If your goal is to break into security but not sure if it’s something you’d like, read on to discover that there’s something for nearly everyone. There are many different types of cybersecurity jobs available, and the demand for filling these positions will continue to rise in the next 5 years.
Whether your start in IT is to tackle the tech, wrangle the networks, order the development, or unobscure cybersecurity, there are many ways to grab that awesome cybersecurity job in the future.
When you think of IT positions, you think of the breath of the knowledge. IT jobs can be focal or wide spreading, ranging from generalist, interdisciplinary, or specialist work. When I started in the early 2000s, it was important to be a generalist.
Fortunately for now, service management is becoming more important and you’re not finding as many one size fits all IT roles as much as you used to.
The type of knowledge and how specialized it needs to be depends on the type of role you would like to fulfill.
Security professionals are better at stopping threats and performing their necessary duties more than they are given credit for. Everyone will understand this somewhat if they’ve worked in IT, but it seems to be amplified in security, especially if a lot of your work is behind the scenes.
People don’t talk a lot when things are working smoothly. But when things go awry or if a bit of spam emails or malware get through to an endpoint, boy do you get an earful.
Your work may not be perceived as important as it truly is and even people within your own department may not understand what you do and how to truly help you.
I remember reading an article from a CIO magazine in 2008 that IT leaders were wanting more IT nerds with communication and business skills. Raw tech talent wasn’t enough anymore and it’s time for the introverted technomancers to level up their people skills.
This isn’t a wishlist item anymore. You need to be able to communicate well to advance nowadays. Your skills are still important but once again, raw talent won’t lead to a fulfilling career.
Here’s what you need to be able to do to be among the best:
- Improve your communication skills
- Analyze information through comprehensive research. Simple Googlefu isn’t enough anymore.
- Be able to benchmark and find best practices
- Be able to plan or progress in projects
- Learn how to speak with regards to risk
- Understand enterprise management functions beyond its technical needs
There are many different types of jobs out there. What's interesting is that similarly to IT jobs, cyber roles have grown more specialized as well. For example, you're seeing less and less general security analyst jobs than you used to.
Security Analyst (Specialized)
Depending on the role and how specialized the role is, responsibilities may include:
- Protection of digital assets and data loss.
- Security monitoring and reporting.
- Creation and administration of security controls.
- Administration of network security tools.
- Conducting blue team investigations.
- Conducting internal or external security audits.
- Point of contact for 3rd parties and special projects.
- Create or evaluate information security policies.
- Communicate with or manage vendors.
Security engineers are the heros that help setup and configure systems. These are very common in MSPs and enterprise sales teams. Besides technical skills, it's required have strong communication skills.
Since the goal for an engineer is system integrity and quality control, these pros help IT departments understand cyber issues.
Security architects are great in that they are more business problem solvers than previous security positions. Sure they are still technical, as they are heavily involved in an organization's security infrastructure. However, the focus is on business requirements and information needs.
Setting up computers and network infrastructure is only the beginning. Systems must be maintained and evaluated to make sure business needs continue to be met.
Security Researcher/ Vulnerability Analyst
- This can be a regular position at a company or a position at a security research organization like SecuriTeam.
VIP Security Consultant
Someone who digitally serves and protects people of interest.
- The Rich and Famous
- Executives (not an IT employee of the company)
- Other people who are big targets
Other Cybersecurity Jobs
Cybersecurity can be made up of many broad functions:
- Network security
- Host security
- Application security
- Privacy and ethics
- Regulation and law
- Copyrights and patents
- Physical security and fire suppression
- Disaster recovery and business continuity planning
- Project management
- Business development
- Data, integrity, records retention, and storage
- Optics, PR, incident response
- Hacking, blue teams, and red teams
- Policy management and documentation
How to Determine Which Security Job is For You
In the beginning, you may not be able to pinpoint exactly what you want to do.
However, that’s no excuse to be lazy. You can always fine tune your path while you are in it.
Look at State of Cybersecurity and IT Industry as a Whole
Usually when you are evaluation jobs for a potential career path, you want to check to see if the industry or field is worth getting into. When you do this for cybersecurity, you’ll see the ever increasing number of predictions to suggest there will be more jobs than people who can fill them.
Therefore, growth won’t be a problem.
The industry has changed dramatically over the past five years. A lot of the developments happening now and the developments that will be established in the future will create jobs that don’t even exist yet.
I have yet to see mass layoffs that weren’t expiring contracts. Besides, if something does happen to a cybersecurity job, you’ll have another one by the end of the month if you’re passible, let alone a top performer.
