Considering pursuing a career in cyber security?
The cyber security industry is gradually growing as we are encountering global events that limit physical interaction with clients and more companies are adopting digital, cloud technologies. Estimates are as high as 2 million unfilled cyber security jobs as of 2019, according to ISACA. Demanding roles include technical, operations, coding, business, service provider and more. The breadth and depth of the industry means that depending on your interests, there are security related jobs in that area. Top jobs can pay $200,000+ per year, based on location, experience, specialization and responsibilities.
Have an overview of the roles, organization types, and local employers within the industry. We will then look into specific qualities and skills that hiring managers seek for.
Security Operations – A unit that oversees the security issues on networks, servers, endpoints, databases, applications and other environments.
Blue team – A group of security professionals that has the responsibility to protect company assets against potential threats.
Red team – A group of security professionals that evaluate an organization’s security system to strengthen its defense against cyber attacks.
Governance, risk management, and compliance (GRC) – A team that strategizes and manages the areas of governance, risk management, and compliance within an organization under standardized regulation.
Forensics and Incident Response – A unit that is responsible for investigating and analyzing the sources of any suspicious activities or cyber threats. The team will also suggest the approach to address the aftermath of any incidents and activities.
Research and Development – Individuals that are in charge of developing a set of standards and best practices for an organization to abide by, in order to maintain good cyber hygiene.
Security Architecture – A team that strategically designs the security architecture of an organization. It includes the framework and countermeasures to improve network security and mitigate risks.
CISO/management roles – The Chief Information Security Officer (CISO) or managers supervise the overall execution of an organization’s security program, including the regulations and incident response plans, security architecture, databases, processes and strategies.
Sales – Individuals who introduce prospects with a company’s products and services, and drive sales.
Consulting – Provide advice and recommendations for organizations to overcome cyber security challenges and prevent future threats.
Examples of BC local companies that demand cyber security talents:
Internal organizations: TELUS, Province of British Columbia, BC Hydro, ICBC, Finning, Vancity
Service providers: TELUS, IBM, Deloitte, Hewlett Packard Enterprise, Herjavec Group, Long View
Vendors: Fortinet, Sophos, Cisco, Absolute, Ping Identity, Microsoft, amazon.com, Cmd, LoginRadius, StandardFusion
Key desirable qualities and skills that hiring managers look for:
Open to feedback and learning
Willing to take responsibility and problem solve
Making mistakes and learning from them – this is how we all grow
Hacking (Social Engineering)
Possessing the above skill sets and qualities puts you in a good position, however, qualifications of various positions within the industry are different. Some hiring managers also consider cultural fit.
Do research on the qualifications and requirements of the position you are seeking for and specifically build up on those skills that will make you a better match for that role.
What makes you a great security professional?
Attend events to make connections and network with professionals that are already in the industry: https://www.kobalt.io/vancouver-events.
Participate in Capture The Flag (CTF) competitions.
Build a IT home lab for yourself to upskill yourself in this structured learning environment (vendor freebies).
Work on a certification – there are a lot of free online resources available for you to showcase the work you have done to enhance your profile.
Read books, blogs and listen to podcasts and webinars: www.kobalt.io/learning. Kobalt.io has a webinar series called Attack and Defense that you may find beneficial to get more insights of the industry.
Be active within your network and take initiatives to develop your hard and soft skills. Let’s connect! Connect with us on social media to learn more about the industry and get more tips on cyber security!
Kobalt.io assesses, develops and runs cyber security programs for small and mid-sized organizations. We provide security operations and advisory services to your organization – to empower your ability to embrace cloud infrastructure; protect data stored in critical SaaS applications and your corporate environments, and ensure confidence in your security visibility.