In part, it’s
because the cyber security career field isn’t heavily populated. The field is
highly specialized and, as such, has fewer people who are qualified or have the
requisite experience for the jobs. However, that doesn’t mean that you
shouldn’t put forth any effort because jobs appear to be so available — after
all, you want the right job and not just any job.
How to stand out from other cyber security pros
To make yourself stand out, create a compelling LinkedIn
profile and a strong CV that highlights your achievements. Share about complex
projects or cyber security issues you helped your organization resolve.
However, tooting your horn isn’t enough on its own; you
need to get out there to network and meet others in your field. Moving up in
many fields — technology included — often can come down to who you know. This
is why networking is essential for every IT security professional. Thankfully,
there are groups that can help you connect with other cyber security and IT
Don Baham, president at Kraft Technology Group, LLC, says the
importance of getting involved with industry groups can’t be overstated:
“Whether an individual is brand new to the field, is an IT professional looking to make a move, or someone already working in the space but looking to progress, I recommend getting involved in industry groups and pursuing relevant certifications.
Four groups that have national/international levels as well as local chapters are InfraGard, International Information System Security Certification Consortium (ISC2), Information Systems Security Association (ISSA), and ISACA. Depending on location, one or more of these local chapters may be more active and beneficial to get engaged with.”
2. Know your worth: cyber security careers pay more than the national average
Whenever you’re looking for new jobs or are in the
interview process, it’s vital you know what the salary expectations are any
careers you’re considering. Unless it’s vital that you take a job immediately
(which we get — after all, we all need money to survive), do your research to
ensure that you’re receiving pay that is commensurate with the responsibilities
and expectations of the job.
The average cyber security professional makes an
above-average salary in the U.S. Glassdoor reports that the national average
base pay for a cyber security salaries is $91,500 per year. ZipRecruiter
lists it even higher at $119,877 per year as the national average. Considering
that the BLS reports
the national median salary as of Q1 2019 was a little more than $47,000, the
difference is obvious.
According to the BLS:
and information systems managers make a median salary of $142,530 per year.
This cyber security job outlook is increasing at a rate of 12%, which is faster
than the national average.
network architects make a median salary of $109,020 per year. This cyber
security career is growing at a bit slower rate of 6%, which is on par with the
systems analysts make a median salary of $88,740 per year. This cyber
security job outlook is growing at a rate of 9%, which is about as fast as the
national average for jobs.
security analysts make a median salary of $98,350 per year. This cyber
security career is growing at a rate of 28%, which is about three times faster
than the national average.
It’s important to remember, however, that the salaries of
these jobs will be higher or lower depending on a variety of factors,
- The job’s location
- The size of the company or organization
- Your experience level, expertise, or
- The roles and responsibilities of the position
5 of the highest-paying cyber security careers
Ventures reports that there are five cyber security careers that are
anticipated to make at least $200,000 annually in 2019. These include:
- Freelance Bug Bounty Hunter
- Chief Information Security Officer (CISO)
- Deputy CISO
- Lead Software Security Engineer
- Cybersecurity Sales Engineer
3. Take advantage of the growing skills gap in the cyber security career field
Cybersecurity Ventures estimates that there will be 3.5 million cyber security jobs open by
2021. The Cybersecurity
Workforce Study from (ISC)², an international, nonprofit membership association
for information security leaders, reports:
“The gap is having a serious real-world impact around the globe. Asia-Pacific, with its growing economies and brand new privacy regulations, is experiencing the biggest shortage — 2.14 million positions. The massive worldwide shortage not only places organizations affected by the shortage at higher risk of cyber attack, but also affects job satisfaction of current cybersecurity staff.”
Research from Cyber Seek, a project
supported by the National Institute of Standards and Technology’s (NIST’s)
National Initiative for Cybersecurity Education (NICE) program, shows that cybersecurity
skills gaps exist across the U.S. The cybersecurity workforce supply/demand
ratio for cyber security jobs (2.3) is less than half of the national average
for all jobs (5.8).
Aside from prior experience, what else do cyber security
recruiters and hiring managers look for in candidates?
Wil Buchanan, president of Philantech3 Consulting Group, shares some of
the challenges and traits his company seeks:
“As an employer in the cyber security industry, it’s difficult to find people with the type of experience that we are looking for (3-5 years of dedicated cyber security work). Without experience, the next thing that we look for is desire and certifications. We feel that for a team member to be effective, they must love what they do, or at least have a deep passion for the work.”
