How to Make More Money as a Cybersecurity Expert

Your skills are desperately needed around the globe. Use this as an opportunity to make more money with these simple ideas.

Jessica Thiefels
PolySwarm
7 min readMay 7, 2018

--

You are in a place of power. The cybersecurity market size is expected to grow from 137.85 Billion in 2017 to 231.94 Billion by 2022 (USD), and the cybersecurity job shortage is one of the greatest challenges businesses are facing right now.

This means you have an opportunity to make more money in your field. The question is: how? If you live in a region where jobs are plentiful, you’ll find a great answer in the first section below. However, if you’re like many experts, living in areas of the world where jobs are not easily accessible, the answer is a bit more complicated. Without direct access to a well-paying job, you have to find other avenues to make more money as a cybersecurity expert.

We’re sharing a few ideas for everyone, regardless of where in the world you’re located or what your current skill set is. Don’t let your skills go unused when they’re in such great need around the globe. Find ways to use them­ — and make more money — now.

Diversify Your Skillset

There are many roles to be filled within a cybersecurity team, and you don’t need to be stuck within just one role or another, which can limit your growth and potential. If you focus on diversifying your skillset, you put yourself in a position to make more money and excel in your career.

Let’s start with the foundational skills every security expert should have. These include:

  • Risk management
  • Networking basics
  • Situational awareness
  • Toolkit management

From here, required skills get more specific to the job in question. For example, a security analyst then needs knowledge in: threat assessment, vulnerability assessment, active analysis, and log collection and analysis. Learning these skills allows you to move into a higher-level role and make money commensurate with that promotion.

Make More Money

As you look to expand your skill set, focus on the expertise that’s most sought after right now. According to CIO, your focus should be in:

  • Programming: Understanding architecture and controls, and knowing how to manage operating systems and network security.
  • Intrusion detection: Two certifications that will help you to learn these skills are CISM and the standard CISSP. (More about certifications below.)
  • Malware analysis and reversing: This means you’re well-versed in digital threat management, and can implement that in conjunction with a business continuity plan and disaster recovery planning.

Legitimize Yourself with Certifications

One way to learn the new skills mentioned above, and give employers a reason to pay you more money — or hire you in the first place — is with new certifications. “Organizations are increasingly aware of the need to have top-notch infosec people and when hiring, they use security certifications as one way to screen candidates,” suggest IT career experts at CBT Nuggets.

Make More Money

Check out CBT Nuggets’ full list of the 8 Most Difficult IT Security Certifications to set your aim high. If you need to, work your way toward achieving one of those more challenging options with one of 2018’s top cybersecurity certifications.

When completed, be sure to add the new certification to all of your career profiles, including your resume and LinkedIn account. When people are searching for someone with those skills, you’re more likely to show up.

Learn Blockchain With PolySwarm

Another way to make more money is to learn new technologies. This is something CIOs and CISOs are looking for in candidates. Shamla Naidoo, Chief Information Security Officer for IBM explains:

“The cybersecurity landscape is evolving continuously and rapidly, and therefore the most important quality I look for in a security hire is someone who can do the same … The security workforce needs people who will be a part of inventing the solutions that will keep us safe not only today but in the future … I look for demonstrable willingness to learn new things and think outside of the box, with specific examples of where they’ve done this successfully in the past.”

Blockchain is one the newest technologies in cybersecurity. When asked what blockchain can do for cybersecurity, PolySwarm CEO, Steve Bassi, said: “Simply, redefine the economics of cyber security in a few areas. We’re obviously working on anti-malware, but I’ve seen some other interesting ideas ranging from giving people back control of their data to incentivizing better audits of smart contracts.”

Being able to show how it can be used in your job, or to make the team or company more efficient with threat detection, may be just what you need to get a higher-paying position.

Make More Money

Bloomberg reported that blockchain-related jobs increased fourfold in 2017. Learning how this technology intersects with cybersecurity is a great way to make money as a cybersecurity expert. However, the question may not be “why should I learn it” but how.

Plug into the PolySwarm ecosystem to learn how to build or maintain your micro-engine and compete to detect threats. You’re rewarded with NCT (Nectar) when you correctly identify artifacts (potentially malicious files, URLs, etc.), allowing you to bring in passive income while you learn.

Take it one step further and encourage the company you work for to do the same. When they see the value of this platform, you can lead the charge as someone who’s already an expert on how to use the platform.

Join PolySwarm’s Security Expert Newsletter to be the first to know about opportunities, including competitions, contests and becoming a PolySwarm security expert.

Participate in Bug Bounties

Bug bounties are a fun way to test your skills, while learning and earning at the same time. “These bug hunters have been helpful to smaller companies that don’t have resources to hire full-time experts to test their security, and even to big tech companies looking to augment their security efforts. They can help find flaws that could prevent major hacks by cybercriminals,” explains Alfred NG, CNet reporter.

The best part is that, in most cases, the harder the bounty, the more you’re paid. Not to mention, some of the biggest companies are paying bug hunters to help them locate flaws in their software, including Google, who paid hunters almost $3M in 2017.

Make More Money

To make more money with bug hunting, you need to know where to find opportunities. Here are a few places to start looking:

  • Join a community like HackerOne, BugCrowd or Hacken.io
  • Follow Bitcointalk for bug bounty announcements/requests
  • Monitor Twitter for requests and announcements

Note that, while that it may sound as though PolySwarm is a bug bounty program, the difference is automation versus manual threat detection. We explain in our FAQ:

“We’re pretty familiar with the bug bounty market: average transaction value is 400–500 USD per bounty. Hacken’s market requires manual review to evaluate if bounties are won or not. There’s probably on the order of 1000’s of transactions a year.

Conversely, PolySwarm deals with the sort of threat intelligence that can be automated, such as anti-virus. Anti-virus companies, worldwide, see billions of samples a day and probably 10’s of millions are unique. Transaction value ranges 0.0025–0.015 USD per file/url/artifact scan. All micro-engines and the vast majority of ground truth determination in PolySwarm will be automated.”

Become a Freelance Security Specialist

Big businesses aren’t the only ones worried about cybersecurity. Small businesses are at risk as well, and they know it. In 2017, 61% of SMBs have experienced an attack and 54 percent have experienced a data breach, according to Keeper Security.

The difference is that smaller organizations may not have the budget to build-out an entire in-house security team. That’s where you come in as a contracted specialist. In the vast majority of cases, you’ll work remote and, as the expert, will be in the driver’s seat, giving you a chance to learn a lot, put your skills to the test, and negotiate your pay.

Make More Money

Create an account with a platform like UpWork, where you can list all your skills and certifications. Remember to make yourself distinct, including all certifications and expertise. When businesses are searching for contract security experts in a specific industry or with a specific certification, you’ll show up in their search.

Check out these top-rated threat intelligence freelancers to see how they fill out their profile. You may even be able reach out to a few of them for advice on how to get started.

--

--

Jessica Thiefels
PolySwarm

Jessica Thiefels is the VP of Community Management for PolySwarm. Find her work on more than 500 websites, including Virgin, Forbes and Business Insider.