Building a Successful Cyber Security Career
26 May 22 by Sourced
As our lives become more intertwined with digital systems, more businesses are on the hunt for cyber security talent to help protect and defend their networks and resources -- and they're willing to pay a premium to get the talent they need.
About 60% of organisations struggle to recruit cyber security talent, while 76% of company boards now recommend increases in cyber security hiring, according to Fortinet's recent global report on cyber security skill gaps.
As cyber security is one of the most strategically important areas in IT, the long-term outlook for job growth is widely reported as positive, which will continue to create plenty of opportunities for people looking to work in this field.
If you already have IT experience and are looking for cyber security jobs, there are numerous domains where knowledge of coding, network administration and cloud architectures is highly sought after by employers.
Are you interested in discovering how to get into cyber security as a career? Below we share some of the key specialisations in the space, the core skills cyber professionals need and the qualifications that can lead you towards cyber security career success.
Specialisations in Cyber Security
Cyber security is as diverse as it gets in IT, with a broad range of entry points and technical specialities to choose from. Here are some of the options to consider when determining the career pathway that’s right for you.
Penetration Testers specialise in finding exploits to break into networks, databases and even physical premises, and reporting on the flaws they find. They're either employed in cyber teams as part of an IT department, or in security consultancies working for various clients.
Often referred to as 'pen testing', in the past many professionals in this discipline have self-taught and honed their skills from a young age, but employers increasingly look for formal IT qualifications. Average penetration tester salaries are NZ$116k.
Incident Response and Threat Analysis
Incident Response Analysts are, as their name suggests, the first responders when a cyber incident first occurs. They are responsible for investigating, analysing and initiating an organisation's response to an incident and working to limit the damage. Proactively identifying threats and attacks is a major part of the role, as prevention is more cost-effective than reacting to issues as they arise.
The average salary for an experienced analyst is NZ$129k.
Application Development Security
This work involves looking for vulnerabilities in the design and coding of software applications and websites. IT professionals with a background in software development or software engineering are a natural fit for application-focused cyber roles. Salaries for Security Engineers fetch an average of NZ$130k.
Network and Cloud Security
Network security relies on the proactive detection of weaknesses and neutralising incoming threats to network architecture, including connected applications, servers and hosts. Other branches of this work include endpoint security and identity and access management (IAM), which involve designing or managing systems with in-built control of who or what can access a network. As more people work remotely across a wider array of devices, managing endpoint security will become more of a concern for businesses large and small. The salary average for a Network or Cloud Security Engineer is NZ$119k.
Information / Data Security Management
Information security – sometimes referred to as 'infosec' – involves designing and overseeing company-level policies and practices that keep an organisation's data secure. Key roles in this domain include Chief Information Security Officer (CISO), which has an average salary of NZ$194,846 and Information Assurance Manager, which pays an average salary of NZ$130k.
Key Skills for Cyber Security Professionals
While most cyber roles require some level of technical knowledge, soft skills are also critical for success and become more important in senior roles.
A high level of curiosity and analytical thinking are essential for understanding the latest developments in tech, anticipating threats, and spotting new weaknesses. Employers will look for evidence of 'outside the box' thinking and that you're able to consider an issue from multiple angles.
Communication, collaboration and leadership skills are also important, as cyber security is always a group effort within an organisation. Many cyber professionals must be able to interact with end-users across the business, including the C-level, and explain complex technical issues in ways that laypeople can understand.
Knowledge of specific coding languages and technical frameworks remains integral to many cyber security professions. Examples of technical skills include network protocols, scripting (Python, PowerShell) and programming languages (Java, C++), DevOps, intrusion detection software (SIEM, IDS and IPS products), forensic software, SQL and database management, as well as all major operating systems. While it isn’t necessary to possess all these skills concurrently, some key cyber roles might require a combination of them.
Cyber Security Training and Credentials
Many cyber professionals do not have formal qualifications and some entry-level roles do not require a degree. However, a background in IT is still sought after by employers for most cyber security roles.
A vast range of certificate and boot camp courses have also proliferated in recent years, allowing people with existing IT skills to obtain more cyber-specific training.
Examples of industry certifications include CompTIA Security+ (information security), and CompTIA Network+ (wired and wireless networks).
If you're after a role in pen testing, examples of widely recognised certifications include EC-Council Certified Ethical Hacker (CEH), Mile2 Certified Penetration Testing Engineer and Digital Forensics, or a SANS certification.
Moving higher up the ladder, certifications for senior cyber security professionals include the GIAC Security Leadership Certification (GSLC) and the CompTIA Advanced Security Practitioner (CSAP) Exam. Other examples of 'elite' cyber security credentials are the GIAC Security Expert (GSE) or the Certified Information Systems Security Professional (CISSP) program.
If you’re looking to break into this space, you may find it useful to speak to an industry peer, a mentor or your recruiter to help you determine which certifications are right for you.