A Career in Cyber Security

Cybersecurity – Choosing a CareerAs computer systems store more and more confidential personal, financial, medical, and top secret data, protecting that data is becoming more and more important to governments and businesses, worldwide. Enterprises must respond to the increasing number of complex threats and attacks by hiring cybersecurity professionals with deep technical experience in a variety of new and rapidly-evolving technologies. Cybersecurity is one of the fastest growing career areas, and the outlook for the future is bright. Cybersecurity professionals are in high demand – and they are highly paid, commanding salaries and bonuses that are well above the national average for other U.S. workers. One national survey found that 49 percent of respondents in cybersecurity management roles made $100,000 or more, and those in engineering and administrative roles earned in the $80,000 to $99,999 range. In the Baltimore-Washington area, cybersecurity professionals fare even better, with average salaries of more than $110,000. Those in management-level positions, can see it push even higher, averaging more than $135,000 per year. Cybersecurity jobs are plentiful, and there is a perceived shortage of workers to fill these jobs as evidenced in news reports, articles, and IT conference keynote addresses. Cybersecurity has become one of the most sought after careers in the employment market, and more and more positions open up each month with an estimate of tens of thousands of current openings in industries such as medical services, financial services, defense, retail, and manufacturing. The shortage of cybersecurity workers is likely to persist until the education and training systems can supply sufficient numbers of knowledgeable, trained, experienced cybersecurity experts with skills in areas such as advanced malware protection, threat detection, intelligence and analytics, continuous monitoring, security architecture, and data-oriented platforms. Fortunately, for cybersecurity professionals, as the field has begun to mature, clear career paths from entry to executive level roles have developed. Employees have a variety of career options and specializations available to them in areas such as operations, systems engineering, development, systems architecture, and testing. As cyber threats continue to grow both in volume and sophistication, the field of cybersecurity will continue to offer many opportunities from junior level roles, all the way up through C-level positions. Not interested in the corporate world? No worries. The industry has seen significant growth in the number of cybersecurity start-ups, and supporting investment capital. What It Takes to Get a Job in the Cybersecurity IndustryTraditionally, it requires a combination of education, experience, and certifications to land a cybersecurity job. Employers are looking for significant educational background and experience in their cybersecurity hires, with 84% of recent job postings looking for applicants with at least a Bachelor’s Degree, and two-thirds specifying at least four years of experience. 50% of all cybersecurity positions, in a recent survey, requested at least one professional certification:

• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (Security+)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)

 A recent survey bore out the fact that a significant percentage of employed cybersecurity professionals have met these requirements: 83% - Respondents said that they have college degrees

• 44 percent had a Bachelors Degree in Computer Science, Mathematics, or Electrical Engineering
• 34 percent hold a Masters Degree in those fields
• 5 percent had PhDs

 85% - Respondents said that they have a professional certification, with the most prevalent being:

• The Certified Information Systems Security Professional (CISSP)
• Cisco Certified Network Professional Security (CCNIP)
• Certified Ethical Hacker (CEH)

 When it comes to experience, the ideal cybersecurity job seeker needs a mixture of technical and soft skills. Technical – Prove to employers you can document experience in:

• IT fundamentals such as networking, systems administration, and database management
• Day-to-day operations such as physical security, networks, server equipment, applications, and enterprise storage.

 Soft skills – Show employers you have:

• The ability to communicate with IT and non-IT colleagues
• The ability to work in a team
• An understanding of business procedures and processes
• The ability to solve complex puzzles and problems and to analyze data
• Inquisitiveness – especially about technology and how it works
• Project management experience
• An understanding of how security efforts benefit the overall business

 As a cybersecurity expert, you will have a great number of career options across a wide variety of industries such as defense, finance, government, or retail. There is no one true path to working in cybersecurity. People can come at it from many angles and backgrounds including the STEM (science, technology, engineering, and mathematics) subjects and sometimes even from the liberal arts. The most important trait shared by all of those entering the field is a deep and wide interest in how technology works. You cannot protect something if you do not know exactly what you are protecting, why you are protecting it, and how it became vulnerable. Where the Jobs AreGeographically, cybersecurity jobs have historically been concentrated in government and defense hubs, but – as threats and attacks grow in the private sector – cybersecurity job opportunities are growing quickly in other markets. According to a recent Burning Glass survey (“Job Market Intelligence: Cybersecurity Jobs, 2015”), the top states for cybersecurity jobs are:

