Cyber-attacks have surged during the pandemic, but companies are still suffering from a huge shortage of cybersecurity professionals. In a recent survey of over 300 cybersecurity employees, over 70% of organisations reported a shortage of qualified professionals, and 45% said that this issue had gotten worse in recent years. This issue has been recognised by the UK government, which has launched several initiatives to close the cybersecurity skills gap, such as the National Cyber Security Strategy.
Many people believe that a computer science degree is essential for a career in cybersecurity. While this is one excellent option, particularly for learning the technical skills, it isn’t the only one. Due to the skills gap, people from a wide range of backgrounds are being actively encouraged to enter cybersecurity. Many organisations value alternative routes, as it can equip employees with a unique mindset and approach towards problem-solving. For example, someone with a psychology background may be better able to understand both potential attackers and the digital users they are trying to protect. A passion to learn how technology (and people) works is vital, as it shows a willingness to continue evolving with the field.
Finally, cybersecurity is a relatively young and fast-moving industry, meaning that there are a variety of technical and non-technical (such as leadership and communication) roles available — your perfect role might not even exist yet!
So, how can you get started?
First, research the industry to identify a sub-area. Do you want to work as a cybersecurity engineer, an ethical hacker, a security administrator or a SOC analyst? The NICCS publish a fantastic framework which aims to establish a common taxonomy to categorise cybersecurity work. To get a feel for each sub-area, find those already working in the field on social media such as LinkedIn and Twitter — this can provide invaluable insight into what your day-to-day life might be like and the ‘unofficial’ qualifications that are highly regarded in the field.
There are several well-respectedonline certifications to get you started in your career. For example, CompTIA is a popular entry-level IT certification and CCNA Security teaches you how to keep networks secure. For the more technical cybersecurity roles, practical experience is vital. Therefore, it’s important to identify a learning platform that provides you with lab access where you can gain hands-on experience. For example, Offensive Security provides an online course and virtual lab for those wanting to gain ethical hacking and penetration testing skills. It’s known for being tough but passing the 24-hour exam will earn you the OSCP certification, which is well regarded in the industry.
If you’re a little more experienced, then ‘Bug Bounty Hunting’ might be for you. This involves finding and reporting flaws in an organisation’s computer software and/or web applications. Identifying bugs can earn you both professional recognition and compensation. It’s also a great way to practice your skills — many bug hunters start by studying Hacktivity, which details vulnerability reports after an issue has been resolved.
Finally, think like the enemy. Security and privacy guru, Lance Cottrell, said that a good cybersecurity professional can put ‘themselves in the shoes of the attacker and look at the network as the enemy would look at the network and then think about how to protect it.’ MITRE ATT&CKis a free online knowledge base which details adversary tactics and techniques based on real-world cases — it’s quickly becoming the go-to resource to understand the mind of a cyber-criminal.
Hopefully, this has given you a few ideas on how to pursue a cyber-security career. It’s a fantastic and varied industry, and if you’re excited by the prospect of working in the field, now is the perfect time to get started.