Cyber security is big business – and it’s only going to get bigger. In fact, the world will spend around $86.4 billion on information security products and services before the end of the year, according to figures collated by Gartner. This represents an increase of 7 percent from 2016.
Given the market’s explosive growth, perhaps it shouldn’t come as too much of a surprise to learn that there’s a significant skill shortage in the industry. ISACA, an independent organization that advocates for information systems personnel, estimates that there will be a global shortage of two million cybersecurity professionals by 2019.
The demand is clearly there, but getting into the industry can be a bit confusing, particularly when compared to other career paths. Lawyers go to law school, tradespeople take up apprenticeships, but where do you go if you want a job in cybersecurity?
To find out, we talked to a bunch of people at Emsisoft and reached out to those in the wider InfoSec community who are working hard to stay one step ahead of the cybercriminal. Here’s what they had to say:
Do you need a degree to get a job in cybersecurity?
Countless colleges and universities around the world offer undergraduate and postgraduate programs specializing in computing and cybersecurity. Acquiring a college degree doesn’t guarantee you a job, but it does show that you have a fundamental understanding of IT security. It demonstrates your commitment to your career and can be an important asset if you’d like to one day move into a management position.
In saying this, getting a college degree is not a prerequisite to getting a cybersecurity job – in fact, none of our malware analysts, who are among the best in the industry, have got a cybersecurity degree :). In the IT world – perhaps more so than in other white collar industries – experience is always the most valuable thing to have on your resume. Being able to show that you can apply your skills and knowledge in the real world helps you stand out from other candidates who may be qualified but lacking in practical experience.
For Michael (AKA Demonslay335), a software analyst and senior bench technician at MalwareHunterTeam, his passion for programming naturally led him to a career in cybersecurity.
“I’ve always been a programmer, so seeing how things break has just been an extension of that. Hacking (and defending from it) has always been an interest to me, and in particular when it comes to doing so with cryptography. This is naturally how I became interested particularly with ransomware – programming plus cryptography.”
While passion certainly helps fuel the fire, in many cases you may need formal learning to plug certain knowledge gaps or broaden your skillset. Many cybersecurity professionals, including Emsisoft’s Head of Support David (otherwise known as hoverdave), say their career is the culmination of both practical experience and in-school training.
“I started by learning about viruses for Apple IIe in about 1984, and trying to figure out how they work. I was more interested in advanced infections, but didn’t touch them until much later when I started learning how to clean them in 1991, then specialized in the small shop I ran in 2005. I started training in a UNITE malware removal school (geekstogo.com) in 2010, and now I teach at Geeks To Go and Bleeping Computer, in addition to working here at Emsisoft.”
TL;DR: You don’t need a degree for a career in cybersecurity, but formal education can help.
Salary expectations for cybersecurity jobs
The cybersecurity industry pays well for the right people. In 2016, the median annual wage for information security analysts was $92,600, according to the United States Department of Labor. The lowest 10 percent earned a salary of less than $53,760, while the highest 10 percent earned more than $147,290. Security analysts working in management, scientific, and technical consulting services sectors had the highest median wage of $101,440. Of course, these numbers can vary wildly depending on your experience, qualifications and location.
Despite the handsome salary, money isn’t necessarily the be all and end all when it comes to choosing a career. Many people get into cybersecurity not for the money, but for the challenges involved with fighting malware and out of desire to help and protect others.
TL;DR: In the US, the median salary for information security analysts is $92,600.
How to start a career in cybersecurity
As with any career choice, there’s no one-size-fits-all blueprint to securing a position in the cybersecurity field. However, there are a number of things you can do to greatly improve your chances:
1. “Study. Research. Be intent about it and don’t give up” – hoverdave
“If you learn something,” says hoverdave, “and it leads to a new term or concept you don’t understand, write down what you were researching, then research the new thing. Keep doing that until you fall off your chair, then do it again the next day. That level of research is the main difference between those who know and those who don’t, and it can be done completely on your own, without paid schooling (which is also important on a resume).”
Broaden and deepen your technical skills by enrolling in a relevant course at your local community college, or make use of websites such as edX that offer free, reputable programs from real universities.