• California
• Virginia
• Texas
• New York
• Illinois
• Maryland

 Washington, DC, ranked 1^st among top metropolitan areas. The Baltimore-Washington area as a whole offers the greatest number of diverse and challenging opportunities for cybersecurity jobs at all levels. The Burning Glass survey found that this area has some of the highest concentrations of cybersecurity jobs in the country. Combining the number of jobs available in Virginia, DC, and Maryland shows that this region had more than twice as many open positions as did#1-ranked California thanks in part to this area’s high concentration of federal government jobs and jobs offered by federal contractors. Skills and a security clearance are two critical components for cybersecurity career success in the Baltimore-Washington area. Hiring managers are looking for talented, well-educated professionals with hands-on experience. Professionals with an active federal security clearance, have an advantage when applying for the growing number of positions in the government. For instance, the Washington Post recently reported that U.S. Cyber Command will grow from 90 cybersecurity professionals to 4,900 over the next few years; it is estimated that 70 to 80 percent of those positions will be filled by civilians. It is worth noting that Maryland receives more federal funding per capita for research than any other State in the nation. Among the Maryland companies currently recruiting cybersecurity professionals are:

• ManTech International
• SAIC
• Lockheed Martin
• General Dynamics
• CSC

 Virginia has more than 300 cybersecurity-focused companies, most of which are located in the Northern Virginia suburbs. Decisions, Decisions, DecisionsOne of the main things to consider when you decide to become a cybersecurity professional is whether you are willing to accept a less attractive job for less pay that will allow you to break into the cybersecurity field. If you decide to accept a lesser offering, make sure that there is a clear path of increased responsibilities and increased pay that will get you to where you want to be in the not-too-distant future. That is not the only decision you may have to face. What about working in the public sector versus the private sector? What about getting into the cybersecurity field via information technology? And will you be willing to relocate for a cybersecurity job? Let’s examine these decisions one by one. Public versus Private Sector?Future prospects for cybersecurity professionals are excellent in the public sector and in the private sector. The private sector in general offers employees higher earning potential compared with government jobs, but salary is not the only consideration when it comes to compensation. You must consider benefits (government benefits generally are very generous) and job security (again, usually better in the public sector). Nationwide, there have historically been more cybersecurity jobs available in the private sector, but this is changing as the federal government undertakes more initiatives to protect data. In the Baltimore-Washington area there are a high number of cybersecurity jobs in both sectors and in the hybrid area of government contractors. One significant downside to public sector employment is the strictness of the hiring requirements and the length of time (and red tape) it takes to apply for a job. Government employees also often are required to have a government clearance and advanced certifications. For a more thorough discussion of this decision, see the Cybrary article “Choosing a Career in Cybersecurity: Public Sector or Private Sector”. IT Experience First?Although it may be possible to make a lateral move from another discipline into the field of cybersecurity, many experts make a good argument for having as much IT experience as you can possibly get first. They believe that the secret to the cybersecurity profession is to gain all the computer experience you can before you even begin to think about a career in cybersecurity. It makes sense that you cannot be expected to protect computers if you do not have intimate knowledge of a computer system, and you cannot secure a system that you do not know how to configure. In other words, to be useful in the world of cybersecurity first become the best computer professional that you can be. Am I Willing to Relocate?Traditionally, cybersecurity jobs have been clustered near defense industry hubs, but that is changing somewhat as more and more private companies realize their need for cybersecurity. Nevertheless, you may need to make the decision at some point whether to relocate to take the cybersecurity job of your dreams. Family obligations and financial considerations will have to be factored into your decision, and you may need to seek advice from a financial planner and/or a lawyer. Just make sure that you do your due diligence on both ends of the move – where you are now and where your dream job is waiting. Next Steps to Begin your Cybersecurity CareerContinuing education, certification, and training all are keys to getting hired for a cybersecurity job, but even a cybersecurity job candidate who has the required education, experience, and credentials (including industry certifications) can do more to increase the chances of getting that perfect cybersecurity job. First of all, do not put all your eggs in the typical HR hiring route basket. It is unfortunate, but true, that applications are filtered by keywords and reviewed by people who may not have a sufficient understanding of the field of cybersecurity. Therefore, you might consider finding a good recruiter who works in the IT and/or cybersecurity industry, and make sure the recruiter understands you and your background and experience. If this does not appeal to you, try to find a way to contact hiring managers (not HR people) directly by using Internet searches and sites such as LinkedIn. And by all means ask for an “information interview” when you find a company in which you are interested. Social networking – both in person and via Internet sources – is another effective tool to use in your job search. It is also important to build professional relationships with people working in the cybersecurity industry before you start searching for that perfect job. Don’t be shy about asking for advice and feedback from cybersecurity professionals whom you know and respect. In addition, you might want to pursue one or more of the following strategies:

