Despite the best efforts of antivirus software makers, firewall manufacturers, threat researchers and IT service providers, cybercriminals continue to take a growing toll on their victims. Indeed, cybercrime will do $8 trillion of damage globally this year, according to researcher Cybersecurity Ventures, and $10.5 trillion by 2025.
“The threat landscape is insane,” observed Dave Alton, chief technology officer of Strategic Information Resources Inc., a provider of IT and security services with offices in Los Angeles and Houston.
So much so, in fact, that the world will need 3.4 million more cybersecurity workers than it has at present just to keep up with the proliferating and ever more sophisticated techniques hackers use to steal data, extract ransoms and shut down websites, according to estimates from cybersecurity industry body (ISC)2.
If there’s anything at all good about that grim state of affairs, it’s this: Today’s cybercrime explosion has turned acquiring security skills into a more or less guaranteed route to a solid, well-paying job.
Outfoxing the Opposition
Sadly, that’s likely to remain true for a long time to come.
“Security is in some ways just kind of a constant arms race between people who make the tools and people trying to exploit them,” said Chris Miranda, a security specialist at Westford, Mass.-based IT consultancy Ekaru LLC.
As a result, cybersecurity professionals devote a lot of their time to studying up on the latest vulnerabilities, exploits and defensive strategies. “It’s a very dynamic business,” Alton said. “It changes a lot, which I think helps keep it challenging and interesting.”
Scrutinizing customer environments for seemingly minor defensive gaps that can have major repercussions during an attack is another important way security experts spend their week. “You’re always trying to move the needle to more secure,” Alton said.
The kind of person best suited to such work tends to be methodical, meticulous and detail oriented. “Patience really helps,” said Miranda, noting that a lot of your job entails “making sure every ‘I’ is dotted, every ‘T’ is crossed, and all of the details are up to code and pretty much perfect, which takes a lot of work.”
So does outfoxing attackers and the crafty methods they use to sneak onto networks, which makes curiosity and a problem-solving mentality helpful qualities in security professionals, according to Ann Westerheim, president at Ekaru.
“The bad actors will do a lot to evade different protections and different detection methodologies,” she said. “To folks who love figuring out how things work, the job really resonates.”
That’s especially true of people who like figuring out things collaboratively.
“Not only does security foster a lot of cooperation, but it also requires it,” Westerheim said. “We’re constantly bouncing ideas off of each other.”
Alton agreed. “Cybersecurity is one of the few technical disciplines that is absolutely a team sport, because it’s just too hard for one person to do,” he said.
As that implies, good communication skills are essential, and not just when speaking with colleagues. Working in security involves persuading people with little, if any, technical know-how to invest in new technologies and embrace best practices like using strong passwords.
“I want to be able to break that down for them in a way that they can understand,” Miranda said.
Last but far from least, security pros need a cool head, particularly when coping with the real-time chaos of an unfolding attack. “It’s our job to control the chaos,” observed Wilfredo Santiago, vice president of threat operations at managed security provider Blackpoint Cyber. “You have to have the ability to deal with pressure and stressful situations.”
People like that come from all walks of life, Santiago said. “I’ve hired a mechanic. I’ve hired a grocery store clerk. I’ve hired a former marketing expert. All three of those folks are my top three analysts today.”
Mastering the fundamentals of both security and IT more generally is a good place for newcomers to get started, according to Alton, who recommends earning CompTIA A+, CompTIA Network+ and CompTIA Security+ certifications.
“Those three give you a baseline understanding of how computers work, why they do the things that they do and how you protect them,” Alton said.
Westerheim likes seeing those credentials on a resume too. “It’s just instant credibility on a lot of levels,” she said. “One is I know they have that foundational knowledge, which is awesome, but the other piece is they’ve got the discipline and motivation to actually study.”
Once you’ve learned the basics, there are plenty of options for where you go next. “You can work in one position and be a threat hunter, then take those same skills and apply them to incident response,” Santiago said. Tired of incident response? “You can go do threat intelligence. All those skills complement each other, so there’s endless opportunities.”
Most of them pay handsomely too. According to ZipRecruiter, the average cybersecurity professional makes $129,000 a year at present.
That’s not why people who love working in security do it, however. According to Westerheim, the satisfaction of shielding people from predators and guiding frightened cybercrime victims past a crisis is the real payoff. “For folks who are really motivated by wanting to help people, it’s very rewarding,” she said.
Are You Doing Everything to Protect Your Business and Customers?
Read more in CompTIA World Magazine!