If the global cybercrime forecast took the form of a weather report, it might go something like this: The extended outlook calls for continued online lawlessness, scattered malware attacks and an ongoing blizzard of data breaches. After all, with experts predicting that the cybercrime epidemic will cost the world $6 trillion annually by 2021 as the shortage of qualified cybersecurity professionals climbs to 3.5 million unfilled positions, the metaphor of dark skies is hardly an exaggeration. On the brighter side, however — for skilled cybersecurity professionals or entry-level workers on the lookout for an opportunity — these same conditions have created something of a perfect storm on the employment horizon. Experts describe the cybersecurity jobs landscape as “a seller’s market” with zero percent unemployment, as organizations offer high salaries amid fierce competition for top talent. “The commercial industries are stealing people out of the NSA and CIA like crazy because corporations are having such a problem with foreign espionage. The demand for people who understand these threats has skyrocketed,” Paul Smith, vice president at PEAK Technical Staffing told CSOonline.com. At the upper end of the salary spectrum, he noted, a highly skilled professional with the right experience can earn upwards of $400,000. Entry-level salaries also run significantly higher than in many other industries, attracting new talent to the field as a growing number of industry certifications and advanced degree programs work to help develop the pipeline of talent at all levels. But how do you position yourself to gain entry into this exciting, vitally important and fast-moving field? First, be aware that the bar for “entry level” is considered to be higher in cybersecurity than in other lines of work. However, opportunities are plentiful — so read on for a helpful collection of tips and strategies for your job search. https://twitter.com/TripwireInc/status/1283691803829469185
Cybersecurity Job Search Tips and Strategies
Speak the Language
The world of cybersecurity has a language all its own. So you’ll need to be fluent in the highly technical vocabulary spoken by cyber professionals. For example: You can be certain that anyone who asks about your “white hat” capabilities will not be inquiring about your headgear. All kidding aside, be sure you have a solid grasp of essential industry terms and acronyms from A to Z (Advanced Persistent Threats to Zero-Day Attacks). Here are a few helpful resources:
- The CyberWire, a cybersecurity-focused news service and thought leader
- The National Initiative for Cybersecurity Careers and Studies, an online resource for cybersecurity training under the Department of Homeland Security
- Cybrary.it, a cybersecurity and IT workforce development platform focused on preparing cybersecurity and IT professionals for the next step in their career
Read Cybersecurity Blogs and Websites
The cybersecurity ecosystem can seem like a whole other world to newcomers. In addition to unfamiliar, Sci-Fi-sounding terminology, there is a constant flow of news and new trends and techniques, developments and advancements. Reading blogs and exploring influential industry websites is one of the best ways to get your virtual finger on the pulse. Start by checking out one of the many lists of top cybersecurity blogs and websites put together by industry advocates.
Survey the Landscape of Entry-Level Cybersecurity Jobs
Nobody’s going to make the mistake of applying for a chief information security officer job right out of college, but you’ll want to develop a clear idea of what jobs are realistic given your specific level of skill, education and experience. Three such potential jobs are discussed in a SecurityIntelligence.com article titled “How to Land an Entry-Level Cybersecurity Job,” which spotlights Information Security Analyst, Junior Penetration Tester, Network and Computer Systems Administrator. One industry resource that is designed specifically for cybersecurity job seekers at all levels is Cyberseek.org, which helps connect the dots between specific skills such as software development, systems engineering and IT networking, and specific opportunities (entry-level, mid-level and advanced) in cybersecurity.
Pick an Area of Focus
Are you an engineering type or a natural-born IT whiz? A tech-savvy quick study with solid leadership skills? Cybersecurity is an extremely broad and diverse field. So it is often advisable for entry-level professionals to decide what area of cybersecurity they want to focus on. Much of this will depend upon your existing proficiencies, as well as your aptitude for learning highly technical skills that will expand your spectrum of opportunities. But determining what areas you are most interested in will help you set goals, both short term and long term, as you gain skills and experience with an eye on specific types of jobs.
Explore Internships and Apprenticeships
Cybersecurity career resource Circadence.com advises entry-level job seekers to explore internships, apprenticeships and alternative pathways to gaining experience. Doing so is part of a “go-getting attitude” that is helpful in most career searches, cybersecurity included. The article points out that internships are available through many community colleges, technical colleges and universities, some of which “have well-oiled practices of connecting students with local companies.” It touts apprenticeships as a valuable “learn while you earn” experience that is beneficial for both the company offering the opportunity and the apprentice.
Experience, Experience, Experience
Like nearly all cybersecurity career advocacy organizations, Circadence places heavy emphasis on gaining experience however you can, and distinguishes between three types of experience. In addition to “real-world training experience,” it cites the value of:
- Technical experience – One example of this is the knowledge and skills gained through industry certification programs.
- Degree experience – Though not all cybersecurity jobs require a degree, many positions, especially higher-level jobs, will require or at least prefer a combination of all three types of experience.
Chuck Bane, a longtime cybersecurity expert now serving as academic director of the University of San Diego’s online Master of Science in Cyber Security Engineering, notes that some academic programs provide opportunities to gain simulated work experience by challenging students to conduct virtualization experiments in a safe “sandbox” environment — building secure systems, running scans, then analyzing and acting on the results, just as they would in many cybersecurity jobs. Though there are cybersecurity jobs that do not require a technical background, having a working knowledge of programming is extremely helpful. Demand for qualified workers is high, so many organizations are open to hiring people from different backgrounds. An article exploring “How to Get Into Cybersecurity, Regardless of Your Background” by Springboard.com offers helpful advice on entering the cybersecurity workforce from a non-technical background.
Cybersecurity Job Interview Tips
Tout Your Skills
Be ready to discuss your hard skills but — and this is important — without exaggerating or overstating them. Also be ready to emphasize your soft skills; there is considerable demand in the cybersecurity workforce for talented communicators who possess the ability to translate cyber speak into layman’s terms, for example to liaison between the front-line tech team and non-tech stakeholders or executives.
Ask Intelligent Questions
You know that part of the job interview when the interviewer asks the applicant if they have any questions? Often, people are so focused on what questions they will be asked that they neglect to prepare any questions for their potential employer. This is a missed opportunity. So be ready to ask something that shows an understanding of and a curiosity about the role for which you’re applying, rather than wasting this opportunity with a question about the dress code or whether or not the company gives you two days off at Thanksgiving.
Do Some Extra Homework
The more you know about the companies or organizations to which you are applying before the interview, the better you’ll be able to impress them with your diligence and initiative in taking the time to understand what they are all about. Such research will position you to ask better questions, provide more relevant answers and perhaps even impress your interviewer with a unique insight about the company. This also applies to being as knowledgeable as possible about the specific position or type of position you are applying for. Having such knowledge at your fingertips will also help you feel more confident going in.
Cybersecurity Career Training
There are multiple pathways to success in cybersecurity. For example, this is a field where it is not particularly unusual to find super-skilled high school or college dropouts pulling down six figures alongside co-workers who have earned a master’s degree. The path to success as a cybersecurity professional is different for everyone. However, a tried-and-true approach shared by many is to combine real-life experience with some academic and technical training (such as advanced degree programs and certifications) to further expand your overall knowledge and capabilities, as well as to develop some specialized skills.
About the Author: Michelle Moore, Ph.D., is academic director and professor of practice for the University of San Diego’s innovative, online Master of Science in Cyber Security Operations and Leadership program. She is also a researcher, author and cybersecurity policy analyst with over two decades of private-sector and government experience as a cybersecurity expert. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.