Following the Cyber Sec Road: 5 Top Jobs in Cyber Security
It is a common misconception that to work in cyber security, you need to have an IT background. Whilst this can be beneficial, it’s not necessarily true.
Whether you studied the Arts or Sciences, whether you like to work solo or in a group, there are plenty of cyber security career paths to choose from. Below, Tom Gaffney, Security Advisor at F-Secure, discusses the top jobs available and what they entail.
The current cyber security skills shortage is a well-discussed topic, as is the current under-representation of females. However, many organisations are working to rectify this.
Our own organisation of 1,700 F-Secure ‘Fellows’ come from many different countries and backgrounds, with diverse educational backgrounds, skills and experiences. Yet all are happily ensconced within the cyber security industry, reinforcing the notion that you don’t need to be a nerd to succeed.
Cyber security professionals have never been more important than they are now and with cybercrime damages predicted to cost more than $6 trillion by 2021, and a worldwide shortage of workers anticipated to hit 1.8 million by 2021, companies are offering great salaries to entice the best employees.
There is no one linear path to a career in cyber security but, for the purpose of this piece, we’ll look at a few of the most popular choices:
1. Security consultant
A security consultant is the IT equivalent of Obi-Wan Kenobi – an advisor, guide and all-round security guru. In a consultant role, you could expect to regularly design and implement the best security solutions for an organisation’s needs. For example, you may be performing vulnerability testing, analysing risk and responding to security issues on a daily basis.
2. Penetration tester/ethical hacker
Ethical hackers inhabit one of the more ‘glamorous’ jobs in cyber security and are routinely called upon to test the efficacy of an organisation’s cyber security by attempting to hack into the network. In doing so, these pen-testers help identify vulnerabilities whilst also having an extensive knowledge of evolving cyber threats and the latest tools cyber criminals are using. A further development in the career of a pen-tester is ‘red teaming’, which includes trying to access and discover vulnerabilities in a company’s physical network using tools such as social engineering. Red teaming skills are not necessarily technical – these often include behavioural sciences and good communication skills.
3. Security architect
A security architect is responsible for maintaining the security of a company’s IT system. They need to think like a hacker, anticipate hacker tactics and deploy the defences that will best protect the organisation. Their role involves understanding every component in their IT infrastructure and adding to the system’s security by implementing both hardware and software upgrades.
4. Infosecurity crime investigator/forensics expert
As with physical crime, a cyber crime will also leave behind clues for an infosecurity investigator to identify. In this role, you would be expected to examine and explore traces of cyber attackers within operating systems and networks, combining the analytical skills and attention to detail of a forensic expert with the technical acumen of a security professional.
A Chief Information Security Officer (CISO) is a senior level role within any organisation that requires a combination of security expertise and business knowledge. As one of the most demanding jobs in cyber security, CISOs often balance legal, regulatory, technical and internal business objectives and requirements on a daily basis. Despite being a high-pressure role, it can also be one of the most exciting within cyber security as you get to work across multiple areas of the business.
Cyber security is one of the fastest growing markets in the world and as cyber criminals become more audacious with their attacks, the industry is in need of experienced personnel. As a result, the number and variety of roles available offer a career like no other. We just need to get the word out ther