Cybersecurity: What it Takes to Make a Career

Government, Private Sector Both Have Needs for Trained Professionals What's the difference between cybersecurity and information security? It's in the eye of the beholder, according to retired Lt. Gen. Harry Raduege, who co-chaired the Commission on Cybersecurity for the 44th Presidency. He noted that the two terms are used synonymously, though cybersecurity - at least in the federal government arena -- includes the nation's critical IT infrastructure. But the bottom line is that cybersecurity means protecting IT systems from harm.

Where are the Jobs?

Most of the cybersecurity jobs within government fall in the category of computer specialist, information technology officer, Information technology specialist, assistant chief security officer etc. These jobs are available with various government agencies and departments including Department of Homeland Security, Federal Bureau of Investigation (FBI), Department of Transportation and Federal Aviation and US Army.

Within businesses, the cybersecurity positions available are cybersecurity analyst, research scientist, engineer, senior information security specialist. Most of these jobs are available with government contractors, scientific research laboratories, security consulting firms and IT and security vendor companies.

The common theme of most of these positions is to defend the nation through the development and utilization of cutting-edge systems, procedures, and technologies to prevent future terrorist attacks.

Importance of Cybersecurity:

Technology and the internet are touching every part of our lives. "So much information we deal with is available through the internet that keeping it secure at all times, upholding the very principles of information security: integrity, availability and confidentiality has become challenging," says Brian Schultz, Senior Director of the Cybersecurity Practice within the National Security Division of the Battelle Memorial Institute.

Again, the rise in Internet and e-business security threats on computer and other telecommunication devices and increasing opportunities for cyber terrorism, espionage, fraud, theft and the misuse of personal, classified and financial data, all have contributed to the significant growth of cyber security in recent times, making it a top choice for career seekers today.

Cybersecurity Need:

The greatest cybersecurity need in government and business include "the requirement for cybersecurity professionals who are both educated and trained," says Lawrence Rogers, a senior member of the technical staff in the Carnegie Mellon University's Software Engineering Institute, CERT Program.

Education is more thinking-oriented, placing emphasis on the fundamental principles of cybersecurity and its associated processes, while training is more "doing or action" oriented focusing on technology and operation. A successful professional in cybersecurity needs:

A solid education background upon which good technology command can be layered by means of continuous training;

The ability to connect the technology with the business, ensuring cybersecurity as an enabler of business. Practitioners need to understand that the computer system and networks are there for the business to be successful.

Role and Background:

A strong background in network and system administration is strongly recommended by experts to be successful, "as 80% of the risk in cybersecurity lies in the network itself," adds Schultz.

A thorough knowledge and experience of working with networks, routers and firewall is a base standard for getting into cybersecurity. For example, the practitioner should be able to evaluate and assess capabilities of new technology related to system and networks.

The system administration role needs to evolve to address security issues such as:

Intrusion detection monitoring,
Identifying vulnerabilities,
Conducting penetration testing,
Shaping security policies for an organization in addition to,
Understanding the compliance with regulations and security laws and
How security relates to technology.

"The role of cybersecurity involves dealing with a lot of characteristics from the risk management arena," adds Rogers. Individuals need to constantly know what are the threats, controls to existing systems, networks and understand the business implication of operating technology.

Must-have skill set includes:

Good academic background: including a bachelor or an associate degree in Information assurance or computer science. A grounded focus in technology and common body of knowledge within security is essential in understanding the fundamentals of cybersecurity issues and in identifying the right solutions to these problems, indicates Prof. Danielle M. Zeedick, Program Director for Bachelors degree in Information Assurance, Norwich University. "Education is National Security."

Thinking is crucial: cyber security professionals should "dig deeply into a problem and understand the root causes so that they can match the correct technology to the problem, this means that their thinking is necessary and crucial," says Rogers.

Technology Skills: professionals need to constantly work with operating technologies including installation, configuration, deployment, experimentation and maintenance. They need to be inventive and challenge themselves technically and think outside the box to resolve issues. "Professionals should have out of the job interest in technology and evolvement within the organization that shows intensity of interest and demonstrates passion for creatively applying technology to issues," says Shultz.

Business and soft skills: practitioners need a well rounded personality to be articulate and communicate the business ramifications of technology to team members. They need to be developing security policies and plans and working with applicable regulations and security laws which require them to have business and management expertise, mentions Rogers.

Certification & Association: experts suggest taking up the certified information systems security professionals (CISSP) certification, which lays a good foundation for a practitioner and enhances their technical experience and knowledge in different security domains which is critical in understanding issues stemming from various areas within security. Again, professionals should invest in being affiliated with security associations which offers them a place to network and learn by interacting with peers and discussing issues openly with members.

Typical Career Path:

From a system or network administrator, the role evolves to security engineering, leading individuals to upper management positions including chief security officer, director of operations and security. Also individuals can choose to grow and specialize within policy and governance. "Cybersecurity is the foundation upon which business and technology develops," says Prof. Zeedick. "Professionals have good career growth avenues once they enter the field."

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.