How to get into the cybersecurity industry?
With the huge and growing need for cybersecurity professionals in the world, there are many available roles to choose from and many routes to a successful cybersecurity career. So which is best for you?
Key skills needed
As described earlier, the core roles in information security include advising organizations on their security strategy; designing safe IT systems; monitoring networks for attacks, and analyzing where security breaches have occurred. There are also numerous ‘non-techie’ roles, such as business and risk analysis and management, regulatory compliance, policymaking, threat intelligence, research, and training. But across the industry, the key attributes employers are looking for are people who have an interest in IT; are quick thinking, inquisitive and analytical; are good at problem-solving, and can think outside of the box. So if this is you,
what formal qualifications do you need?
Qualifications required
Working in information security suits graduates with a degree in cybersecurity, computer science, or a related STEM
(science, technology, engineering, and maths) subject. According to the Prospects website, approximately half of information security specialists have an undergraduate degree, with the most common degree subject being IT.
But graduates from other backgrounds such as business studies and others can thrive in this profession too if they have the right attributes described above. Check out the job sites listed in the ‘Where to find a job’ section below for different employers’ requirements. In addition, there are a number of other actions you can take during and after your degree course to improve your chances of a cybersecurity career.
Masters degrees
Postgraduate study can be a good way to develop your information security knowledge and skills, and stand out to potential employers. A number of Masters degrees in cyber and systems security, cyber defense, digital forensics and etc.
Internships, Work
Placements and
Apprenticeships
If you’re a student, parent, teacher, IT worker, or anyone interested in the cybersecurity field, then this handy list of 50 titles will provide insight into a myriad of possible career opportunities. There’s no fluff here — these are all unique and legitimate job titles in one of the fastest-growing industries.
1. Application Security Administrator — Keep software/apps safe and secure.
2. Artificial Intelligence Security Specialist — Use AI to combat cybercrime.
3. Automotive Security Engineer — Protect cars from cyber intrusions.
4. Blockchain Developer / Engineer — Code the future of secure transactions.
5. Blue Team Member — Design defensive measures / harden operating systems.
6. Bug Bounty Hunter — Freelance hackers find defects and exploits in code.
7. Cybersecurity Scrum Master — Watch over and protect all data.
8. Chief Information Security Officer (CISO) — Head honcho of cybersecurity.
9. Chief Security Officer (CSO) — Head up all physical/info/cybersecurity.
10. Cloud Security Architect — Secure apps and data in the cloud.
11. Counterespionage analyst — Thwart cyberspies from hostile nation-states.
12. Cryptanalyst — Decipher coded messages without a cryptographic key.
13. Cryptographer — Develop systems to encrypt sensitive information.
14. Cyber Insurance Policy Specialist — Consult on cyber risk and liability protection.
15. Cyber Intelligence Specialist — Analyze cyber threats and defend against them.
16. Cyber Operations Specialist — Conduct offensive cyberspace operations.
17. Cybercrime Investigator — Solve crimes conducted in cyberspace.
18. Cybersecurity Hardware Engineer — Develop security for computer hardware.
19. Cybersecurity Lawyer — Attorney focused on info/cybersecurity and cybercrime.
20. Cybersecurity Software Developer / Engineer — Bake security into applications.
21. Data Privacy Officer — Ensure legal compliance related to data protection.
22. Data Recovery Specialist — Recover hacked data from digital devices.
23. Data Security Analyst — Protect information on computers and networks.
24. Digital Forensics Analyst — Examine data containing evidence of cybercrimes.
25. Disaster Recovery Specialist — Plan for and respond to data and system catastrophes.
26. Ethical / White Hat Hacker — Perform lawful security testing and evaluation.
27. Governance Compliance & Risk (GRC) Manager — Oversee risk management.
28. IIoT (Industrial Internet of Things) Security Specialist — Protect industrial control systems.
29. Incident Responder — First response to cyber intrusions and data breaches.
30. Information Assurance Analyst — Identify risks to information systems.
31. Information Security Analyst — Plan and carry out infosecurity measures.
32. Information Security Manager / Director — Oversee an IT security team(s).
33. Intrusion Detection Analyst — Use security tools to find targeted attacks.
34. IoT (Internet of Things) Security Specialist — Protect network-connected devices.
35. IT Security Architect — Implement network and computer security.
36. Malware Analyst — Detect and remediate malicious software.
37. Mobile Security Engineer — Implement security for mobile phones and devices.
38. Network Security Administrator –Secure networks from internal and external threats.
39. Penetration Tester (Pen-Tester) — Perform authorized and simulated cyberattacks.
40. PKI (Public Key Infrastructure) Analyst — Manage the secure transfer of digital information.
41. Red Team Member — Participate in real-world cyberattack simulations.
42. SCADA (Supervisory control and data acquisition) Security Analyst — Secure critical infrastructures.
43. Security Auditor — Conduct audits on an organization’s information systems.
44. Security Awareness Training Specialist — Train employees on cyber threats.
45. Security Operations Center (SOC) Analyst — Coordinate and report on cyber incidents.
46. Security Operations Center (SOC) Manager — Oversee all SOC personnel.
47. Source Code Auditor — Analyze software code to find bugs, defects, and breaches.
48. Threat Hunter — Search networks to detect and isolate advanced threats.
49. Virus Technician — Detect and remediate computer viruses and malware.
50. Vulnerability Assessor — Find exploits in systems and applications
Non-academic activities
What else can you do to maximize your chances of a successful career in the cyber profession? Here are some tips to show employers that you are keen and proactive:
– Participate in research activities and other events
– Build up your knowledge. Follow security experts on Twitter. Attend industry conferences and events. Read cybersecurity publications, websites, and blogs: specialist business, tech, and security publications/sites include Ars Technica, BBC News Tech, Computer Weekly, The Economist, Harvard Business Review, InfoSecurity, New Scientist, The Register, SC Magazine, and Wired.
