BY Anastasia GlyadkovskayaJuly 12, 2022, 7:26 PM
A “Cyber Security” sign is displayed in the window of a computer store, as seen in December 2020, in Arlington, Virginia. (Photo by Olivier Douliery—AFP/Getty Images)
Although cybersecurity is a relatively new field, its popularity and demand are growing. In fact, cybersecurity is among the 20 fastest growing professions, with over half a million openings in the United States.
And this demand is not expected to go away anytime soon. “Security has become more and more important every year and there is so much work to do,” says Kunal Anand, CTO of Imperva, a cybersecurity company.
Although the role of a cybersecurity specialist can seem technically daunting, it can involve much more than programming. In fact, some cybersecurity roles don’t require a computer background and can still help make meaningful business decisions.
If you’re considering a career in cybersecurity, here’s a step-by-step guide to becoming a specialist:
- Get training
- Find hands-on experience opportunities
- Follow a certification
- Determine your specialty
- Demonstrate that you are a critical thinker
1. Get training
The good news is that there is no one-size-fits-all training path to becoming a cybersecurity specialty; you have options. You can choose to get an undergraduate or graduate degree in cybersecurity or a related field like computer science, but you can also get an industry certification instead, or even go the graduate route. self-taught.
At a minimum, everyone should know the basics of computers and understand how to secure them, says Mutaque Ahamad, a professor at Georgia Tech University’s School of Cybersecurity and Privacy.
“You have to understand the technology to be able to secure it,” says Ahamad. “In the context of cybersecurity, these are networks, computers and software.” However, for some (but not all) master’s program tracks, you might need an undergraduate degree in computer science or engineering. Some of the best programs include Georgia Tech, New York University, Stanford University, Carnegie Mellon University, and University of California, Berkeley.
But be careful not to choose an academic program solely for its brand name; the school should have some level of specialization in cybersecurity.
2. Find hands-on experience opportunities
Practical skills are essential and some academic programs risk being too theoretical. Increasingly, however, universities are incorporating either industry certification or internships into their curricula.
“If they don’t add that practical element to it, they’re doing their students a disservice,” warns Rob Rashotte, vice president of Global Training & Technical Field Enablement at cybersecurity company Fortinet.
And more than a degree per se, recruiters want to see that candidates for cybersecurity roles have gained hands-on experience along the way, whether in school or in a previous job.
“The best thing is to find someone who has a four-year degree, or maybe worked in a company for a few years, who has demonstrated their abilities through source code,” says Anand, who helps to make hiring decisions at Imperva. This means having a GitHub profile or another repository to show what you’ve built and how you think. Strong and competitive candidates are intellectually curious and have built their own projects. “That kind of thought leadership, you want to see it,” adds Anand.
3. Pursue certification
Certifications are a great alternative for those not looking to go to school. They can be generalized, such as those proposed by the Computing Technology Industry Association (CompTIA). Or they may be vendor-specific, such as those offered by IBM.
Fortinet offers more than 900 hours of free cybersecurity training courses, Rashotte says, as well as a tiered certification program. Getting certified “really mitigates the risk for hiring managers” since those skills have been validated by a third party, he adds. “That can really say a lot on a CV.”
Even for vendor-specific certifications, many skills are transferable, so don’t worry about being typecast.
4. Determine your specialty
It can be difficult to determine which area of cybersecurity to specialize in.
As for the domain, “there’s a lot of expanse,” notes Anand. When you’re just starting out, you’ll probably be a generalist. But as you progress through your career, recruiters like Anand prefer to “see some sort of theme.” Maybe it’s app and data security, or maybe you care about mobile and backend security. Being passionate about an area will show recruiters that you can make an impact there. It’s a competitive advantage.
A useful guide is the Cybersecurity Workforce Framework developed by the National Initiative for Cybersecurity Education (NICE), part of the National Institute of Standards and Technology. This framework categorizes various specialty areas and can be used to learn more about various specialty areas within cybersecurity.
5. Demonstrate that you are a critical thinker
Hiring managers are looking for candidates with a fighter mentality who care about people’s safety “because it touches on everything,” Anand says. Even people who are not trained in cybersecurity have a chance of landing a job if they demonstrate the motivation to learn.
“That’s a big part of what I think about cybersecurity: being diligent, going against the grain to get ahead and outmaneuver attackers,” Anand says.
Strong thinkers are more likely to be hired despite an atypical background. Two years ago, Anand tried his luck with a candidate with a doctorate. in criminology to take on the role of Cyber Threat Manager at Imperva.
“I hired her because I wanted to change the way we think about security,” says Anand. “I personally look for exceptional thinkers.” This employee has since been promoted, he adds.
“It really comes down to their ability to work with people, their ability to solve problems,” echoes Rashotte, “and their ability to solve customer problems at an enterprise level.”