This creates a prime opportunity for you as a cyber
security professional: If you don’t have an applicable degree, you can work on
industry certifications or do other things that demonstrate your passion for
4. Understand the job’s expectations: Learn what each cyber security job entails
You know there’s a demand for cybersecurity
professionals, but what you might not know is what individual cyber
security careers are and what each one specifically entails. After all, “cyber
security professionals” is a very broad, catch-all term that encompasses many
unique roles with varying skill sets. Although the titles and responsibilities
will vary from company to company, there are some general shared
responsibilities and expectations for those positions.
Five of the most in-demand cyber security jobs Cyber Seek
- Cyber security analyst /engineer —planning,
monitoring, implementing or upgrading security measures that safeguard computer
networks, electronic infrastructure, and digital files.
- Cyber security consultant — assessing
computer systems, networks, and software for vulnerabilities, as well as outlining
the best cyber security solutions for implementation.
- Systems administrator — technical
support, daily system monitoring, backing up data, administering IT security
infrastructure, and other responsibilities.
- Systems engineer — ensuring the highest
levels of infrastructure and systems availability by managing, monitoring,
testing, and maintaining them through a variety of tools.
- Vulnerability analyst / penetration tester
— poking, prodding, and trying to break through a network or system’s defenses
to identify vulnerabilities that cybercriminals can exploit.
With all of this in mind, the next step is to figure out
whether you have the training and experience that you need for the cyber
security career you want. If not, there’s training available that can help you
5. Get training: Identify trainings or certifications you’ll need to complete
A cyber security career path doesn’t have to be a
straight line; some professionals will transition from one specialization to
another depending on their interests or to bridge the cybersecurity skills gap
within their organizations.
Once you figure out which job that you’re interested in
working, you’ll need to see what qualifications you’d need to meet to reach
that goal in the future and start working backward from there. If you’re
already working in the field, it’s likely that you already hold at least one
degree or certificate in your area of expertise. If not, now is the time to
earn those certifications to bring your paycheck to the next level.
Certifications not only show that you are taking the time
to learn new material but you’re completing certifications that require you to
demonstrate competence in your area of expertise. Some of the top
certifications that can take your career (and paycheck) to the next level
Authorization Professional (CAP)
Cloud Security Professional (CCSP)
Information Systems Security Professional (CISSP) — there are additional, more
specified concentrations for information systems security architecture,
engineering, and management professionals
Secure Software Lifecycle Professional (CSSLP)
Security Certified Practitioner (SSCP)
Information Security Manager (CISM)
Information Systems Auditor (CISA)
- Cisco Certifications:
Certified Network Associate (CCNA Security)
Certified Network Professional Security (CCNP Security)
Certified Internetwork Expert Security (CCIE Security)
Advanced Security Practitioner (CASP)
For someone with little (or no) cybersecurity experience,
start by learning IT fundamentals. You’ll need that foundation in IT to be
effective in your career. Consider earning some of the following beginner-level
- CompTIA IT Fundamentals (ITF+)
- CompTIA A+
- CompTIA Network+
- CompTIA Linux+
- CompTIA Security+
- Microsoft Technology Associate (MTA) Security
Will Ellis, a security analyst at the privacy advocacy
group Privacy Australia, says he recommends the CompTIA Security+ certification
to individuals who are early in their cyber security careers in particular:
“The reason I recommend it is because it covers all of the basics and is well-respected while being vendor neutral. It really lays the groundwork for all the IT infrastructure and cybersecurity career paths available.”
Some of the benefits of earning different certifications
is that while they often focus on their particular area of concentration, they
also cover other areas of cyber security as well to help you become a more well-rounded
and informed professional.
Choose the right certification
Not just any cyber security certification will do. Christopher
Gerg, CISO and vice president of cyber risk management at Gillware, emphasizes the importance of
choosing the right certification(s) to help meet your goals:
“In general, the value of the certification is based upon the current phase in your career. For example, if you are new to an industry holding a certification will establish a baseline of capability and knowledge. If you’re a consultant or a public speaker, a certification can do the same thing – establish a baseline of capability and knowledge. I’ve found that as my career has progressed, my resume has provided the same value, and the need for certifications has diminished. There is also obvious value in targeting the certification to the type of work you are trying to do – the Certified Ethical Hacker and Offensive Security Certified professional certifications would be of limited value if I am trying to hire an analyst for a CISO office to perform risk assessment work.”
Gerg says that the CCNA certificate (and other Cisco
certifications) have proven highly beneficial to him both
personally and professionally. “I learned a lot of fundamental knowledge about
networking and IPV4 in general – which has paid great dividends in my career.”
