The Bureau of Labor and Statistics estimates the demand for information security analysts will grow 28% between the years 2016 and 2026, which is faster growth than most other professions. Some of the reasons for this growth is because cybersecurity attacks continue to be more prevalent and attackers tend to be more and more sophisticated in their approach to stealing information. Even more notable is the growth of employment of information security professionals to 56% between 2016 and 2026. The main reason for this is because these jobs are needed across ALL industries; finance, healthcare, manufacturing, defense; the list goes on.
Cybersecurity is a perfect career field for those that have a broad range of interests, enjoy challenges, and, have a natural curiosity to learn new things. Cybersecurity encompasses both technical (e.g., applications, systems, networks, databases, vulnerabilities, etc.) and non-technical (e.g., people, organizational goals, global threat landscape, physical security, compliance, law, etc.) aspects, so it is a field where you can experience a little bit of everything.
Education – degrees and certifications
Most positions require a degree in Cybersecurity, Computer Science, Information Technology, or a related field. Some industries (like defense and large corporations) want to see a minimum of a B.S. for entry-level positions, while other industries may only require an A.S. Do your homework and find out the requirements that best fit your skills and background.
Regarding certifications, it is highly recommended you seek a CompTIA Security+ certification – this is considered a baseline certification for cybersecurity professionals. As you grow in your career, you’ll want to gain more specialized or advanced certifications depending on your career path: CISSP or CISM for overall cybersecurity management, OSCP or CEH for penetration testing, and CASP for compliance, once again, the list goes on.
So, you have the education requirements, but understanding if a career in this field a good fit for you is just as important. Here are some things to consider to be prepared:
- Focus on developing your hard skills by doing things manually rather than relying on automated tools or high-level concepts. For example, learn how to analyze network packets to spot attacks (rather than relying on intrusion detection systems);
- Learn how enterprise IT systems communicate on a network level, rather than treating each network and system as a ‘black box’; and
- Understand how attacks are carried out from a code level, rather than clicking “Go” on a vulnerability scanner.
Developing these nuts-and-bolts level skills takes time, but you will find that they give you a major edge over others in the cybersecurity field – tools and automated capabilities change, but the fundamental underlying concepts largely remain the same.
Soft skills are just as important; your ability to translate very technical concepts in to terms understandable by non-technical people is the most critical soft skill in the cybersecurity profession. Decision makers often do not have the same level of technical knowledge and understanding that you will have, but you will need their support to effectively carry out your duties.
This industry is constantly evolving so staying up-to-speed is challenging but will give you a leg up on the competition. There is no silver bullet, find a few good sources of general cybersecurity news & information and attend at least one cybersecurity conference per year that is tailored to your industry.
Personally, I find that reddit is good news and information source and I often use this information as a starting point for other reading.