Many companies are currently struggling to find cybersecurity professionals.
According to a Fortune article, more than 700 thousand cybersecurity-related positions need to be filled.
Is cybersecurity a viable career option?
Bearing in mind that those positions are usually well paid (in the US, the average annual pay is around $105,000), and it’s estimated that the demand for cybersecurity talents will increase by 350% in the next 5 years, it may well be reasonable to consider a career in cybersecurity.
But one may ask themselves: “am I the right person to do it?” What skills are needed to succeed in cybersecurity?
Cybersecurity jobs in high demand
There are different specializations in the cybersecurity industry that require various technical and soft skills. Let's name some of them.
Security operations engineer
Assuring the security observability of IT systems and reacting to anomalies is a job for a security operations engineer.
This position is usually organized in tiers, with the first one covered in 24/7 mode. On higher tiers, responsibilities include digital forensic actions and performing root cause analysis reports on security incidents.
The design of IT systems, whether they are processing medical data or just providing entertainment, must offer a sufficient level of security so that customers' data is protected against various cyber threats. This is the job of a security architect.
A person in this position will study service providers’ white papers, architectonic patterns, and hardening manuals. The product of such work is a secure system design on different layers – user stories, data flows, service connections, and infrastructure setup – to provide the expected security level for the entire IT system.
A penetration tester is someone who simulates an attack on tested systems in the way that a real-life malicious actor would do. Usually, penetration testers try to attack systems via networks.
In some scenarios, social engineering or even breaching physical security (like breaking into buildings) may be utilized in a so-called red-teaming approach. All of these actions allow for discovering potential vulnerabilities and suggesting mitigation strategies accordingly.
Product security engineer
The DevOps culture and shifting to the left approach has created a demand for another security-related position. A product security engineer’s duties are taken from all of the above-listed roles and applied to a specific digital product.
Creating monitoring and alerting, performing digital forensics, adjusting architecture designs, implementing security measurement tools, performing security tests and vulnerability assessments, and automating as much as possible – a product security engineer is expected to perform these tasks in all systems under the scope of the role.
Cybersecurity is a specific branch of all information technology, and it is no surprise that some of the top cybersecurity skills needed are derived from general IT. Analytical skills are also required here.
All in all, IT (and cybersecurity) is about seeing an issue, defining a problem, exploring it, and suggesting and testing a solution.
Meticulousness and taking care of details
They say cybersecurity is all about the tiny details. This is true for all cybersecurity, but especially so in incident analysis-related jobs. Security engineers working in Security Operations Centers, whose main responsibility is to react to and investigate anomalies in various security metrics, will benefit a lot from this skill.
The same applies to digital forensic engineers. An ability to see those tiny anomalies and traces of abnormalities allows for very high efficiency in both positions.
The ability to think abstractly
The security threat modeling process requires defining and answering questions regarding hypothetical situations. “What will happen if…?” is the most common question asked by a cybersecurity analyst, cybersecurity officer, or cybersecurity architect.
Being able to identify a risk before it materializes is a crucial skill that can be beneficial in those positions.
Understanding of hacking
Can you think of at least 5 different methods of disabling the lights in a conference room? Are you able to come up with an idea of how to open a bottle with literally just a fence? If yes, it’s possible that you have a hacker’s mindset.
This ability to use tools and processes in a way that they were not specifically designed for is very desirable during penetration tests. Ethical hackers use this skill during security checks and simulated cyber attacks on networks, servers, web, and mobile applications.
Job as a cybersecurity specialist requires communicating with business people a lot. Whether that is in a security audit or penetration test report, risk analysis, or post-mortem analysis, it must be understandable by the owner of the product or process.
Every cybersecurity position must communicate in a way that “sells” your thoughts and visions to non-technical people.
Willingness to constantly develop
Cybersecurity, as a part of IT, is an area that changes lightning-fast. If you’re not up-to-date with the latest technologies, you will not be able to model threats and think of ways to protect systems against them.
Being a cybersecurity specialist is a journey with continuous learning. Of course, it’s reasonable to specialize and narrow down the amount of technical knowledge needed for a position, but the speed of change is still significantly higher compared to other branches of the economy or different industries.