As is the case with dynamic and rapidly evolving fields, the road to employment as a cybersecurity professional is as varied as the industry. This month we’ll look at the different ways of entering the cybersecurity workforce for those interested in pursuing a professional career.
Pathways are diverse, but across the board they include a combination of formal education, specific degree programs, cybersecurity “bootcamps,” apprenticeships, or industry-recognized certifications and programs that result in specialized training and experience.
Part of the process is understanding what you want to pursue. Some people, for example, do not want to manage people and would rather pursue specific tasks such as penetration testing or threat research and analysis. Other people are good at managing people and projects and want to pursue that path. Others might have a combination of both skills. So, there are several ways to get to where you want to go.
Formal education. Earning a degree in technology-specific fields like information technology, computer science, or computer information systems is often a traditional route into the cybersecurity field. A solid foundation in networking, operating systems, software development, and risk management, although not focused solely on cybersecurity, constitute transferable technical skills, particularly when combined with a certification or hands-on training (described below). A more direct path is to pursue a degree with a specific focus on cybersecurity. The Cybersecurity Guide mentions that one of the key components is education. According to a recent report, 11 percent of cybersecurity specialists have an associate’s degree, 44 percent have a bachelor’s degree, and 45 percent have a graduate degree.
Self-learning. So called “soft skills”—problem-solving, critical thinking, attention to detail—are crucial in cybersecurity but require augmentation with technical skills such as understanding network security, system administration, penetration testing, vulnerability assessments, incident response, etc. Most self-learning programs are flexible and practical, allowing a self-paced learning experience. There are many options for online learning that facilitate developing foundational knowledge and gaining hands-on experience without seeking out formal training. CYRIN, for example, offers assistance and self-learning support.
Certificates and certifications. A certificate program is usually a six-month or one-year program offered remotely, or on campus, for those who are changing careers or seeking to elevate their existing knowledge. A certificate provides credibility for those seeking work and is offered at various institutions, including Penn State, the Rochester Institute of Technology (RIT) and others. A certificate program in cybersecurity is a structured, typically shorter, educational program focusing on specific cybersecurity skills and knowledge. It’s designed to equip individuals with the practical skills and knowledge needed for entry-level or specialized roles in the cybersecurity field.
These programs can be completed through colleges, universities, or online learning platforms. The biggest difference between certificates and degrees is the time and cost to earn them. Bachelor’s and associate degrees can take two to four years, while some certificates can be accomplished in months. It is possible to get a cybersecurity job with just a certificate, particularly for entry-level positions and roles that prioritize hands-on skills. While some higher paying and more senior roles may still require a degree, a cybersecurity certificate can be a great starting point.
Certifications, on the other hand, offer empirical proof for employers that a candidate has gained specific knowledge and skills. Certifications are designed to demonstrate a specific level of proficiency in a particular area of cybersecurity. In other words, you must pass a test. Certifications are also a good route for those seeking entry-level roles and are especially useful for those with no prior work experience. There are numerous industry certifications available including Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Information Security Auditor (CISA). These are just a few of the many certifications available depending on how far you might want to advance in cybersecurity.
Networking is always a good idea when seeking employment in any field. In terms of cybersecurity, there are several network-oriented professional organizations and groups that are specifically designed to alert members about job openings and professional development opportunities.
As cyberattacks have escalated in both frequency and impact in recent years, employers are actively searching for ideal candidates they can employ, train and retain. Strong analytical skills are needed to effectively solve problems or even forecast them. Cybersecurity professionals must be able to analyze data and determine if it is safe or malicious. Quick and accurate decision-making under pressure is often required to prevent, predict, and stop cyber-attacks. A successful candidate would also have knowledge of network infrastructure and how network protocols work and how attackers utilize them to compromise networks.
Other tips for getting started and being successful in the job search come from Mondo, which recommends the development of the following skill sets that are not unique to cybersecurity but are applicable in the field:
Critical thinking: Cybersecurity is rooted in solving complex problems while also identifying potential vulnerabilities. Candidates who are curious, creative and critical will do well in the field.
Strong communication: Attacks are so frequent across industries and organizations that it’s a matter of when not if. Good communication skills may be needed to effectively explain sometimes detailed technical information to management, shareholders, or non-technical employees.
Problem solving skills: Cybersecurity isn’t only about firewalls and anti-virus software. Professionals should be able to identify a problem before it begins or escalates.
Technical skills: Because the cybersecurity field changes so quickly, hiring managers expect candidates to stay current with new technologies and innovations. Good candidates will be well-versed in network security, malware analysis, cryptography, and artificial intelligence.
High ethical standards: In an environment full of cybercriminals searching for ways to infiltrate at any opportunity, employers are looking for candidates who possess strong values and have a history of and commitment to ethical conduct and compliance.
Curiosity: In a rapidly changing field, cybersecurity professionals must be curious about the latest tactics and trends to stay not just current, but ahead of the knowledge curve.
Black hat hackers for cybersecurity threat assessment: As companies and organizations turn increasingly digital, cybersecurity analysts must be able to think like black hat hackers to predict potential hacks. Familiarity with “black hat” and “white hat” tactics is considered equally important for the protection of systems.
Cybersecurity bootcamp. If a candidate has a professional background and is looking to switch gears and jobs, cybersecurity bootcamps are a good option, and can expedite the job search in a way that is effective in terms of both time and money. These training courses are intensive and specific, designed to teach skills that make learners ready for the job in a limited timeframe. Bootcamps are specialized, intensive training programs that equip learners with job-ready skills in a short timeframe, and are available in a range of online, in-person or hybrid formats.
The good news for both job seekers and job creators is this: the need for trained cybersecurity professionals has never been greater. Forbes reports “a widespread and growing shortage of cybersecurity workers across the globe,” even though the workforce has grown substantially in recent years. Attacks continue to escalate in frequency and stakes, and technology is changing every day. An estimated 4 million additional workers are needed, making this an optimal time to enter the industry or upscale within it.
As the skilled cybersecurity workforce expands to meet the demand, those who are seeking to hire workers or train existing workers would do well to consider the following strategies: investing in education and training programs to develop a skilled and resilient workforce; upskilling and reskilling IT professionals already active in the field; promoting diversity and inclusion in order to attract and retain the best talent; prioritizing employee well-being to improve job satisfaction, prevent burn out, and improve employee retention; creating collaborative partnerships across industries, academic institutions and government entities to address skill gaps for cybersecurity workers; leveraging the evolving AI technology allows an automation of routine tasks, allowing cyber professions to focus on strategic work. The final test applies for both employees and employers: It doesn’t matter where you go, it matters what you know.
Whether it’s Boot Camps, Capture the Flag (CTF), self-directed learning or courses offered by our education partners, CYRIN works to create critical skill sets for industry, government and the cybersecurity workforce for the future.
We continue to work with our industry partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.
For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce. In an increasingly digitized world, training and experiential training is critical. Unless you get the “hands-on” feel for the tools and attacks and train on incident response in real world scenarios, you just won’t be prepared for when the inevitable happens. A full-blown cyberattack is not something you can prepare for after it hits.
The best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Our new programs, including Digital Twins, can create real-world conditions for you to practice before you must act. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!