– Network directly with cybersecurity professionals. Build your profile on LinkedIn and join security groups to find out more about the companies involved. Also, the IISP (Institute of Information Security Professionals) offers affiliate membership for people seeking a career in information security. No experience or qualifications are required to join. At the heart of the Institute is the IISP Skills Framework, which is widely accepted as the de facto standard for measuring the competency of Information
Security Professionals. Visit http://www.iisp.org/imis15/iisp/Member/Affiliate.aspx .
Likewise (ISC)2 offers free peer networking opportunities. To find out about joining an (ISC)2 Chapter, visit https://www.isc2.org/chapters/default.aspx.
– Get some hands-on cyber skills by setting up your own
hardware test environment, then trying out different attacks
on the system, finding flaws and defending against them.
But be aware that activities like penetration testing are illegal if carried out without permission. See
http://www.sans.org/reading_room/whitepapers/threats/define-
responsible-disclosure_932 for advice on this.
– Carry out volunteer work with a charity or similar organization, which often needs help in securing their computer systems. For example http://cyberchampions.org/
– Send your CV directly to companies you are interested in working with.
https://cybersecurityjobsite.com/
Applying for a job
So how do you maximize your chances of securing a cybersecurity job? When it comes to crafting a convincing covering letter, creating your technical CV, and developing your Interview technique, there are many sources of advice. Among them, the National Careers Service has an online ‘Get that Job’ section with tips on building your CV and interview techniques. Future Learn offers free online courses in how to write the perfect CV, application, and online profile, and how to succeed at interviews. See https://www.futurelearn.com/courses/writing-
applications and https://www.futurelearn.com/courses/
interviews.
downloadable templates of technical CVs and covering letters, and other ‘job-hunting’ tools. See
https://targetjobs.co.uk/careers-advice.
Cover letter
– Be selective. The letter should be no longer than one side of A4. Pinpoint the top three or four attributes the employer seeks.
– Give examples of your academic, work, and personal life to prove to recruiters that you have the skills, qualities, and experience they’re looking for.
– Thoroughly research the employer, its business strategy,
culture, company values, products, and services. Include the reasons why you have chosen this specific employer.
– Ask someone to check the letter for sense, style, and grammatical mistakes.
Technical CV
– Always tailor your CV to each job you apply for.
– Capture the employer’s attention with facts and information
that show you meet the minimum requirements and have
the right skills for the job.
– Include key technical skills (programming languages,
platforms, systems, etc) that are relevant to the job.
Indicate your level of ability and include brief information on how you have applied each skill.
– Don’t exaggerate; and promote your soft skills.
Interview technique
– Review the job description carefully and make sure you understand what the employer does. Know the relevant skills needed for the role and the organization’s technical activities.
– You may be assessed through practical tests, design exercises, presentations, or technical questions – or a combination of all four. Recruiters may ask you to comment on a range of scenarios or hypothetical situations of increasing complexity – or give you brain teasers – to assess your problem-solving skills. Candidates are often asked to work on a short design exercise or code analysis activity before the main interview begins.
– Many recruiters challenge candidates with problems that they’re unlikely to have encountered before. The trick is to keep calm and give everything your best shot.
– Ask the interviewer if you think you need further information to complete a task. If you really don’t know something, be honest.
– If you have put something on your CV, be prepared to answer questions on it. Never lie! Project work is a regular subject for discussion in graduate technical interviews, as recruiters can see how you have tackled a problem from beginning to end. Briefly explain what the project was about and the key objectives, then focus on the skills and techniques you used and how you overcame any difficulties.
Interview do’s and don’ts
– Identify precisely what relevant experience and attributes you possess and make sure you communicate all these during the interview.
– Attempting to ‘hijack’ the interview will do you no favors, but this doesn’t mean you have to be passive. Work within the framework they provide to sell your skills and experience.
– Don’t be a know-all. Recruiters respect candidates who acknowledge gaps in their experience. If you need clarification about what you’re being asked it’s OK to say so and to take a few moments’ thinking time before answering a tricky question. If you don’t know the answer to a question, admit this. Being caught out will do nothing for your self-esteem or your job prospects.
– Take all opportunities to ask about the role, in a positive way. Include the precise nature of the role, training, and development, what previous recruits have progressed on to, and your interviewers’ own backgrounds.
– Treat your interviewers as human. A little ‘polite-but-genuine’ small talk at the beginning or end of the interview will mark you out as a mature, thoughtful candidate who knows how to interact with others in a business context1.
And after reading this article if you have any questions/queries please feel free to contact me at Resethacker discord