6. Have broad expertise: Don’t make security your only focus or
While having an area of expertise is definitely a plus,
it shouldn’t be the only ace up your sleeve. The most effective cyber security
professionals are those whose tech work experience is well rounded and who
demonstrate other skills and expertise. This means that for some IT sec pros,
you should try to have other knowledge such as project management or business
processes. This may mean branching outside your area of specialization and
explore other areas of cyber security.
As Benjamin Roussey of TechGenix.com puts it:
“Build a well-rounded skill set with skills ranging from penetration testing, IOT security, network security, identity, and access management, to other cyber-governance related soft-skills. This enables the security experts to build upon their foundation and branch out even further, into leadership roles.”
7. Explore related opportunities: Get into the industry without prior tech
Don’t have prior IT experience? That’s okay — there are
other ways that you can start a cyber security career with no prior experience.
For example, you could join the military or work at a smaller tech company
where they can train you from the ground up.
Lauren Hasson, a full-time software engineer and founder
of DevelopHer, a career development
platform for tech women, says there’s another way. Hasson says it often comes
down to finding an open door at a company that values security:
“I found a company where security matters (by day, I work at a Bay Area payments company – i.e. security is very important) and got my foot in the door through my area of expertise which was application development. Once I established a positive reputation and had ‘paid my dues,’ I began to express interest in adding security. The great news is that security professionals are hard to find so often times companies find high-performing employees internally and train them on the skills that they need to be cybersecurity professionals.”
If performing cyber security tasks isn’t for you, or if
you have other skills you want to put to use in the field, you can always look
at other related jobs. For example, if you’re a strong communicator or have a
head for sales, you may want to work in cyber security sales. If you’re a
strong communicator and have a knack for technical things but don’t want to get
involved in the day-to-day work of cyber security, then you could become a tech
writer or a technology content marketing writer. I can say from experience — if
you like to read and learn, it makes for a pretty sweet, challenging, and fun
8. Be engaged: Show initiative and engage in industry activities
It should come as no surprise that someone who is driven,
engaged, and continually striving to improve professionally often find
themselves on an upward trajectory in their cyber security career path. Thankfully,
there are things you can do to show initiative.
Dave Hatter, an Intrust
IT cyber security consultant
with more than 25 years in IT, says that cyber security professionals (and
aspiring ones as well) should engage in activities that enable them to keep
learning — even outside traditional certification opportunities. For those who
are still new to their cyber security careers, this could entail participating
in seminars and conferences. For more experienced pros, teaching at those
events could also be incredibly beneficial and educational — both to themselves
and the people they’re teaching.
Hatter suggests for high school and college-age professionals is to participate
in the National Cyber League’s Capture the Flag exercises. These puzzle-based
cybersecurity competitions serve as a virtual training ground for challenges
they will likely face in the workforce. They can also help to open doors to
future cyber security careers.
that there is a growing need for ongoing learning through outside-the-box
“Cyberattacks are increasing in frequency and complexity. Additionally, the physical world is increasingly connected to and reliant upon the cyber world meaning that cyberattacks can cause injury and chaos in the real world. The bad guys are devious and relentless, so It’s imperative for cyber security professionals to adopt the philosophy of life-long learning and to get experiential training whenever possible.”
9. Don’t overdo it: Take practical steps to avoid burnout
The advice some cyber security experts give is to take on
side projects and to always be engaged — even outside work hours — by taking on
side projects and continuing to expand their portfolios. While some cyber
security leaders promote the benefits of professionals burning their candles at
both ends, others are more cautious and see the value of work-life balance in
every cyber security career.
Allan Buxton, director of forensics at Secure Forensics, says that to be
successful, it’s vital to not overextend yourself:
“Cybersecurity attracts people with an extreme interest in technology – not just using it, but taking it apart, breaking it, or putting it back together differently. That’s a useful interest, but the temptation to continue one’s research well after working hours will ultimately only accelerate burnout. It can be useful, no doubt, but find a balance early and stick to it. Find a hobby outside of tech to pursue some nights or weekends, or make sure your home research doesn’t overlap with work requirements too often (build a home arcade instead of breaking Slack clients, for example). In the long run, you’ll find yourself more creative and committed to your craft.”
The cyber security industry is one with many open doors
for those who either have the experience or the drive to gain it. However, as
you’ve read, it’s not just about just traditional training and education —
being successful in the field also often involves:
- Being passionate and willing to learn;
- Marketing yourself;
- Being connected with other industry
professionals and associations;
- Being specialized without being too singularly
- Seeking alternative forms of training and
- Embracing your non-technical skills and finding
ways to put them to use.
What other helpful tips are you willing to share?
As always, leave any comments or questions below…
*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: https://www.thesslstore.com/blog/fire-up-your-cyber-security-career-with-these-9-job-related-tips/