Cybersecurity is an in-demand field. Growing cyber attacks, demand for safe and secure data, and other concerns mean that companies need professionals to keep their information safe.
It’s a financially lucrative one as well: “Cybersecurity professionals report an average salary of $116,000, or approximately $55.77 per hour. That’s nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics.” (source)
But many cybersecurity professionals aren’t doing it for the paycheck alone. It’s a role that comes with an incredible amount of responsibility and brings immense value to an organization.
Moreover, there are lots of opportunities in government agencies and defense/aerospace firms for cybersecurity professionals. Also financial services – think industries with classified or private data. However, all kinds of companies are looking for cybersecurity professionals nowadays.
1. Don’t specialize just in security
The best security professionals have well-rounded experience in tech work. Sean Tierney, head of the cyber intelligence team at Infoblox, says, “The thing that will make you good at security is that you are great at something else first. For example, become a master of the fundamentals of data networks, be an expert at administering multiple operating systems or be proficient at multiple scripting languages (Python, Bash, etc.).”
If you’re coming to cybersecurity from another sector of technical work, Tierney’s colleague Rod Rasmussen, VP of CyberSecurity at Infoblox, has tips for switching over: “If you’re already in IT, then spend time studying up on network security, dealing with endpoint hygiene, or whatever is related to the work you’re already doing. You will find that you will become “the security guru” in your office pretty quick by doing that and from there, the transition becomes a lot easier.”
2. Sometimes it’s who you know–so network
This is something that’s true across industries. Tierney says, “Professional networking. Get to know as many people in the industry as you can. Get involved in open source or community projects. Another thing often overlooked in networking is offering to help others more than you ask for help.”
In-person networking is ideal: get involved in meetups, attend conferences, ask for tips over coffee with current security professionals of local tech companies. If these things aren’t possible, online networking is a good idea too.
3. Not in tech yet? Start by studying up on IT basics
Rasmussen advises, “If you aren’t in the IT space at all, start with learning IT fundamentals. We’ve seen this as necessary for even folks like FBI or other law enforcement officers who have the investigatory or ‘finding bad guys’ part down really well. That will serve you well in cyber, but regardless of your background, you need those building block fundamentals in IT in order to create an effective new career in cybersecurity.”
To gain these skills, check out technical and community colleges near you for night courses. “Most of those, particularly those that provide network management courses, offer good courses in security basics,” says Rasmussen. You can also look into online courses through websites like edX that feature top courses from real universities.
4. Legitimize your skills by earning certifications
The Security+ certification is a good place to start; having one will go a long way toward showing employers that you can handle the job duties of a cybersecurity job. Another common certification for cybersecurity professionals is the Certified Information Systems Security Professional (CISSP) certification.
Rasmussen points out that you don’t need to have a full degree or extensive credentials to become successful. “With the lack of manpower in the industry right now, just getting your basic credentialing and having at least some aptitude is sufficient to get an entry-level job. Those that are proficient will rise rapidly.”
5. Show initiative in your own time
Tierney says, “Self-directed learning and experimentation are critical. College degrees, vendor training and professional certifications are great. However, the most frequent interview question is always along the lines of, “tell me about your home lab, what kind of systems you’re running, and work you’re doing?” Followed up by, “what have you learned?”
Adds Rasmussen, “There are dozens of good books and courses on things like reverse engineering malware, tracking malicious activities on the internet and other such cyber-related skills. We’ve taken many folks with basic IT skills and turned them into very proficient cybersecurity engineers and investigators by supporting self-study combined with team-led reinforcement of those principles — usually in far less than a year.”
Contributing to open-source projects not only provides demonstrable initiative and skills, but it also helps out the tech community: a win-win.
6. Hone your data analysis skills
In cybersecurity, it’s critical to be competent at noticing trends in large amounts of data–so if you’re coming from a background in big data, you’ll be well set up. If you don’t come from that background, it’s well worth taking a course in it and getting some real experience collecting and analyzing large amounts of information.