28 Bits and Bytes About Cybersecurity Careers You (Probably) Didn’t Know

According to a report from ProtectWise and Enterprise Strategy Group, only 9% of millennials said they are interested in pursuing a cybersecurity career at some point in their lives. Much of the reasoning behind the low percentage of cybersecurity professionals is due to lack of awareness around cyber. Many are aware of other computer-related fields including video gaming, engineering and IT but “cyber” never quite rises to the top of the list during career path conversations with aspiring professionals.

To bring cybersecurity to the surface as a strong and lucrative career option for young professionals, we’ve taken the liberty to share some fast facts and fun things about the industry.

Fast Facts About the Cybersecurity Industry

·     The market is expected to grow to over $300 billion by 2024 according to a report from Global Market Insights

·     The demand to fill cyber jobs is great – over 300,000 cyber positions are available in the U.S alone

·     There are 33 distinct areas of cybersecurity work according to NIST/NICE

·     The national average career salary is $93,000 (on the low end) for a security-related position in the U.S. according to the Robert Half Technology’s 2019 Salary Guide

·     Earning cyber certifications like CompTIA Security + Certification and Certified Information System Security Professional is highly regarded and respected amongst prospective employers (impress the hiring manager and prove your value)

·     Information security jobs are expected to increase by 32% through 2028 according to the Bureau of Labor Statistics

Technical Abilities and Knowledge Needed for the Cybersecurity Industry

·     IT fundamentals like system and web application administration

·     Coding skills (C, C++, Java, Python, Ruby, Perl, PHP)

·     Understanding network architecture, administration and operating system functionality, policies, performance, and features

·     Database knowledge from permissions access to structure to storage security

·     Understanding of how attackers operate and function

·     Foundational understandings of things like risk management, networking basics, toolkit maintenance and situational awareness of what’s happening in the industry today

Professional Skills Needed for the Cybersecurity Industry

·     Leadership – Call the shots alongside a team of cyber pros to build decision-making skills

·     Communication – Articulate what and how threats need to be mitigated to teams

·     Analytical thinking – Reflect and continuously learn the hacker mindset to grow your understanding of why and how attacks happen

·     Passion for learning and developing skills – Learning never stops as long as technology keeps advancing. You’ll find new ways to secure assets and data with every keystroke and software update

·     Determination – You’ll want to protect critical assets just as your own PII is at stake (imagine having your own bank account hacked and wanting to do something proactive about it)

·     Collaborative – You’ll likely work alongside a crew of cyber enthusiasts, and will need to work in harmony in order to keep security posture hardened

·     Writing – Developing reports to roll up to your security and business supervisor will require stellar writing skills so they can understand the technical jargon in laymen’s terms

The Benefits of a Cybersecurity Career

·     You’re never bored—there’s always an attacker to stop or a vulnerability to assess

·     You get to learn about and use cutting-edge technology

·     There’s always a new challenge to tackle (and if you’re a problem-solver, this is fun!)

·     You’ve likely got job security as positions like information security analysts and penetration testers are in demand in every industry

·     You can advance in your expertise as a professional (there’s no limits to moving up the ladder or laterally across it to grow in knowledge and abilities)

·     Remote work in cybersecurity is prevalent as cloud-based services and VPNs are expected parts of how companies operate today—you can live and work anywhere

·     A cyber career straddles both public and private sectors, so you can have the benefits either division brings based on your professional preference

·     Increasing your value in cyber is easy with persistent training platforms like Project Ares that can complement degree programs and virtual, online courses

·     Recruiters will look for candidates on LinkedIn so if you think you’ll have a sweet gig out of college or your school training, just wait. Google might call. No, seriously.

Getting a job in cybersecurity doesn’t have to be an intimidating process. If you haven’t been taught the basics and/or are looking to change careers for something different, launching a cybersecurity career can start with basic learnings that lead to more formal training, certifications, and skills development. And there are several online resources for developing security competencies that are free or at minimal cost. These can be complemented with cyber range training to expedite learning to land the cybersecurity job you want.

In addition to your own search about how to start a cyber career, NIST/NICE is kicking off National Cybersecurity Career Awareness Week (November 11-16, 2019) by asking for commitments from businesses and professionals: commitments to promote the awareness and exploration of cybersecurity careers via event hosting, sharing materials on social media or distributing creative assets. Be on the lookout for these businesses sharing important details about job postings, hiring in their own company or distributing materials and advice to help career searchers learn, grow, discover, and thrive in this dynamic industry.

Happy cyber career searching!

Photo by Danial RiCaRoS on Unsplash
Photo by Fabian Grohs on Unsplash

Living our Mission Blog Series: Supporting Cyber Red Teams, with Consultations and Pen Testing from Josiah Bryan

While Circadence is proud to be a pioneer that has developed innovative cyber learning products to strengthen readiness at all levels of business, there’s one professional area at Circadence that doesn’t tend to get the limelight, until now. Meet Josiah Bryan, principle Security Architect for Circadence’s security consultation services, aptly called Advanced Red Team Intrusion Capabilities (ARTIC for short). For almost two years, Josiah has provided support and services to Red Teams around the country, those leading-edge professionals who test and challenge the security readiness of a system by assuming adversarial roles and hacker points of view.

Josiah enjoys doing penetration testing and exploit development with Red Teams at a variety of companies to help them understand what a bad actor might try to do to compromise their security systems.

But Josiah wasn’t always on the offensive side of cyber security in his professional career. He was first introduced to the “blue team,” or the defensive side of cyber, when he began participating in Capture the Flag competitions across the U.S. during his time as a computer science student at Charleston Southern University. Those competitions also exposed him to the offensive side of security training and he never looked back.

After graduation, he took a job in San Diego with the U.S. Navy as a DoD civilian, finding vulnerabilities in critical infrastructure, which were then reported up to the Department of Homeland Security.

“Learning how the DoD operates internally and how they conduct penetration tests/security evaluations was an extremely valuable skill and great background for my current job at Circadence,” he says.

In addition to consulting with Red Teams, Josiah uses a variety of tools to show and tell companies about existing vulnerabilities. For example, badge scanners that let people gain access to a facility or room are quite common devices for Josiah and his team to test for customers. He might also use USB implants that provide full access to workstations and wireless signal identification devices.

“We show people how easy it is to get credentials off of someone’s badge and gain access to an area,” he says. “They never believe we will find vulnerabilities but when we do, they realize how much they need to do to improve their cyber readiness,” he adds.

But, ultimately Josiah’s favorite part of his job is the level of research and analysis he gets to do. “We are a research team, first,” he says. “We are pushing the boundaries in cybersecurity and discovering new ways that bad actors might take advantage of companies, before they actually do.  It’s a great feeling to help companies and Red Teams see the ‘light’ before the hackers get them,” he adds.

Whether circumventing a security measure or patching a system, Josiah’s contributions to the field are significant.

“Finding new ways to help people understand the importance of strong cyber hygiene is fulfilling,” he says. “We can’t stress it enough in today’s culture where attacks are so dynamic and hackers are always looking for ways to take advantage of companies.”

To stay on the cutting edge of Red Team support, Josiah follows Circadence’s philosophy to persistently learn new ways to protect people and companies. “Any company is only as good as the least trained person,” Josiah says.