Every time a cyber-incident makes headlines, or a business prepares for a security audit, industry professionals are reminded of the sizable cybersecurity skills gap IT departments, decision makers and security companies are facing. Fortunately, the rapidly growing demand for cybersecurity talent is attracting more interested individuals. However, many are unsure of the best steps to take to become a cybersecurity professional.
What is the appropriate schooling, training, and certifications required to proceed along the path to becoming a cyberwarrior? Are there skills from other professional backgrounds that lend themselves well to a career fighting cybercrime? These are all questions I’ll answer in today’s blog.
The cybersecurity skills gap
Businesses in all industries are currently facing a wide-spread cybersecurity skills gap that doesn’t appear to be getting smaller any time soon. On the contrary, it’s expected to get worse before it gets better. A recent cybersecurity jobs report by Cybersecurity Ventures predicts that cybercrime will triple the number of job openings in the next 5 years, leaving 3.5 million unfilled information security positions available by 2021.
The gap is caused by several factors, including rapid advancements, discoveries or changes in:
- Infosec technologies and/or solutions
- Vulnerabilities and exploits
- The cyberthreat landscape in general
Additionally, the cybersecurity field itself is quite broad. There are a vast number of niches to excel in and threats to defend against. For example, an individual might be an incredibly skilled penetration tester—someone who probes for and exploits security holes in web-based applications, networks, and systems—but may not be capable of carrying out malware reverse engineering. This is simply because almost any specialization in the field can be very technical and consequently entail a considerable amount of time and aptitude to master.
Not only is the industry incredibly vast, it’s also constantly evolving. So, one could become rusty in a short amount of time. Therefore, in order to stay up to date with new developments and new threats, cybersecurity professionals should continuously be brushing up their skills and honing their craft.
These factors make it more difficult for each individual cyberwarrior to remain up to date on techniques and solutions outside their niche, therefore widening the chasm of the skills gap.
Preparing for the job
Traditionally, to gain a foothold or advance within a certain career path, one must have the necessary prerequisites, such as completing related courses, earning specific certifications, or in some cases, gaining experience in a related profession.
However, due to the relatively new and dynamic nature of the field of cybersecurity, a lot of the skilled cyberwarriors we see today didn’t earn their stripes through a traditional degree in cybersecurity. Although most of them do have some basic knowledge in networking and system administration, the crucial competency is having a good understanding of the inner workings of whatever it is they’re tasked to defend.
For example, a cyberwarrior specializing in network security would typically understand how the TLS handshake works or how unencrypted network protocols can be exploited. Understanding how a particular system works enables a cyberwarrior to, in turn, know how to exploit or defend it.
It helps to have a strong foundation in networking and system administration, how websites and servers work, as well as how permissions behave and how they’re properly configured, among many others. Having a military background is also helpful since a lot of the principles and even terms used in security operations—e.g. C2 (Command-and-Control), TTP (Tactics, Techniques, and Procedures)—actually come from the military.
But, perhaps most importantly, you need to develop an interest in problem-solving and troubleshooting, since that’s what the majority of a cybersecurity professional’s job entails.
In regards to certifications, they’re certainly a great way to learn, as it motivates and guides an aspiring cyberwarrior in mastering certain skills. It also helps you land a job in the field, especially if no one knows how good you are or what you can contribute. Some reputable certifications include the following:
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Certified Ethical Hacker (CEH)
- Certified Information Security Manager (CISM)
- CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
However, it’s important to note that certifications aren’t the ultimate metric in identifying a highly skilled security specialist. There are several high-caliber warriors out there who don’t have the certification but outperform some people who do.
What’s that saying? Practice makes perfect? Well, maybe not perfect, but you get the point. One of the very best ways to learn and hone your skills as a cybersecurity professional is through hands-on experience in the field.
Tips for excelling and growing your expertise as a cybersecurity professional
With the volatile and ever-evolving nature of this industry, cybersecurity professionals need to maintain the drive to develop new skills and stay on top of the latest threats. Sometimes it’s enough to be self-taught, but oftentimes, you might be better off getting certified.
Also, one of the most important, but often underappreciated, factors that contributes to a person’s professional growth in the cybersecurity industry is connections. Connections with peers in the security community are crucial for threat information sharing, collaboration, and learning about new solutions. Therefore, attending conferences, participating in online forums of threat intelligence sharing communities, and the like, are crucial to getting your foot in the right door.
The cybersecurity talent gap won’t be closing any time soon, but that’s not to say we can’t try to make it smaller. For anyone interested in pursuing a career in cybersecurity, there’s always time and ample resources to learn from. It’s all about your passion for the subject, drive to learn, and, of course, desire to defend the virtual universe.