How to get your first foothold in a security role
Eager to break into a cybersecurity career? Competition is tough, but demand for skilled professionals is also high. How can you best position yourself for a career as a security pro?
Nima Mirpourian, division director for recruitment firm Robert Half Technology, said that we are currently in a ‘candidate market’ for security professionals.
“Security is one of the sought-after skills that various employers are looking for,” he said. “Whether it be data security analysts or network security engineers, the industry is projecting a percent change in annual salary by at least 4.1% based on the demand for top security talent.”
So, the demand and the money is there. The skills aren’t, though. The industry is starved of the technical professionals that it needs to fend off a growing variety of threats.
“There is a shortage of skilled cybersecurity talent worldwide and that includes Canada,” said Scott Perry, marketing and channel director for Trend Micro in Canada. Trend Micro looks for critical thinkers with a strong combination of technical, verbal, and written communications skills.
“Other welcome skills include the ability to be responsive to threats immediately,” he said, adding that the firm likes certain other characteristics in its candidates: “Someone who likes a fast paced environment and is a ‘sleuth’/problem solver. Someone who possesses a large range of technical skills. Someone who is comfortable working both independently and as part of a team.”
From a qualifications perspective, the certifications that stand out for Perry are the Certified Ethical Hacker (CEH), the Certified Information Systems Security Professional (CISSP), and the Cisco Certified Network Professional (CCNP), he said.
Nick Galletto, a partner and leader in cyber risk services for at Deloitte Canada, adds others to that mix: Certified in Risk and Information Systems Control (CRISC), and a Global Information Assurance Certification (GIAC) in forensics, administration, and malware. “There are more colleges and universities providing either courses, specialization degrees and or cybersecurity degree programs,” he added.
Security is about more than tech
Technical experience in computing is important, and of course, the more practical it is, the better. Deloitte prizes mainly security operations and security technology implementation experience, said Galletto.
Tech this isn’t the only experience that matters, though. Cybersecurity is as much a business problem as it is IT. Having the right balance of understanding business risk, cyber threats and how technology can help is required, Galletto warned. That’s why security governance experience is also high on the firm’s list.
Consequently, while computer science graduates can often find themselves moving into cybersecurity, other promising candidates start off their careers in business focusing on risk management and then move over into security jobs, he added.
Other people entering cybersecurity in Deloitte started in network and systems development roles, or in risk management, and move into cybersecurity later in their careers. Still others enter the field after a career in law enforcement, Deloitte has found.
These are typically for established professionals with a track record, though. Entry level roles can be found in security analysis, security administration and security technology implementation. From there, candidates can often move ahead quickly by specializing in certain areas, such as governance, risk assessment, malware analysis or security technology.
Now in its ninth year, the SecTor security conference has become a hangout for seasoned security pros. These aren’t the only people who can benefit from its range of talks and training workshops, though. Those with a love of all things tech who are eager to break into a cybersecurity career can also learn a lot, and forge new connections there. Go here for more information about how to attend SecTor this October.