There is no denying that the cybersecurity sector is one of the hottest job market verticals in the world. In 2016, Forbes projected the total market for cybersecurity services would grow from $75 billion in 2015 to $170 billion in 2020. And businesses large and small have taken notice, recognizing the need to hire qualified IT security professionals who can help protect their networks, customers, and partners.
Our recent research indicated that last year, one-third of companies placed improving their in-house security expertise among the top three priorities of their IT security investment. Almost half said they were experiencing a talent shortage.
But finding the right talent to meet the burgeoning opportunity has been a challenge — a skills gap such as this is rarely seen in such a fast-growing tech sector. The Forbes article above noted that 209,000 cybersecurity jobs in the US remained unfilled in 2016. And the talent gap doesn’t appear to be shrinking. Earlier this year, TechRepublic estimated the jobs gap in cybersecurity will increase to 1.8 million unfilled jobs by 2022.
So what is causing this cybersecurity skills gap, and how we narrow the gap? What additional skills do undergraduate and graduate students need to meet the needs of top cybersecurity companies?
To answer these questions, we talked with several IT and talent executives at Kaspersky Lab. Six tips we compiled based on their responses follow.
Get internships and certifications
Our first tip may seem obvious, but it’s one of the most important building blocks of a cybersecurity career. Top cybersecurity companies and independent businesses want employees who already have a basic level of experience. Gone are the days when even entry-level jobs could be filled with candidates looking to get on-the-job experience. Tech workers need to be proficient in the basics and have the experience to prove they can walk into a job ready to contribute.
We also advise security job-seekers to pursue advanced certifications such as the CISSP (Certified Information Systems Security Professional) as a bare minimum. Additional certifications will only make you more desirable to potential employers.
Have cybersecurity basics down cold
Qualifications for a cybersecurity greenhorn can vary. But any student looking to break into the cybersecurity field should have a strong understanding of the fundamentals and a thorough technical understanding of networks. Below are a few areas on which to focus:
- How servers work
- How clients work
- How networks and cloud services work
- How SPI firewalls work
- How Next Gen firewalls work
- How IPS/IDS systems work
- How exploits work
And for those interested in a serious career fighting malware, reverse-engineering skills are must.
Follow the leaders
Few IT sectors are more fast-paced than cybersecurity. So how do you stay up to date? It’s simple: Read, read, and read some more. Develop a list of cyberleaders on Twitter and other social media channels and follow news and analysis on breaking cyberthreats.
Learn all there is to know about Petya, NotPetya, and other threats, and follow news about global hacker groups to become familiar with the threat landscape. Understand how hackers infiltrate networks, and learn from the pros about how they detect and mitigate DDoS attacks.
Show your worth
Similar to our advice above about internships and certifications, it is important for any aspiring cybersecurity professional to have hands-on experience to show their proficiency in the space — and this experience can come in more than one form. One smart way to showcase your abilities is to set up a test environment. It will help you gain experience and will demonstrate your proficiency to potential employers. Any work you can do to establish your credibility as a threat analyst or security engineer will be time well spent.
Pick a specialty
Specialization is important to career success — especially in computer engineering. Following are several options we recommend for any young cybersecurity leader-in-training.
Security engineering, or defensive security — anti-DDOS, Web content filtering, IDS/IPS, firewalls
Security auditing — pen testing, patch deployment confirmation, password audit, forensic, ethical hacking
Information assurance / incident response — SIEM, security policies, log analysis, external audit response, DLP
Application security — application code security review, AppDev QA, architecture review, AppDev security standards
Have a “hero” mentality
A large part of working in cybersecurity is having a strong, positive mindset — a bit of a hero complex. At Kaspersky Lab, our mission is to save the world from cyberthreats, and we don’t take this mission lightly. Bad actors pose a major threat to society, and good cybersecurity professionals need to have high ethical and moral standards — you have to want to do good and to make the Internet a safer place.
It is also important to note that white-hat hacking is very stressful job. Not only do cybersecurity professionals have to stay on top of the most recent threats, reading and researching these topics in their free time, but they also have to be passionate about staying ahead of the black hats. You will have to be up on current events, to know protocols, operational systems, and policies inside and out. You have to love this stress and you have to love keeping up with the industry.
More opportunities in cybersecurity are available for smart, persistent researchers and developers than ever before. Follow these lessons and soon you will be on the front lines of the hacker wars. We will welcome you to the fray!