October 21, 2021
Thinking about a career in cybersecurity? The US Bureau of Labor Statistics (BLS) shows that cybersecurity is one of the fastest-growing career areas nationally. The BLS predicts cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth, resulting in hiring premiums. Several career paths are available in cybersecurity, including software developer, network architect, cyber analyst, systems engineer, and systems administrator.
For more information about a career in cybersecurity, Dewpoint’s Chief Information Security Office, Don Cornish, answered these six questions to provide insight into his career path and day-to-day activities.
The move into security was an evolution from other IT roles that introduced me to the holistic view of IT from a client-user perspective. Starting in IT client support and moving into infrastructure, network, server, directory service, backup, and recovery enabled me to see the big picture security requires.
Always be prepared to learn and seek to understand how the business and the technology work. To be successful in security, you have to blend both of these areas. Security must partner with the business, with the focus on meeting clients’ needs while minimizing expense and managing risk. It becomes a balancing act to manage the risk that the organization is prepared to accept with the client and the organization’s needs.
Technical security certifications are good to have as this is one of the common ways that organizations determine the competency of a job applicant. ISC2, CompTIA, and others are commonly seen in the security space. Vendor certifications are also beneficial; however, they can limit mobility as you need to align with a company that uses that vendor’s products. They are better than nothing as the concepts and approaches used by the vendors are generally standards and industry-based, which means it is transferable between vendors.
Many research papers support the position that the vast majority of organizations are not prepared for a large-scale attack or business disruption. The US has various government and private sector organizations focused on awareness, limiting exposure, and the immediate steps to implement once an attack occurs.
It is a matter of continually reading industry papers, blogs, subscribing to the threat feeds, talking with peers and security vendors, attending conferences, and developing a network of people who are engaged in the security ecosystem. There are many sites across the web that are dedicated to sharing the latest news on compromise and attack methodologies. Government sites are also an excellent resource to subscribe to.
Trying to be aware of the threats coming at us all the time and from every angle. Getting people to understand their responsibilities and take those responsibilities seriously is a challenge. The weakest point in nearly all organizations is still people; technology plays a part. However, it cannot ensure that 100% of malicious attacks are prevented.
If you are interested in a cybersecurity career or IT career opportunities, contact Dewpoint, a “Cool Place to Work” for eight years in a row.