I have worked in the cybersecurity space for about 14 years now. I found my way into cybersecurity from being a network engineer who needed to fill a technology gap on my then team – as a security subject matter expert.
I have been approached over the years by folks looking to begin a career in cybersecurity and/or gain a much deeper appreciation of this field. There are many reasons for these inquiries and it’s not necessarily for the paycheck alone. It’s a role that comes with an incredible amount of responsibility and brings immense value to any organization. I know that for myself, helping organizations better secure their business assets, and as such- their overall business, makes me feel a sense of gratitude and accomplishment for my investment in time and experience to learn this craft.
Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. The world is expected to spend more than $1 trillion cumulatively over the next five years on cybersecurity products and services aimed at combating hacks and breaches. Therefore, there is anin cybersecurity, to the point that companies are .
With that said, Cybersecurity is a field in high demand. Growing cyber attacks, demand for safe and secure data, and other concerns mean that companies need professionals to keep their information safe. It’s one of the few fields that job openings number more than the people qualified to fill them. In other words, there is negative employment in this field.
It’s a financially lucrative one as well: “Cybersecurity professionals report an average salary of $116,000, or approximately $55.77 per hour. That’s nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics.” (source)
I often get asked, which industries are looking for cybersecurity professionals? Truth is that all kinds of companies in almost all verticals are looking for cybersecurity professionals nowadays. This past year, I’ve had the privilege to see several people get started in a cybersecurity field. While providing guidance to them, I realized I cobbled together years of advice based on my own experience. I thought I’d list a number of them below.
1. Don’t Specialize Just in Cybersecurity
The best security professionals have well-rounded experience in tech work. Before I got started in security, I had a very deep understanding of network engineering. To this day, it helps me absorb the cyber issues more easily. As I recently told one candidate – the thing that will make you successful in security is that you are great at something else first.
If you’re already in IT, then spend time studying up on network security, dealing with endpoint hygiene, or whatever is related to the work you’re already doing. One BIG thing to remember is that you should always think about the business’ critical assets that drive that business when thinking about anything security.
2. It’s Not Always What You Know – So Network
Get to know as many people in the industry as you can. Get involved in social circles that meet after hours on this subject. Another thing often overlooked in networking is offering to help others more than you ask for help. Some examples would be attending meet-ups, attend as many conferences. Also, online networking tools such as twitter and linkedin groups are a good idea too.
3. Not in Tech Yet? Start by Studying Up on IT Basics
If you aren’t in the IT space at all, start with learning IT fundamentals. We’ve seen this as necessary for even folks like FBI or other law enforcement officers who have the investigatory or ‘finding bad guys’ part down really well. That will serve you well in cyber, but regardless of your background, you need those building block fundamentals in IT in order to create an effective new career in cybersecurity.
To gain these skills, check out technical and community colleges near you for night courses. Most of those, particularly those that provide network management courses, offer good courses in security basics.
4. Legitimize Your Skills by Earning Certifications
The Security+ certification is a good place to start; having one will go a long way toward showing employers that you can handle the duties of a cybersecurity job. Another common certification for cybersecurity professionals is the Certified Information Systems Security Professional (CISSP) certification.
One key point to make is you don’t need to have a full degree or extensive credentials to become successful. With the lack of manpower in the industry right now, just getting your basic credentialing and having at least some aptitude is sufficient to get an entry-level job. I’ve witnessed people with previous work experience in music develop a great career in cybersecurity.
5. Show Self-Initiative
When I hire, I am always looking to get a sense for someone who is self-directed at learning and experimentation. I believe in the RIF model myself- “Reading is Fundamental”. College degrees, vendor training, and professional certifications are great. As a hiring manager at several very successful technology companies, we’ve taken many folks with basic IT skills and turned them into very proficient cybersecurity talent by supporting self-study combined with team-led reinforcement of these principles.
6. Hone Your Data Analysis Skills
In cybersecurity, it’s critical to be competent at noticing trends in large amounts of data – so if you’re coming from a background in big data, you’ll be well set up. If you don’t come from that background, it’s well worth taking a course in it and getting some real experience collecting and analyzing large amounts of information.
So in closing, with the lack of cybersecurity talent in the field these days, it’s an ideal time to get your start and set yourself up for lifelong and lucrative career. Cybersecurity is one of the most exciting industries to be in. Since the bad guys never sleep, it’s super demanding and the dynamic nature keeps you constantly learning and always on your toes!
Author Bio: Larry Bianculli is managing director of enterprise and commercial sales at CCSI. He has 20 plus years experience in the IT Industry helping clients optimize their IT environment while aligning with business objectives. He is a cyber security consultant and holds a CCIE and CISSP. He has a vast experience in many verticals including Financial, Public Sector, Health Care, Service Provider and Commercial accounts. He has helped customers and lead teams with a balanced approach to strategy & planning, execution, and personal principles.