By Dearbhail Kirwan, Information Security Consultant at Edgescan
Fending off sophisticated attacks, maintaining a secure environment through vulnerability scanning and patch management, monitoring complex networks and securing an increasingly flexible and dispersed IT infrastructure are serious challenges. Never as much as today has it been necessary to attract bright minds to the cybersecurity industry to face those challenges and protect our way of living from attackers.
However, there is, and there has been for many years, a significant gap between the security jobs that need to be filled and the qualified candidates available. This is due to a number of factors, among which is the non-linear path that a lot of people took to end up in this industry. There are misconceptions around what a cybersecurity professional does, how they get into their profession, and what skills they are required to have.
The truth is that there is no right or wrong route into cybersecurity. It is an incredibly fulfilling career, all it requires is passion, commitment, and a good dose of common sense and critical thinking.
The importance of a firm understanding of the basics cannot be emphasised enough. Cybersecurity presents a unique challenge in the IT sector in that it factors into everything. Therefore, theoretically, an expert would need to know about every technology, how to protect it, and how it can be abused or broken.
This is a slightly unrealistic goal, but a combination of a strong understanding of underlying concepts and technologies, and a small amount of informed research goes a very long way when presented with an unknown technology. Knowledge about different technologies is always valuable, but it is the ability to combine existing knowledge and skills with new information that define an expert, more so than someone who has rote-learned about a wide variety of different technologies.
Cybersecurity is a constantly developing field, new methods of protecting and exploiting are always under investigation. The body of knowledge of the field now is vastly different to what it was 20 years ago, and will be vastly different in 20 years’ time, so learning is always going to be part of the job. A proactive and interested approach will serve you well in this respect.
Time is an important part of the process and equates to exposure and practice in a variety of areas. These are hugely beneficial and in addition to increasing your knowledge, they can also serve to hone your instincts which is something you can’t learn from a book or the internet, and can be extremely valuable.
Critical Thinking and the Details
“The devil is in the details“ is a phrase that is particularly relevant in cybersecurity. Most exploits are a consequence of an oversight in the details. Not everyone is detail oriented, but it is a skill that can be learned, and leveraging critical thinking and common sense along with detail orientation is a valuable skill for an expert.
Training and Certifications
There’s a variety of routes in and no single route is best. The field is made up of a mixture of people who converted from other fields, and those who set out on a targeted route straight out of school. If you have relevant real-world experience in the field, a college degree (any level) is often not necessary but it may help in some situations.
There is also a wide array of certifications available and they can set you apart in many circumstances. The best certifications to get can change over time and differ depending on each individual’s interests and goals. Research the areas you want to work in and what the most valued certifications for that area are. If you do not have a specific area that you are interested in, or do not have any existing relevant qualifications such as a degree, start with a general entry level cybersecurity certification.
Who can become a cybersecurity expert
The short answer is: everyone. The reality of today’s threat landscape is that the industry needs as much diversity as it can have. Attackers have a variety of backgrounds and certainly don’t belong all to a single demographic. Opening up the industry to more groups that wouldn’t normally consider a career in cyber is essential to fill the blind spots that a homogeneous cohort inevitably ends up having.
It is time for the cybersecurity industry to push for inclusion by promoting training and mentoring initiatives that are open and accessible to everyone: together we’ll only get stronger and better at what we do.