Morale is typically good with employees who work in this area as they are driven by the nature of the work they do. This is of course assuming they aren’t severely underpaid as that could cause morale to be low. Again, there are so many jobs in this space that if your pay isn’t at market rate, you can easily get the salary you deserve. If you get in cybersecurity now, you’ll have great positioning when these types of jobs mature and become harder to get.
I want you to do 3 things before you move on:
- Find a couple professional websites, newsletters, and journals that you like that relate to IT and security. It may also help to read a few good cybersecurity books.
- Find a local relevant organization you can join. If there isn’t one that appeals to you find a group or meetup you can attend.
- Follow some important people in the industry that you like. There are many IT and security folks to choose from. Bonus points if they are local to you.
Look at What Work is Like
Get an idea what a typical workday looks like. Depending on the role that interests you, this could be challenging as certain positions tend to have different days.
Search on YouTube for a day in the life of whatever position you’re interested in. There are more materials are out there than there has ever been. If it isn’t obvious by this point, find out what skills are required for the position you’re interested in.
See what parts of the job are most challenging and why people who do the jobs remain. What motivates them? What do they find most enjoyable? Does this resonate with you?
Research some of the dangers associated with job, even if it’s unquantifiable risk or exposure. What will some of the nuances and “gotchas” will you need to learn?
Are you willing to be on call or work past 5PM and on the weekends? How about a consistent year-round schedule or a seasonal or academic schedule?
Another helpful tip is to volunteer at a STEM event or make a connection to be able to tour a facility. It sounds a bit ironic that it would be easy to tour a secure facility, but it can be done. I’ve toured many places in the last 4 years by making connections. Yes, this was all in the up and up.
Look at Pay and Advancement Opportunities
Let’s face it, money is important. It’s ok to be guided by pay but don’t let it define you. You still need the skills and desire to perform the work.
Look at starting salaries in your area versus regional and national averages.
Here are a few resources to get you started:
- IT Occupational Outlook Handbook by the Bureau of Labor Statistics. The grouping is a bit out of date but the statistics BLS generally provides are useful.
- Cybersecurity Supply and Demand by Cyber Seek. I love this website. It has more than salary information. Bookmark it and take a look around.
Do some digging to see if job hopping is necessary to get promotions. Depending on the sector and where you are located, job hopping may be required to get your raise. Check out this post on more information on cybersecurity job myths, including info on raises.
In many different companies, security jobs are new, and companies don’t know how to value the people who fill them.
I like to start from an end position, pinpoint where I presently am and fill the potential spots in between. If you do this, you’ll be able to gather about how long it takes to get into management and how long it takes for managers to rise to the top.
Take a look at the background of senior level leaders, especially at the executive level. What got them to where they are? If you can’t find a useful bio, ask them directly. I think you’ll find these folks are more approachable than you think. Especially, at a conference or group event.
Look at Skilling Up
Besides education, what is necessary to learn to qualify for your job?
How do most people enter the role you want? In general people enter security from all manner of positions.
Not including soft skills, which of your skills are you strongest in?
What gaps in knowledge do you have that would prevent you from getting the role you’re interested in?
Ramit Sethi of I Will Teach You to Be Rich has mentioned that your resume needs to show a narrative. What narrative do you want to get across? How are you structuring your resume to make sure your narrative is received as intended? What skills do you need to better support that narrative?
Which courses or certifications do you need in order to qualify for your intended role?
Finding a Worthy Company or Organization
Which companies, agencies, or organizations can you best serve? What companies might be interested in hiring someone with your background?
Is it a 3 letter agency?
- DHS, NSA, FBI, ATF, etc.
What type of lifestyle changes are necessary to work at your potential job?
- Frequent travel or casual business meetings
What type of personal attributes are necessary for success?
- How do these people talk?
- How do they present themselves?
What jobs make use of your background?
- Skills, education, and experience
Why do people leave this company?
Are there opportunities for self-employment in this space? Where?
Becoming Worthy Yourself
We briefly discussed building blocks and skilling up. I would be remiss if I alluded that cyber and information security jobs were all about progression.
There’s more nuance, more marketing and self-promotion that goes into a successful security career.
I mentioned previously that many security positions that are popping up now are new. These organizations do not yet know the value of these positions, let alone heed the advice you bring. You need to be able to gather and properly relay the information to them.
It doesn’t stop at the job itself, you need to be able to market and promote yourself, more so than you normally would as an aspiring contributor of the workforce.
Thanks for checking out this nearly 2K word post. If you are the least bit curious about cybersecurity jobs or information security jobs, I highly recommend you do the work and move forward.
It’s definitely worth it.
In the meantime, let me know what else can be added to this post besides more job examples. There’s so much information to write in this space but I at least want this post to make you think. Now get to it.