TL;DR: Be curious and never stop learning.
2. “Get involved in learning and in the community” – xXToffeeXx
Networking is still key. No, we’re not talking about firewalls and ethernet cables (though you should probably know how that stuff works, too!) – we’re talking about using your connections to aid your professional development.
“Get involved in learning and in the community,” recommends Emsisoft malware analyst Sarah, more commonly known as xXToffeeXx. “There are a number of good resources out there. For example, the MalwareAnalysisForHedgehogs and MalwareTech channels on YouTube make good tutorial videos for malware reversing.”
There are many ways to connect with the IT security community. Attending meetups and conferences, making friends with existing security professionals and generally make yourself known in the security community are all excellent ways to get your name out there. Meeting people virtually via Twitter and LinkedIn can also be beneficial.
Sarah credits the InfoSec community for ultimately helping her secure a job in the industry.
“While browsing the internet, I stumbled across BleepingComputer; a community which dedicates itself to helping others with computer issues. My attention was instantly drawn to the malware related sections, where I became fascinated with how those helping managed to take a severely infected system and disinfect it. BleepingComputer helped connect me with a number of people, many of which I’m good friends with to this day, and ultimately led to my job at Emsisoft.”
TL;DR: Connect with and learn from the InfoSec community. They are generally a very helpful bunch!
3. “Be curious, and willing to constantly learn… a lot” – Demonslay335
As we noted earlier, formal education isn’t always necessary for getting a job in cybersecurity, but obtaining the relevant certifications sure can help. CompTIA Security+ is just one example of a respected and widely-recognized entry level certificate.
There are many ways to gain IT security experience without going to college. One of the most common paths involves getting your foot in the door with an entry-level position in customer service, technical support, computer programming and so on.
As you gain experience in this role, try to take on more security-related tasks, gradually hone your skills and move into increasingly security-focused roles. While working your way through the ranks, be sure to make use of self-directed learning (more on that later!) to continue to expand your skillset and show prospective employees what you can do.
Before you know it, you’ll have a healthy amount of experience under your belt and will be well-equipped for a fully fledged position in cybersecurity!
TL;DR: Stay thirsty for knowledge.
4. Use your initiative
Experience is critical for developing a good career in cybersecurity. Due to the sheer breadth of the industry, it sometimes can be challenging to gain relevant experience in some IT roles, but with a bit of initiative it’s possible to build your practical knowledge with self-directed learning such as:
- Open source projects: Test your technical abilities while building on your teamwork skills by creating or contributing to an open source project. GitHub is a fantastic platform for collaborating with like-minded developers around the world.
- Cybersecurity contests: Put your skills to the test in a competitive environment. Contests such as CSAW give you the opportunity to use your initiative to solve simulated IT security problems.
- Broaden your responsibilities: Volunteer to handle more security-related tasks in your current role. This hands-on experience is a superb way of broadening your skillset and prepares you for progressing into a more security-oriented position farther down the track.
TL;DR: Use your initiative to take on more cybersecurity duties and make a name for yourself.
5. Brush up on your soft skills
Like it or not, cybersecurity isn’t just staring at computer screens all day. Whether you’re working in a team or providing support to other employees, a big chunk of your day to day responsibilities revolves around being able to communicate effectively, whether that’s IRL or online. With this in mind, be sure to sharpen up your social skills as well as your technical expertise.
TL;DR: Know how to talk to people. Both online and IRL.
The future of cybersecurity and you
“The field is always changing and it’s interesting to theorize what the future may be.”
The cybersecurity industry is rapidly expanding. In the years ahead, people around the globe will increasingly come to depend on upcoming, tech-savvy talent to protect their data from malicious digital threats. This is your opportunity to follow your passion and while using your skills to help exterminate cybercrime and make a positive difference in the world.
If you’re thinking about a career in cybersecurity, there really is no better time to start pursuing your dream job than right now.
Do you have any questions about starting a career in cybersecurity? Let us know in the comments below and we’ll be sure to answer them as best we can!
Have a tremendous (malware-free) day!