Do you remember the excitement as kids (I am still very much a kid at heart) while enjoying a fast paced game of cops and robbers during recess? Cybersecurity is similar, yet nothing like that! Typically, as a cybersecurity professional, you get to venture, albeit in simulation, to both sides--as with cops and robbers you got to experience being the good guy as well as the bad guy, both with their intriguing aspects. So how exactly does this relate to cybersecurity? Well, to become a good cybersecurity professional, you must be able to simulate the activities of the hacker (the robber) or the person with malicious intent as well as the security analyst (the cop). You have the opportunity to take on both roles (all in one job!), both attack and defend--how cool is that?! This allows further enhancement of your skills and improves your ability to detect future potential threats, and most of all, makes you a better cybersecurity professional.
Cybersecurity is not akin to how it is portrayed in films. The majority of your day job will relate to cyber analysis, and although no day is the same (boring does not exist in this job), excitement levels can be a bit of a rollercoaster ride.
There is no better time than now to get involved in the cybersecurity space, since a multiplicity of jobs remain unfilled in this discipline due to the deficit in certified cybersecurity professionals within the industry. The rising demand is overtaking the number of cybersecurity experts qualified for the roles, so many career opportunities are available.
I’m often asked how one should go about landing a job and potentially a career in cybersecurity, and
having been a part of the cybersecurity realm for over 15 years and having employed over 80 people in this domain, I am optimistic that I can offer some direction on how to go about this. Realising your cybersecurity dream does not need to be an intimidating or arduous task--although it will take dedication and work--and if you are intrigued and have the necessary determination, please read on!
A typical day in the life of a cybersecurity professional
Cybersecurity is one of the fastest growing sectors in computing; it has all the traits for an exciting and fulfilling job. Primarily we function (usually as an extensive team) to provide security expertise and to assist in preventing cyber-attacks through the monitoring and analysing of network traffic and the identification of intrusions. We have the ability to understand the links between both security and threats, and are able to offer proactive and dynamic solutions to identify threats and incidents (We sound a bit like superheroes-don’t we?!). Forget the stereotypical ponytailed hacker’s scenario--today, cybersecurity is a broad discipline with a myriad of facets. Believe me, there is something for everyone!
A typical day involves a lot of monitoring and analysis covering all potential threat areas: networks, firewalls, databases and applications, to name a few. These areas for opportunistic as well as tailored attacks continue to grow. It is important to stay on top of changes in the cybersecurity world and keep up-to-date with the cyber news to ensure that you remain abreast of any new potential threats or attacks. A fundamental part of cybersecurity is doing everything possible to keep ahead of the attacker, to know the attacker’s next move, and to stop the attacker in his or her tracks. Although this is the ideal but unfortunately not always the outcome, when it is achieved, there is no better feeling of job satisfaction.
A lot of R&D is undertaken in a day’s work – just like we alluded to earlier, ‘playing cops and robbers!’ is all about taking on the role of attacker and defender to try to preempt attacks in order to better defend against them.
Cybersecurity requires commitment and discipline as it’s a fast paced growing area of computing. It has a bad reputation for not being the easiest subject to get one’s head around or to keep up-to-date with. That being said, practice and enjoyment of the craft will stand you in good stead.
So, you are adamant that cybersecurity is the job for you - what should you do next?
There are various disciplines in cybersecurity to explore and thus it is essential to properly align your areas of interest to find the right path that makes sense for you. Consider the steps below:
Step 1: Understand and choose your direction carefully
Security is broken up into three main elements and together these elements (described below) form the three security pillars for a comprehensive cybersecurity posture.
- Confidentiality: This discipline encompasses components such as encryption, access control, identity management, and is about keeping data and systems accessible only to authorised users.
- Integrity: This discipline encompasses components such as backups, hashing, logging and monitoring, verification, forensics, and auditing.
- Availability: This discipline encompasses components for high availability, resilience, DDoS attack mitigation, and other related essentials.
These security disciplines can be further divided into the following elements:
- Security engineering: this includes application and development security
- Security operations
- Telecommunications and network infrastructure security (the largest and broadest discipline)
- Physical security (this covers all elements of the physical world and the intersection of physical and technological and how they need to meet to form a comprehensive solution)
- Security and risk management
- Asset security
- Identity and access management
- Security assessment and testing
Choosing to learn all of the above disciplines will aid you in becoming a general practitioner. However, you may choose to specialise in one specific area. From my experience, they are all relevant and there are lots of exciting opportunities for all disciplines. The great thing about security is that no matter the operating system, no matter the network or environment, there will always be a requirement for security.
Step 2: Decide on an institute to engage and your preferred path to certification
The journey to becoming a cybersecurity professional is just that, a journey. It does not happen instantaneously but rather through an accumulation of skills sets, practice, and broadening of technical knowledge and abilities over time. The progression of an IT professional to that of a cybersecurity professional is a different process to that of a newcomer wanting to become a cybersecurity expert.
