A few months ago, I read a statistic that the cybersecurity occupation hit a zero percent unemployment rate. This was certainly great news for any of us in this profession—especially considering all of the workforce volatility created by COVID and the economy. It's a great feeling to work in a field that's in high demand, but I doubt any cybersecurity professional got into this field solely for job security. Rather, it was an extension of some core value or interest that drove us to being an information security professional, whether that's the ability to make a company or our nation more secure, working in a diverse and technical environment, or something else. This field has so much to offer.
Here are three reasons why you should consider a career in cybersecurity:
- Many roads can lead to cybersecurity: I would have never guessed that getting my degree in Journalism would ultimately lead to how I got started in cybersecurity. When I was in college in the mid-1980s, information security/cybersecurity did not exist; at least, not the way it is today. After graduation, I wound up getting a masters degree in information technology and worked as a mainframe programmer. About seven years after graduation, I was offered a position at Bear Stearns, which, at that time, was one of the top investment banks in the world. The role was for a Technology Auditor, which involved a fair share of information security auditing. It turns out they hired me specifically because I was a journalism major and felt that, at the very least, I could help with their report writing and presentations, which apparently had been lacking in the group. And that's exactly what I did for my first few months. I picked up on some aspects of this field: writing, editing reports, doing the whole journalism thing, and, as I did this, I gained more knowledge to where I was ultimately performing the audits myself. After that, I moved on to technology risk and information security consulting – where I remain to this day, nearly 25 years later. Some people have had a more ‘traditional’ career path – where they may have worked in information security soon after college and continued their entire career. And, certainly, the recent (or soon-to-be) graduates may have even majored in cybersecurity. Over the years, I have seen people from all backgrounds and degree programs succeed in this field – from English Literature to the most technical degree programs. Unlike many professions, there are a huge variety of skills and backgrounds that can lead you here.
- Variety of work: Ask any cyber professional and they will tell you: 'No two breaches are the same. No two cyber assessments are the same.' Every cyber incident, audit, or assessment is unique and involves sorting through various amounts of data to understand both the root cause of a control gap, as well as the best method to remediate. In all of my 20+ years in consulting, working across some of the most diverse companies worldwide, I can attest to this. And this is probably one of the reasons I stayed in the field for so long. If you are one of those people that likes new challenges and continual learning, working in cybersecurity is something you will certainly enjoy. There is literally no end to what you can learn and build upon. You can specialize in a particular technology or device (like firewalls), a process or methodology (such as incident response), or, even, the management and governance side of cybersecurity.
- Having a positive impact: Helping a company or government agency become more secure and resilient to cyber-attacks is a great feeling. Your job has a real impact. In all the years I’ve been in this field, I’ve never outgrown that feeling I get when I have made a difference, however small, towards putting a company back on track with their cyber program. And the best part is that there are so many ways we can add value that aligns to our individual skills. We can help a company recover from an attack, prevent an attack, give executive presentations on identified threats, implement new technologies, etc. There is no limit to how we can help; it just takes dedication and using our skills to promote awareness and increase cyber maturity.
If you are looking to get started in cybersecurity, but do not have the specific skills and background yet, a good first step is to obtain a certification. Depending on your background, you may need a few years to actually be able to become fully certified, but, by passing the exam, you demonstrate your commitment and a core set of knowledge.
Here are some of the top, vendor-neutral certifications to consider:
- CompTIA Security+
- CISSP — Certified Information Systems Security Professional
- CISM — Certified Information Security Manager
- CISA — Certified Information Systems Auditor
- GIAC — Global Information Assurance Certification
- CEH — Certified Ethical Hacker
There are also an abundance of online courses available through Coursera and similar platforms that you can take and include on your resume.
Like any job search, you are going to have to network and build relationships. Consider joining a local chapter of ISACA or ISC2 (two global organizations dedicated to information security, audit, and governance), or volunteer your time. You will meet some great people who can give you advice or may pass on an opportunity.
Lastly, don’t forget to highlight your experience, including soft skills, on your resume and LinkedIn profiles. Remember that cybersecurity is a multi-faceted occupation that involves analysis, management, presentations, report writing, and technical work.
With a shortage of talent and the increasing importance of cybersecurity in business initiatives, the time is right for a career in cybersecurity. With time, patience, and hard work, you can be successful in this growing field.