There are numerous subspecialties within the booming cybersecurity field[i]. Here are some of the most in-demand professions:
Cybersecurity Engineer: This is the all-around, jack-of-all-trades, go-to guy or gal of cybersecurity. For all intents and purposes, a cybersecurity engineer is a hacker – but a good one. Using their advanced knowledge of malware, viruses, theft, DDoS attacks and other digital threats, cybersecurity engineers defend organizations against crime online. Personality traits required for this role include being flexible, nimble and a do-it-yourselfer. Candidates also must have:
- A good background in penetration testing.
- Experience with additional online security measures.
- On-the-job experience, which is an absolute must for this position.
Malware Analyst: If you choose to specialize, working as a malware analyst is like being an oncologist fighting cancer. There’s research, removal or treatment, and it’s up to you to decide how to apply your training.
With millions of types of malware on PCs, Macs and even mobile devices there’s a significant shortage of experts in this highly in-demand field. Responsibilities include:
- Identifying and fighting viruses, worms and Trojan attacks.
- Educating companies about malicious software.
- Analyzing malware inside and out.
- Developing tactics to help prevent future attacks.
Application Security Administrator: Back in the days of desktop computing, the only means of compromising data were to insert a contaminated floppy disk into a PC or open an infected email attachment. We’ll call this the “anti-virus era.”
Next came the “network security era.” The need for cybersecurity evolved with the Internet as more companies developed internal and external networks.
Information security has evolved yet again. Today, we live in the “application security era.” The demand for application security administrators is nearly limitless. The job includes:
- Performing application security reviews, looking for potential weaknesses.
- Writing testing code for applications.
- Ensuring a company’s applications comply with the minimum standards for security.
- Ensuring that any applications that the company uses conform to the minimum standards for privacy.
Chief Information Security Officer (CISO): CISO is the top position managers in the field of cybersecurity work toward achieving. Prospective candidates should take a multifaceted approach to cyber education with courses in business fundamentals. Responsibilities might include:
- Monitoring the efficacy of security operations.
- Preparing a company to fight cyber attacks.
- Designing strategies to oppose imminent threats as well as threats in their early stages.
- Looking for cyber intrusions.
- Analyzing the company for possible holes in its network.
- Managing other security personnel.
Security Consultant: It’s tough to land a 9-5 job as a security consultant, but this is one of the most gratifying positions one can pursue when engaged in the diverse and rapidly changing world of cybersecurity.
Consultants come in two flavors: they have a knack for solving problems in a particular niche, or they have accumulated knowledge of multiple systems over the course of their career. Security consultants are expected to:
- Work with companies to come up with security tactics that align with the company’s particular needs.
- Possess knowledge about security standards, systems, etc.
- Have superb communication and management skills, as the security consultant will need to interface with management and know the company’s corporate policies.
- Test security measures that they’ve recommended.
When choosing a specialty keep a few things in mind. Try to choose one that can compliment another in the event you decide to make a change. Research how much training and education in time and money might be needed. Are there certifications that need to be re-qualified for and how often? Consider the dynamics of the specialty such as will you be working with individuals, teams, or by yourself. Will there be travel involved? Does it require overtime or is it a straight 40 hour a week job?
No matter what you choose, follow your heart.
I’m compensated by University of Phoenix for this blog. As always, all thoughts and opinions are my own.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- The Growing Demand for Cybersecurity Professionals
Cybersecurity professionals are always in demand[i]. Threats to intellectual property and sensitive data constantly evolve with technology, which means a security professional’s job is never done. There’s always another security problem to solve. Consider the recent proliferation of cyber attacks: it’s become easier and easier for a small group of people to compromise vast networks of
- Cybersecurity Insurance still Requires Cybersecurity
OpenSSL vulnerabilities are sticking around for a while. In fact, recently two new ones were announced: One allows criminals to run an arbitrary code on a vulnerable computer/device, and the other allows man-in-the-middle attacks. A more famous openSSL vulnerability that made headlines earlier this year is the Heartbleed bug. Might cybersecurity insurance be a viable solution?
- Sales Staff Targeted by Cyber Criminals
Companies that cut corners by giving cybersecurity training only to their technical staff and the “big wigs” are throwing out the welcome mat to hackers. Cyber criminals know that the ripe fruit to pick is a company’s sales staff. Often, the sales personnel are clueless about the No. 1 way that hackers “get in”: the
- Businesses struggling to keep up with latest wave of malware attacks
Companies have been struggling for years to keep cyber-attacks at bay. Cyberthieves are working faster than ever before to send out their malicious attacks, and it’s become increasingly difficult for companies to keep up. CNN reports that almost one million malware strains are released every day. In 2014, more than 300 million new types of malicious
- UL to launch Cybersecurity Cert
UL in this case stands for Underwriters Laboratories. An article on darkreading.com notes that a UL official, Maarten Bron, says that they are taking part in the U.S. government’s plan to promote security certification standards. The U.S. government is interested in developing a UL-type program directed at computers and smartphones. This initiative will encourage the private