Preparing for a cyber security career is more enjoyable than you may think! The technical challenge, problem-solving, constant change (you’re never bored!), and continuous learning opportunities are positive experiences one can have when entering the field of cyber security.
For any interested student or autodidactic, a cyber career path may seem a little daunting. But with the right cyber security tools and teachings in place, coupled with the latest proficiencies, any person can learn cyber and garner the skills necessary to enter the workforce with confidence and competency.
The earning potential for an individual pursuing a career in cyber is significant. The national average frontline cyber security career salary is $93,000 (on the low end) for a security-related position in the U.S. according to the Robert Half Technology’s 2019 Salary Guide. The industry offers high paying jobs, yet many positions continue to be unfilled with an estimated 3.5 million open cyber positions by 2021. Today, there are more than 300,000 open positions nationwide.
This begs the question: what is the best way to fill the cyber security skills gap with motivated and budding professionals? The answer is multi-faceted but at its core is a fundamental shift in how we prepare and train them with the skills needed to thrive.
Pro Tips for Building a Cyber Security Career Path
Just like many other career paths, cyber security needs people who possess a mix of academic, theoretical-based knowledge, practical skill sets, and a lot of creative thinking. An aspiring cyber security professional can learn the knowledge, skills, and abilities needed in the industry, seek out internships and/or apprenticeships, and learn of careers in cyber without actually being on the defensive frontlines of cyber attacks. Details of each approach are below.
IDENTIFY INDIVIDUAL CYBER STRENGTHS AND KNOWLEDGE/SKILLS/ABILITIES (KSAs)
The first suggestion for an individual who wants to learns on their own is to match their unique strengths (technical and non-technical) to the kinds of knowledge, skills, and abilities needed to do certain cyber jobs in the workplace. Understand what kinds of jobs are available too. For students, they will likely learn these details in traditional classes and in their coursework assignments. With Google at our fingertips, however, it’s easy to find a variety of online resources to learn cyber security KSA’s including ISACA, ISC(2), ISSA, and The SANS Institute—all of which provide information about the profession and detail certification and training options. Understanding the kinds of tasks performed in certain work roles and the kinds of behaviors needed to perform certain jobs, an aspiring cyber professional will be better prepared during the interview and job search process. He/she won’t be surprised to learn about what is required to start a job in cyber security.
PURSUE INTERNSHIPS, APPRENTICESHIPS, ALTERNATIVE PATHWAYS
As a self-guided learner, you likely have the go-getting attitude needed to find a cyber security internship, apprenticeship, or alternative trade school to start building your knowledge, skills, and abilities more.
Internships are available through many community colleges, technical colleges, and universities, each of which have well-oiled practices of connecting students with local companies. In fact, it’s not uncommon for most students, both undergraduate and graduate, to be required to complete an internship in their field of study before graduation.
Apprenticeships are a “learn while you earn” kind of model and are incredibly beneficial for both the company offering the apprenticeship and the student.
“This is absolutely fundamental, and a key plan in meeting the workforce needs. Our solution to the gap will be about skills and technical ability,” says Eric Iversen, VP of Learning & Communications, Start Engineering. “And the most successful of apprenticeship programs offer student benefits (e.g., real-world job skills, active income, mentorship, industry-recognized credentials, an inside track to full-time employment, etc.) and employer benefits (i.e., developed talent that matches specific needs and skill sets, reduced hiring costs and a high return on investment, low turnover rates and employee retention, etc.)”
The Department of Homeland security created a Cyber Corp Scholarship program to fund undergraduate and graduate degrees in Cyber Security. Students in this program agree to work for the Federal Government after graduating (with a one year service for every year of scholarship).
These types of opportunities are especially advantageous for recruiting individuals who may be switching careers, may not have advanced degrees, or are looking to re-enter the field.
Alternative pathways are also quite accessible for the college graduate or self-driven learner seeking a career in cyber security. One cyber career pathway is via “stackable” courses, credits, and certifications that allow learners to quickly build their knowledgebase and get industry-relevant experience. These kinds of courses are available in high school (taking collegiate-level courses) and at the college level. Another type of alternative pathway is via cyber competitions and hackathons. Learners can gain practical skills in a game-like event while meeting fellow ambitious professionals. Participating in these events also makes for great “extracurricular activities” on one’s resumé too.
Circadence is proud to lend its platform Project Ares® for many local and national cyber competitions including the Wicked6 Cyber Games, cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge so students can engage in healthy competition and skill-building among peers. For more information on cyber competitions and hackathons, check out the Air Force Association’s CyberPatriot, Carnegie Mellon’s picoCTF, Major League Hacking, and the National Cyber League.
Cyberseek.org also has a detailed and interactive roadmap for hopeful professionals to learn more about how to start and advance their careers in cyber security. This interactive cyber security career pathway map breaks it all down. For example, if you’re interested in a software development role, you’ll want to build skills in Java or Python, databases, code testing, and software engineering, as well as, build cyber skills in cryptography, information assurance, security operations, risk management, and vulnerability assessment. You may also consider certifications in Certified Ethical Hacking (CEH), Security+, Network+, Linux+, Offensive Security Certified Professional (OSCP), CISSP, and GIAC in addition to having real-world experience and training.
Cyber Security Career Requirements
We recommend three types of experience when considering a career in cyber security:
· Degree experience for basic understandings of cyber theory and practice
· Technical experience to demonstrate learned knowledge translates to skill sets acquired
· Real-world training experience, either via an internship/on-the-job opportunity or via realistic cyber range training
Many entry-level cyber security job descriptions will require at least a bachelor’s degree or 4 years’ experience in lieu of a degree. Higher-level positions will require the academic degree plus some technical experience and/or real-world training.
It’s important to note that there are two types of cyber training available: A traditional classroom-based setting and an on-demand, persistent training option. Both are great in their own ways and can complement each other for holistic cyber learning. The classroom-based learning presents information to learners via PowerPoints, lectures, and/or video tutorials. Learners can take that knowledge and apply it in a hands-on virtual cyber range environment to see how such concepts play out in real-life cyber scenarios.
Since cyber security is an interdisciplinary field, it requires knowledge in technology, human behavior/thinking, risk, law, and regulation—to name a few. While many enter the field with the technical aptitude, many forget the “soft skills” to cyber security. To communicate effectively with a cyber team, problem-solve, analyze data, identify vulnerabilities, and understand the “security story” of the employer, a young professional needs to possess and demonstrate those social skills to thrive in their job.
The Variety of Cybersecurity Fields are Endless
There’s more to cyber security than being a network analyst or incident response manager. Interested, aspirant professionals can work in cyber security through other departments beyond security and IT. Cyber careers in human resources, marketing, finance, and business operations are all available sectors that allow a learner to “be in cyber” without doing the actual day-to-day frontline security defense tactics. It is important to know about the other careers individuals can pursue in cyber security because it is not just for the IT department to “manage” within a business. Furthermore, cyber security roles don’t have to be pursued at technology companies – there are many healthcare, banking, energy, and enterprise companies seeking cyber security professionals in their organizations. So, if a certain industry is of interest to you, you can explore cyber in that specific industry. In the age of digital transformation, practically every sector has a security need that needs hardened.
For young graduates entering the cyber security field, a multi-faceted approach to learning cyber security skills is recommended. The good news is that motivated learners have lots of avenues and resources available to them to pave a career path that best fits their needs and interests.