A Candidate’s Guide to Cybersecurity
Cybersecurity candidates are a must-have on the ‘to hire’ list for internal recruiters and HR departments in all manner of companies globally. There is an overwhelming skills gap and deficit of skilled workforce in this area which is threatening to magnify as time marches on. For men and women wishing to pursue a career in cybersecurity, there are key considerations to be mindful of as you move to penetrate this exciting job market.
Increasingly people are relying on the well-trodden route of higher education to gain a foothold in the industry. Security strategist, data privacy consultant and cyber defence advisor, Cameron Brown (@AnalyticalCyber) advises that while this is a “reasonable approach toward building a solid foundation of knowledge concerning security issues and key touchpoints of understanding, many post-graduate courses simply don’t offer comprehensive technical and practical insights about the business of cybersecurity.”
Brown advises that for those wanting to come into the industry and be hands-on, “it’s important to carefully evaluate those domains of information security which dovetail your capabilities and passion.” Using the popular penetration tester role as an example, Brown explains the importance of having a passion for examining the underpinnings of technology and how systems are connected which “can be like putting together a jigsaw and identifying pieces that don’t quite fit.” Having the ability to operate at the micro level and be diligent with attention to detail is fundamental. “One must be able to revel in the detail and then explode out of that granularity to generate bigger picture insights to add real value for clientele,” says Brown.
Working as a penetration tester however carries with it a certain ethical responsibility, as the need to adhere to the moral codes of conduct across the industry is intrinsic to your credibility, trustworthiness and effectiveness. Candidates coming from a coding background undoubtedly have an edge when applying for roles of this nature. Yet, Brown qualifies that in all areas of cybersecurity “you must strive to understand how systems work, and in order to do so, you simply must be a user of that technology.” Assessing the vulnerabilities in specific hardware, whether they belong to Cisco, Juniper or another tech corporation, is one facet of putting into action that understanding. The other looks at how people interact with technology products, systems and devices which they have at their disposal.
While a modicum of technical skills is indeed pertinent to any role in cybersecurity, so too is the skill of understanding people and human behaviour. “As a penetration tester you’re leveraging social engineering,” explains Brown, “and targeting people with an objective of exploiting their levels of access to move progressively further into an organization to capture information and gain control of systems.” Understanding the human condition and our primary drivers that are associated with age, gender, and habits are critical skills to have. As Brown notes, “it’s an area where there are multiple skillsets at play, with behavioural, psychological and emotional intelligence as deeply important as technical prowess.”
The ability to communicate effectively is as imperative as the plethora of hard technical skills for interrogating systems when working towards making business environments more resilient. Brown notes that those who are most successful in the cybersecurity space “clearly understand the need to distil fundamental issues into essential meaning for a broad cross-section of stakeholders that is relevant and comprehendible.” He also advises those new to the profession to “avoid spending time on technical nuts and bolts that are not relevant to the conversation you’re having or the audience that you’re addressing. Be straightforward in explaining the context, the problem and how you intend to fix it. The quicker you can crystallise the issue, the longer you’ll keep their attention and gain crucial support needed to put your solution into action.”
Returning to the subject of education, Brown encourages candidates to build on lessons learnt through all courses that they undertake. “It is ongoing self-education and willingness to learn that makes for an effective and engaging advocate or evangelist.” Furthermore, it is about adopting a realistic viewpoint regarding your expectations and following measured waypoints as you forge a career in cybersecurity. “Key is to have an open mind, like a parachute, and one which is strongly oriented towards learning,” says Brown. “Be incentivised to skill yourself in the craft or art of security rather than simply feathering your hat with titles and being solely motivated by remuneration.” It is important to take time to develop your understanding of cybersecurity issues which can be very complex, often involving a diverse array of information from disparate locations. “You should embrace the virtue of patience when seeking to understand how it all fits together so as not to miss key developmental phases in growing to your true potential. Spending those early days struggling with subject matter will set you up to win later,” says Brown. “If you skip this then you’re never going to gain those deeper technical insights needed for adding timely and actionable recommendations to future interlocutors.” Success in cybersecurity requires acceptance and adherence to the hierarchy of professional maturity, by taking it a step at a time to grow into a role that you enjoy and where your skills can make a real difference.