Looking for a job in cyber security? Good thinking.
According to the U.S. Bureau of Labor Statistics, the job market for information security analysts is growing by 32 percent from now through 2028 — far faster than most other job categories. And median pay? Nearly $100,000 per year, with less than 5 years’ experience necessary.
What skills will you need to get one of those jobs? Believe it or not, many experts say hands-on cyber security skills are not necessarily required, as those can be taught. In a recent discussion in THRIVE’s LinkedIn community, cyber security experts emphasized “soft skills,” such as being responsive, a problem solver, a self-starter and a good communicator.
“I look for … a self-motivated problem solver,” says Alyssa Miller, who describes herself as a hacker, security evangelist, cyber security professional and public speaker. “Training and formal certs should only come later, as they lack context until one has actually gained some experience in security. I’d much prefer a passionate technologist with no formal training to someone with alphabet soup behind their name because they know it’s a hot field.”
Other experts agree: “The days of siloed knowledge to succeed in a career are over,” says TM Ching, chief technology officer for Security at DXC Technology. “Security professionals must be proficient in multidisciplinary skills such as awareness of social behavior, and have proficiency in adopting new technologies.”
With most organizations moving from traditional in-house systems to cloud-based digital platforms, basic programming skills and an understanding of cloud technologies are a big plus. The ability to handle automation of tools to track incidents, identify threats and hand off tasks to security and IT departments is also a critical need.
“These days, one of the key interview questions I would ask is, ‘When was the last time you automated a manual process, and how?’” Ching adds.
Another important consideration is trust. After all, as a cyber security professional, you’re working within the heart — the most vulnerable organ — of your organization’s technical operations.
“The person should be trustworthy,” says Milena Thalmann, head of business development and marketing (Europe) for Dreamlab Technologies AG. “Security means that a company, a person, an event entrusts you with its problems and trusts you to solve them.”
Perhaps you know that you want to explore a career in cyber security but don’t know where to start. Some experts offered advice for applicants who may not have a technical degree — or have no degree at all.
“If you’re starting with no IT background, a good place to start is a level 1 help desk — yes, the boring ‘password resets’ — and after about 6 months move to level 2, where you’ll get more into the technical realm,” suggests Maureen Niemiec, Certified Information Systems Auditor [CISA], a senior cyber security and information risk executive. “Next step from there can be to move to end user support (PCs, mobile devices, laptops), then network [support].”
Another piece of advice: Educate yourself — through reading, understanding the threat landscape and by simply meeting people in the field.
Richard Stiennon, chief research analyst at IT-Harvest and author of Secure Cloud Transformation: The CIO’s Journey, recommends reading books such as The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage and Hacking Exposed. He also recommends attending computer conferences to gain a better understanding of the market as a whole.
In the end, the best cyber security skills to have are simple, but rare. Tim Grieveson, CIO, CISO and managing director at CyberCiso Security Ltd., sums up nicely what he believes are the most desirable skills for an entry-level cyber security candidate: “Communication, humility, curiosity and willingness to work hard and hunger to learn something new every day. Build your network of contacts and focus on business outcomes as opposed to technology outcomes.”
Join THRIVE’s LinkedIn group, and share your point of view in our discussions on the power of change.