There is no fast-track option (sorry!) to obtain the desired cybersecurity status--a distinguished status such as this will take time to achieve. A strong IT foundation is a prerequisite followed by some years of relevant experience before you can even begin to pursue a cybersecurity specific qualification and career path.
A number of options are available to explore and a variety of academic routes are available for those looking to kick-start a career in cybersecurity.
For the newcomers to IT (School graduates or individuals moving from non IT career backgrounds)
A newcomer to IT will need to start by obtaining an IT foundation certification. This will be the first step in gaining the needed expertise to land a job in the IT space, enabling you to gain the experience required to further your learning to include cybersecurity and ultimately realise your cybersecurity dream (Be patient--all good things take time).
A certification can be achieved by obtaining an appropriate degree through a university (computer science, IT management for business, software development, or other related IT fields). Understandably, university is not for everyone, so in this case, perhaps a foundation course in IT may be a good option to consider as a stepping stone. An excellent one to ignite your IT career may be the CompTIA A+ Certification; it validates foundation skills, is vendor neutral, and is a globally recognised and trusted certification.
Options which include hands-on learning opportunities are, in my opinion, most advantageous.
A tried and tested path to follow is an apprenticeship scheme and there are many organisations making this option available to cybersecurity hopefuls. Typically, this starts with the individual having an interest in cybersecurity and building, in their own time, some skills based on their interests. Some organisations have four or five year programs to train individuals, aiding them to attain the necessary skills needed for obtaining the highly recommended CISSP (hang on, I will elaborate soon!).
For the IT Professional wanting to pursue a cybersecurity job
You have been working in IT for some time and have decided that cybersecurity is where you want to be. You have the technical foundation and you have the experience under your belt too. What do you do next?
I am a strong supporter of utilising training courses and certifications as a means to develop technical ability and land your first job in cybersecurity.
A very good option available to the more experienced IT professional already working in the IT sector is to follow a cybersecurity approach based on ISC² (International Information System Consortium). ISC² is a global leader in educating and certifying cyber, information, software, and infrastructure security professionals. They have a plethora of relevant security courses and are recognised as the Gold Standard in information security certifications. You will need a minimum of 4 years of experience in cybersecurity related work or an equivalent degree to take on a cybersecurity specific certification through this prestigious consortium.
An excellent certification is the CISSP (I said I’d elaborate--here goes!)
The CISSP (Certified Information Systems Security Professional) is a globally recognised standard of achievement and an objective measure of security excellence. It was one of the first credentials in the field on information security and remains one of the most sought after certifications. The certification tests competence in 8 very relevant security domains. These include:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
The highly recommended CISSP is a vendor-neutral certification. I always recommend steering clear of a vendor-only path as a cybersecurity discipline is broader than just a single vendor’s views. Besides, pinning your career on one vendor could be restricting!
Step 3: Seek out a mentor
The assistance and support from a knowledgeable cybersecurity professional is invaluable. Do yourself a favour and from the get go, seek out a leader in the cybersecurity space that will be willing to sponsor you during your training and help you along your journey. Not only has this person walked the same path that you are choosing to walk but they also have the experience and insight into the world that you are deciding to enter.
For newcomers, keep an eye out for cybersecurity challenges, events, and competitions (these take place globally) to encourage advancements in the cybersecurity sector. These events allow you to meet an array of cybersecurity professionals and are a great networking opportunity. By showing your unrivalled interest in cybersecurity and your motivation to succeed, you are sure to find a mentor who will be happy to oblige.
Step 4: Volunteer your time and get some experience
When starting off on any new venture, obtaining as much relevant experience as you can will help build you as a person, and will add to your skill set. At the end of the day, nothing speaks louder than experience. No matter how many paper certifications or accreditations you may have, experience is what is valued by the organisations as it represents a track record of your successes.
As a newcomer, you may find this more difficult to achieve. However, many opportunities exist where you can demonstrate your enthusiasm and develop your skills. As referred to previously, cybersecurity challenges, events, and competitions take place globally and frequently. Not only do these events give any motivated individual the opportunity to showcase their skills (even those self-taught), they double up as a great networking opportunity for you to meet cybersecurity professionals and show your interest. A lot of the time, this culminates in new opportunities for gaining invaluable experience and may even open doors to training opportunities and/or job offers. Ultimately, if you have the determination and vision, you can make it work--even if you are a newcomer.
You have the dream and now you have the direction too, so what are you waiting for...make it happen!
Cybersecurity is an extremely exciting and developing field that will be around for some time yet. As long as cybercrime persists (and there is no notion of it fading anytime soon), there will be the need for cybersecurity professionals and the deficit in the industry will ensure that you have loads to look forward to as long as there are people, devices, and networks to secure and defend.
This is an exciting time in tech and it’s about to get a whole lot more interesting. Defending against the bad guys has never been as challenging and as rewarding as it is now. Welcome to the wonderful world of cybersecurity, and soon you too will hopefully be joining in a good game of cops and robbers, the “cybersec” way!