• Talk to fellow hackers
• Be active on cybersecurity message boards
• Seek advice from respected bloggers
• Ask your (current or former) professors for referrals

 Make sure that your resume is attractively formatted, easy to read, and free of spelling and grammatical errors. Recruiters are extremely busy, and spend 10-15 seconds reviewing it. As they skim, they look for reasons to exclude you for the position. Step 1: Purpose/Objective – Recruiters want to be glance at your resume and know what your intentions are. Keep it clear and concise Step 2: Does the Job Description cite a requirement for a Security Clearance, particular certifications, or skillset? – Consider reformatting your resume to highlight those items upfront. This will “keep” the recruiter interested, and reduce the chances of them “not reading far enough”. Step 3: Highlight your degrees, relevant job experience, hard IT skills, and any other IT achievements you have. Bonus. Be sure to include soft skills such as:

• Management experience
• Experience working in a team
• Communications skills – especially if you can cite technical writing or presentation skills.

 Lastly, make sure that your LinkedIn (and Cybrary) profile are professional and kept up to date. Listed below are several other things that should be on the “to do” list of any serious cybersecurity job seeker:

• Ethics – it is important for cybersecurity professionals to thoroughly understand exactly where the legal line is on their actions.
• Join an organization that will keep you abreast of what is going on in the industry.
• Always keep learning and gaining experience in the field.
• Attend cybersecurity conferences and seminars (check with your local institutions of higher learning – especially those designated by the National Security Agency as centers of academic excellence in information assurance).
• Work as a volunteer or as an intern until you land that perfect job.
• Increase your technical knowledge by teaching yourself to code in new languages and by building your own computers and networked systems.
• Participate in cybersecurity contests and training games.
• Look for, and document, vulnerabilities on open source projects and sites.

.One more very important thing: do an Internet search on yourself and run a background investigation to see if any red flags pop up. Fix any problems you find, and do not ever post anything online that you would not send to your grandmother! Cybersecurity is a very sensitive field, and employers look for candidates with clean backgrounds and verifiable common sense. After you have been hired in your perfect cybersecurity job, be sure to update your friends and colleagues about your job change, and always be aware of how you may be able to help others in their job searches. Even More Important: Things Not To Do If You Want To Be a Cybersecurity ProfessionalIt is good to be positive and to do everything right when looking for a job in cybersecurity, but it is just as important to know what you should not be doing. The information below presents some advice for how to avoid some of the most serious pitfalls that may befall you during your job search. Do not-- be someone who is limited by an irrelevant educational background, a lack of security experience, or inadequate skill sets. Make sure you are prepared for the job you are seeking. -- be lackadaisical about job search and interviewing basics. Make sure your resume is clean, neat, error-free, and responsive to the job being advertised. Don’t let your LinkedIn profile become out of date, and keep it relevant to the field of cybersecurity. Prepare thoroughly for interviews by doing your due diligence on the company and, if possible, on the people who are going to interview you. Ask thoughtful and relevant questions (ditch the ones about salary, benefits, and the company culture). And do not under any circumstances try to embellish your experience or skills. People hiring for cybersecurity jobs are suspicious by nature; do not arouse their suspicions. -- underestimate the importance of practical skills. Degrees and certifications generally are not enough by themselves to get you a job. Most people who hire cybersecurity professionals care about the practical skills that you bring to the job. Make sure yours are up to date and relevant to the job you want. -- allow yourself to be perceived as someone who is not a team player. More and more cybersecurity roles are interacting with entities outside of the IT department. Being able to work in a diverse team often is seen by hiring executives to be more important than your technical skills. -- try to portray yourself as a jack-of-all-trades. Cybersecurity is a wide and deep field. No one can have mastered it all. Don’t try to pretend that you have. -- ever stop being flexible and being yourself. Moving from working for a small company to a large one – or vice versa – will present challenges in understanding how the new-to-you company works. Don’t bring preconceived notions from your previous job. Don’t be afraid to let your passion for and devotion to cybersecurity show by taking on added responsibilities, but don’t try to impose your ideas on everyone around you. -- misunderstand what cybersecurity is all about. Not everyone is cut out for a job in cybersecurity. Do not fail to do your due diligence and to be prepared. And finally...do not accept the first salary offer if you do not think it is fair. Get all the details about salary and benefits and be prepared to negotiate if you think you are worth more. Best of luck in your cyber security careers; and as always: Happy Learning!