How to Start a Career in Cybersecurity
How to Start a Career in Cybersecurity
Careers in cybersecurity are hot right now. With a high potential salary, excellent growth potential, and a global shortage of skilled talent, most are hired as soon as they finish school and get certified. Because of the growing demand, landing a good job in cybersecurity is almost a sure thing, and that makes the investment well worth it.
If you need evidence, all you have to do is read or watch the news. Data breaches, ransomware, high-profile hacks, and malicious attacks are becoming commonplace. To stay ahead of all the bad actors in the world, companies know they have to take a proactive stance against cybercrime. As criminals become smarter and the attacks they wage get more disruptive, it is critical to ensure an adequate defense.
The fact that there aren’t enough cybersecurity technicians to go around should be a good indicator that the odds of finding a great job are definitely in your favor.
However, that doesn’t mean anyone with a little computer knowledge and good interview skills will succeed. You need to make yourself marketable to the companies you want to work for, and that means having the goods to back up your aspirations.
Do you need a degree? Not necessarily. Do you have to know how to code? It doesn’t hurt. It all depends on the job, the company, its needs, and you. Depending on your talents, aptitudes, and capacity to learn, you could find a gratifying career without spending the better part of a decade in school.
What Kinds of Jobs Are There in Cybersecurity?
Cybersecurity professionals are always in demand. As the years go by and malicious threats become more commonplace, the need for top talent is on the rise. According to a report published by Cybersecurity Ventures, 3.5 million cybersecurity jobs will be available but unfilled by 2021. Let that sink in for a moment – that’s next year.
We can expect, all things considered, that this number will grow unless we close the skills gap, either by luring more people into the profession or reducing the risk. The latter doesn’t currently seem to be on the horizon, as threats continue to evolve, and the consequences of a data breach become more dire.
So, if you’re thinking about pursuing cybersecurity as a career or making a career change into the field, you’ve got a really good shot at achieving your goals. You don’t even have to know exactly what you want to do (unless you do), because your talents and your passions will take you in the right direction.
Here are some of the jobs you might run across when you’re doing your research:
- IT Security Consultant
- Threat Management
- Security Operations Center
- Penetration Testing
- Risk Management
- Compliance/Security Assurance
Of course, not all of these roles are hands-on technical. For example, if you’re coming to cybersecurity with a background in the legal profession, you might be well-suited to governance or compliance. These areas focus on creating and enforcing policies, and you would act as a liaison of sorts between companies who require compliance services and the technicians who design and implement them.
If you have high-level technical chops, but you also have excellent leadership and communication skills, there are lots of interesting roles you might consider.
Ultimately, where you start out might not be where you end up, but that’s normal. Many jobs aren’t necessarily cut and dried, and neither is the journey. It is important, though, especially if you’re starting from scratch, to decide where you want to end up. Your decision will ultimately dictate what you need to learn to get yourself there.
What Does it Take to Have a Career in Cybersecurity?
While a career in cybersecurity does take technical skill, you don’t have to be a particular age, gender, or nationality to get started and do well. However, the high-paying jobs do require excellent IT skills and lots of technical aptitudes so, if you’re looking to land a top position, you need to be prepared to get in the trenches and do the groundwork.
If you have some coding or development experience, you’re definitely ahead of the game. If you don’t, or if you’re not 100 percent sure that cybersecurity is right for you, there are lots of low-risk ways to get your feet wet before you dive headlong into the deep end.
But, as any cybersecurity professional will no doubt tell you, it’s not just a job, it’s a life choice. No matter where you start, you never stop learning. And since just about every job in cybersecurity comes with a certain level of stress and urgency, you have to be willing to commit. You need to be a results-focused team player who is open to all possibilities.
Other desirable aptitudes include problem-solving, communication (you will have to collaborate with lots of people), basic computer forensics, attention to detail, and a grasp of hacking because you might need to reverse-engineer an attack to understand how to dismantle it.
Do I Need Special Training for a Career in Cybersecurity?
Do you need technical skills? It depends. If you have good technical chops, you will have a lot more options. That said, there are non-technical jobs you can do in cybersecurity that are quite valuable, but you’ll still need to start a good foundation in IT if you’re going to make it work.
In cybersecurity, even management positions require a good understanding of systems, coding, applications, and networking. In general, if you apply yourself in any of those four areas, your interests will guide you to the next steps. It’s not unusual for people to start with a specific job in mind and then end up somewhere else altogether. You’ll never really know what you’re good at until you try – and since cybersecurity is a pretty intense gig at the best of times, it’s a good idea to be sure you love what you do.
Where Do I Start?
If you already have a general understanding of security and IT frameworks, and if you combine that with great people management and problem-solving skills, an open mind, a collaborative nature, and an eagerness to learn, you’re in a very good place.
Typically, most people in cybersecurity come from one of these three areas of the tech realm: system administration, development/programming, or networking.
If you don’t have experience or background in these areas, you will need to get some. You can do this either at a university, a technical or trade school, or by getting certified. In truth, if you don’t have a solid understanding of these three areas, it will be challenging to get where you want to be.
Learning to detect and mitigate cyberattacks means knowing the languages they were written in. If you want to be successful, you need to understand how systems work. It is science, after all, not guesswork. Without a solid foundation in programming languages, your options are limited.
Of course, you can still get ahead in cybersecurity without a lot of technical proficiency, but consider this: if you don’t have this background or understanding, you will almost certainly have to depend on people who do. You won’t have access to the best opportunities, and you likely won’t progress beyond a certain salary level. If these aspects are important to you, it’s time to bone up.
