A job in cybersecurity could be for you
Cyberthreats like ransomware grow by the day, and with a half-million open cybersecurity jobs, the need for new recruits into the profession is high.
There are a lot of unfilled jobs right now, but it’s possible none may be as important as those in the cybersecurity industry.
The cyber skills gap remains prevalent with almost 500,000 open cybersecurity positions in the U.S. alone, according to CompTIA. Providing cybersecurity professionals with the tools they need to stay up to date with threats, practice skills in realistic environments, and progress their careers is an essential step to close this persistent skills gap.
“The cybersecurity skill shortage puts both businesses and individuals at risk due to the nature of how cyberthreats emerge and persist,” says Jack Koziol, CEO and founder of Madison-based Infosec Institute.
To illustrate, Koziol says consider the ripple effect that follows a major security incident — especially in terms of supply chain compromise. With so many interconnected systems and databases, attackers benefit from individual incidents by using leaked data to build a broader dataset on future targets.
“In cybersecurity, we call this the attack surface,” Koziol explains. “For example, if I know an executive’s email and Outlook password, I might later learn those same credentials were used to create the executive’s LinkedIn account. If I then gain access to that same executive’s LinkedIn, I could use the platform to message others in the business and gain access to otherwise protected systems or information.
“In the case of supply chain compromise like what we saw with the SolarWinds attack, attackers can leverage trusted relationships with business partners to gain access to protected information and, in some cases, shut down access to critical systems,” continues Koziol. “Even at companies with well-staffed and highly skilled cyber teams, a compromised third-party vendor can cause major disruptions in service. It’s for this reason that organizations, government agencies, and educators should work together to encourage more talent to join the cybersecurity industry while also working hard to upskill and retain existing employees.”
Most small business owners agree that cybersecurity is important but investing into this area is rarely an urgent priority until it’s too late. As such, small businesses are often the hardest hit organizations by cybercriminals for this reason. Koziol acknowledges that allocating small business budgets and resources demands tradeoffs between the important and urgent needs of the organization.
“To best assess how to limit business risk from a cyberattack, we recommend a basic risk assessment to uncover simple, low-cost ways organizations can mitigate risk and reduce their attack surface,” Koziol advises. “Both unfortunately and fortunately, many of the cyberattacks we see in the news could have been prevented with basic countermeasures like employee security awareness training, software patching, and enabling tools like multifactor authentication (MFA). None of these efforts require cybersecurity talent to implement effectively.”
Small businesses that cannot afford a security FTE or consultant can also work with organizations like the Cybersecurity & Infrastructure Security Agency (CISA), which works hard to bring low- and no-cost cybersecurity resources to the small business community.
Filling cybersecurity roles
Koziol notes we’re fortunate to live in a time where there are many opportunities and resources to help individuals upskill or reskill into a cybersecurity career. Resources range from free to premium offerings and everything in between. The challenge is that more is not always better — and many cyber pros struggle to identify what they should study now and what they should learn next.
At Infosec, Koziol took everything learned from over 16 years in the cyber education industry to build an accessible, affordable, hands-on learning platform to help cyber professionals learn by doing — how, when, and where they learn best. This interactive training experience means cyber pros can learn more in less time. “Most clients we work with today recommend cyber professionals spend around four hours each month learning something new or enhancing existing skills,” says Koziol.
Infosec offers its own Infosec Skills cyber range, a scalable training platform where cyber professionals can upskill and reskill inside the operating environments they encounter on the job. But it’s not just upskilling and reskilling that’s necessary to fill new and open jobs within the cybersecurity profession. People looking at a possible career change may also have what it takes.
“If you’re looking to make a career move, there’s never been a better time to consider a career in cybersecurity,” Koziol says. “Many of the clients we work with either have or are in the process of implementing cyber reskilling programs for existing employees. The best advice I can give those considering a career move into cybersecurity is to first consult their existing employer. If you work for a mid-market or enterprise-size organization, you might be surprised to learn these types of initiatives already exist. Reskilling existing employees into cyber roles who are already familiar with the business model is a major advantage.”
Next, Koziol recommends looking into scholarship opportunities for those seeking a career in cybersecurity. The Infosec Accelerate Scholarship Program is just one of many opportunities for those pursuing a career in cybersecurity to unlock access to free cybersecurity skill and certification preparation resources. Twelve lifetime scholarships are awarded each year.
“If you’re just starting to explore cyber career opportunities, take a look at the NICE Cybersecurity Workforce Framework for Cybersecurity to gain a better understanding of the broad set of roles and responsibilities in the cybersecurity industry,” adds Koziol. “You might be surprised to learn that cybersecurity is about much more than hacking and coding — a diverse team with varied experience is often better equipped to outsmart the cybercriminal.”
Koziol says one of the best resources to help those considering a career in cybersecurity is the Cybersecurity Career Pathway tool from Cyber Seek. Using this tool, job seekers can explore a variety of cyber career entry points and pathways, including job openings and salary statistics within the U.S. Many cybersecurity roles can be done remotely, and this is often a benefit for those transitioning into the industry.
Point of no return
We’ve all heard predictions related to climate change, that “if something isn’t done to alter our global carbon footprint by (insert year here), then we’ll reach a tipping point from which there is no return.” But is there a risk of a similar tipping point when it comes to cyberthreats? According to Koziol, yes, there is, and we’ve already reached it.
“In security, we live by the rule of ‘zero trust.’ What this essentially means is if you’ve shared any personal information online, you should assume it’s been compromised. It also means that businesses and individuals should do everything they can to secure their own systems and data. While this might seem alarming, it’s not all bad news.
“New technologies like blockchain are emerging to replace traditional and often compromised identification and verification methods like Social Security numbers,” says Koziol. “The best thing any individual or business can do right now to protect themselves from future cyberattacks is to limit the amount of personal information they collect and share with others and to do everything they can to protect the information they do share online. This includes enabling MFA on all accounts, using a password manager, and keeping software and apps up to date.”
Click here to sign up for the free IB Ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.