Cybersecurity jobs are plentiful, from government, financial services and utilities to manufacturing and retail. But what skills do IT professionals need to qualify for these high-paying jobs?
1. Get certified.
Security-related certifications are a prerequisite for most commercial cybersecurity jobs and all defense-related IT security jobs. These credentials range from basic CompTIA Security+ to the gold standard ISC2 Certified Information Systems Security Professional (CISSP).
"There are a lot of security certifications that are very well accepted and are extremely beneficial to the individual," says Jacob Braun, president and COO of Waka Digital Media, a Boston-based IT security consultancy. "They demonstrate a body of knowledge and experience... Some of those certifications are more than written exams. They have some practical components, which are an additional hurdle to achieve."
"I like to see the CISSP," says Dave Frymier, Unisys CISO. "Somebody who has the CISSP has passed a pretty comprehensive test and is likely to share terminology with you so you can make sure you are both talking about the same things."
2. Join the military or the feds.
Most companies prefer to hire cybersecurity experts with experience in the U.S. military or law enforcement agencies.
"It's not a requirement, but it helps," Braun says. "Often times, you'll find an individual who is coming from the military or a federal government agency who has received a variety of cybersecurity training that is not yet attainable in the commercial realm."
"Military experience is good to see," Frymier says. "In fact, the security director that we hired last year is ex-military intelligence. The ability to use these [security information and event management] systems and track down persistent threats are skills more closely aligned with the intelligence community than with the IT community."
Verizon has members of its security breach investigation team with military intelligence and law enforcement experience. "The law enforcement are great at interviews... If it's an inside job, they can usually spot the guilty party," Sartin says. "The military people are more process oriented."
3. Learn SAML.
The issue of information security, identity and access management in the cloud is a major concern for CIOs, who are deploying software-as-a-service applications such as Salesforce and Concur to complement their enterprise applications. They are looking for employees who understand how to extend their directory services to control access to cloud applications.
One specific skill related to cloud security that's in demand: SAML. The Security Assertion Markup Language is an emerging standard that allows enterprises to extend their directory, authentication and identity management systems into cloud-based applications.
4. Master mobile security.
As more organizations adopt Bring Your Own Device policies, they are facing a host of challenges including how to secure information stored on a range of devices that they don't own.
Mobile device management "is a sweet spot for me," Frymier says. "I'm the executive of interest for our consumerization effort because it has such security aspects to it.... We have a Bring Your Own Device program, and now 4,000 employees have their own iOS devices. We have got them set up in a way that's secure using Microsoft ActiveSync."
Unisys also is focusing on security in its mobile application development efforts.
"The people who understand mobility at a very deep level tend to be very young, often right out of college. What we find is that we need to pair them up with more senior people who understand backend systems," Frymier says. "You have all of these sexy streams of data on mobile apps. You need to understand how it gets in and how it gets out and how authentication is done and who has access to it."
5. Learn to analyze data.
Cybersecurity pros are masters at finding needles in haystacks. They need to deal with huge volumes of data gathered by security devices and find anomalies that indicate security breaches are occurring.
"One area where we see a skill gap is in general log monitoring," Sartin says. "Everyone seems to have someone who is responsible for monitoring logs, but these people don't have enough experience. They look at endless amounts of data, and they don't find the evidence of the SQL injection," which is the most common type of security breach.
IT professionals need to brush up on their ability to analyze log monitoring data and find important trends.
"Cybersecurity experts need to understand and analyze the trends in the log data to find anomalies and other signs of security breaches," Braun says. "They need to understand how data comes in and leaves an organization and how it should be handled. They need to understand how partner organizations work and competitive organizations work, so they're in the best position to identify when something is malicious or a threat."
The best way to protect your Networks is to have certified IT Security Pros on your team.
Atlanta Cyber Security Jobs
- ATG Security Receptionist XY $16.00 Full time shift (Mon-Fri) *Flight Privileges Offered*
- Corporate Information Cyber Security Engineer I
- Systems Engineer-Cybersecurity
- Information Security Risk and Compliance
- Information Systems and Technology focus Analysts
Chicago Cyber Security Jobs
- Cyber Threat Analyst
- Security Analyst (Systems Engineer – Security)
- Cyber Risk Analysis Intern (Full or Part-Time)
- Information Systems Cybersecurity Engineer
- 3019 - INFORMATION SECURITY ANALYST FEATURED
Dallas Cyber Security Jobs
- Information Technology Analyst, Senior (Dallas Fire & Rescue Technology Support)
- Information Technology Engineer, Senior (Security/McAfee)
- Security Operations Center (SOC) Threat Analyst (Level 1) Assistant Vice President - Irving, TX
- Career Opportunities at Check Point, Nationwide
- Information Security Associate - Insider Threat Analyst
Houston Cyber Security Jobs
- Information Security Business Analyst
- Risk Analyst
- Information Security Analyst II
- Cyber Threat Intelligence Specialist
- Special Agent
Los Angeles Cyber Security Jobs
- Summer Intern - Cybersecurity
- Cyber Security Engineer
- Information Security Analyst
- Intern Risk Analyst
- Cyber Cryptography Systems Engineer
New York Cyber Security Jobs
- Information Security Analyst
- Corporate Risk Analyst
- Security Risk Advisory, Analyst
- Information Security / Junior Staff
- Deputy Superintendent of Cybersecurity Supervision
San Diego Cyber Security Jobs
- Staff Security Business Analyst
- 7149 Information Security Analyst
- Solutions Architect, Information Security
- Cyber Security Engineer- San Diego, CA or Boulder, CO
- Cybersecurity Incident Response Analyst
Washington Cyber Security Jobs
- Cyber Security Opportunities - All Levels
- CYBERSECURITY CHANGE AND RISK ANALYST
- Cybersecurity Risk Analyst / Security Controls Assessor
- Graduate Studies Program - Intelligence Analyst
- Information Systems Security Officer (ISSO)