Here’s what you need to do:
1. Learn From the Best
Every good coder needs to upgrade their skills and knowledge continuously. Like just about any other advancing technology, things change all the time. The only way to stay on top of current trends in cybersecurity, coding, and cyberattacks is to keep your eye on the news and follow reputable people in the industry.
Blogs and articles are excellent sources of input, but Twitter is probably the best way to access the most relevant and timely information. Since Twitter offers newly minted data in real-time, it has an advantage over just about any other news source. Plus, it’s where all the real sec-ops and IT influencers are, so joining the fray puts you in good company.
RSS feeds are another great way to stay current. Once you’ve identified people you want to follow, track their posts in an RSS reader tool, so you’ve always got fresh sources of insight.
2. Get Some Schooling
Not everybody has the time or discipline to get a university degree. However, if you’re young and you have the opportunity, it will give you a great start on what will no doubt be a highly rewarding career in cybersecurity.
On the other hand, there are plenty of arguments against going the university route. For example, it’s four (or more) years that you could be working and honing your skills in the real world. Plus, university computer science tends to focus more on theory than practice. If you’re eager to dive in sooner and get right to it, choosing a technical school might be a little more up your alley.
Again, knowing where you want to end up will give you an idea of the skills you’ll need to get there.
Online training is another way to go, especially if you’re just starting out or testing the waters. Online courses aren’t just for beginners, though. Many of them focus on upgrading and enhancing advanced skills and they are an excellent way to stay current with new cybersecurity trends.
3. Get Certified
Certifications are another great thing to have under your belt. You can start with a free (or cheap) beginner-level certification from Udemy or Udacity and see how it goes. Most beginner courses are relatively short, often four weeks, after which you will at least have a grasp of what’s involved in your career choice and hopefully be able to decide whether it’s right for you.
Once you have worked for a few years in the field, you will want to step up your game a bit. By this point, you will probably have figured out what you’re good at, so it should be easy to make some decisions as to what certification is right for you. Certifications demonstrate your commitment and willingness to better yourself, both of which are desirable qualities in any employee, but most especially if you are in a dynamic field like cybersecurity.
If you already have some skills, you’ll want to look at some higher-level certifications. There are plenty to choose from, many of them specific to specialties within the cybersecurity niche. Some of these include:
CompTIA. This is a general certification. To qualify, you will need a minimum of two years in IT under your belt. CompTIA is essential for basic, all-around cybersecurity knowledge.
CompTIA Security+ certification is considered the benchmark as far as best practices in the IT security field is concerned. Considering the importance of security in not only the business world, but our daily lives as we spend more and more time online, this is quite an achievement.
CompTIA PenTest+ Penetration testing is performed by purposefully carrying out a cyber attack on an organisation’s computer systems in order to gauge the effectiveness of that company’s IT security measures. The CompTIA PenTest+ certification is a highly sought-after, hands-on course that teaches networking and security professionals to perform these tests in their own organisations.
CompTIA Cybersecurity Analyst (CySA+) course will teach security professionals to configure and use threat detection tools, perform data analysis and interpret the results in order to identify vulnerabilities, threats and risks to your organization’s computer systems.
Certified Ethical Hacker (CEH). Certified Ethical Hackers are skilled professionals who understand and know how to look for weaknesses and vulnerabilities in target systems and use the same knowledge and tools as a malicious hacker.
The CISSP (Certified Information Security Professional) certification has become a necessity for anyone that wishes to progress to a senior level in their information security career and, thus is perfect for mid- to senior level managers with 3-5 years experience. The certification is not only seen as a measure of distinction, but also as a worldwide benchmark of accomplishment in the security field.
How Much Does a Cybersecurity Specialist Make?
The salary an IT security specialist commands make it a highly desirable job, but the range of compensation is as diverse as the jobs themselves. According to salary.com, the median salary for a cybersecurity specialist is $133,330, but depending on years of experience, education, and location, it could be as high as $215,000 or more.
Currently, these are some of the top-paid jobs in cybersecurity today:
- Information Security Manager. An ISM ensures compliance with data security laws and regulations and pays to $215,000 annually.
- Cybersecurity Engineer. The CE is responsible for designing, developing, and implementing secure network solutions.
- Cybersecurity Analyst. With an average annual salary of up to $160,000, a cybersecurity analyst works with penetration testers and IT security managers to help companies avoid malicious attacks.
- Penetration Tester. Pen testers make in the realm of $100,000 to $130,000 per year. Penetration testers need to stay one step ahead of threat technology and hacking strategies so they can anticipate any possible situation.
- Security Architect is the individual who is responsible for maintaining the security of a company's computer system. They must think like a hacker would, because they must anticipate all of the moves and tactics that hackers will use to try and gain unauthorized access to the computer system $100,000 to $150,000 per year.
Are You Ready to Start a Career in Cybersecurity?
Deciding to start a career in cybersecurity is a big step. Whether it is your first career choice, a lateral move from another area of IT, or a complete pivot from where you were, you are sure to find it a challenging, stimulating, and incredibly rewarding vocation. As cyberthreats become more insidious and the financial penalties increase, the need for qualified professionals intensifies, ensuring plenty of opportunities, no matter where you live in the world.
Are you wondering if a career in cybersecurity is right for you?
Here’s a thought: take our quiz and get one step closer to an exciting future.