Where to work in cybersecurity: well rewarded positions and useful skills for your career
Andrey Evdokimov, Head of Information Security, Kaspersky outlines various roles in the cybersector industry
A lack of talent is a constant challenge in cybersecurity, with a gap of almost three million positions in the industry workforce globally. This is combined with a growing demand for cyber-protection across any organization, in any industry. Digitalization, sensitive data, and privacy are the new technology vectors creating demand for defined technical specialists, along with management, CISOs, and new cross-functional experts.
As a company operating in the cybersecurity field, we have great visibility over this skills gap. Along with our own internal experience, Kaspersky surveyed CISOs in many countries and found that a third of them have trouble with recruiting skilled cybersecurity professionals.
Behind technology there are always humans, so any technology or cybersecurity tool used in business is impossible to apply without professionals. I don’t think the problem is a lack of talent or promising young people who are aspiring to work in cybersecurity. Instead, a lot of the roles that need new talent are in areas that remain unseen and therefore under-employed. To seize the moment, those looking to have a career in cybersecurity should know which specialization to choose and what skills to develop.
That’s why I want to share some advice for these people and highlight professions in which the shortage of personnel is most pronounced, as we have found at Kaspersky and across the industry.
Law and cybersecurity
This specialization has become more and more appealing and covers data protection and privacy, compliance and data protection legislation — the interdisciplinary field of cybersecurity and law. Specialists who work as privacy officers and data protection officers should be equally skilled in law and cybersecurity technology to help companies organize digital data storage, processing, and protection in accordance with legislation.
The problem is that most of specialists working in this area are more skilled in law than technology. For example, data protection officers know the theory very well, they can inform a company about how data processing and protection should be organized, but they can’t say how to do it technically. This means they are speaking with IT specialists and staff that talk a different language.
That’s why professionals in computer law have quite a good salary in the IT security market. For example, an average compliance and data protection officer earns around $80,000 according to PayScale or Glassdoor; while privacy officers can earn an average $113,233 per year. The demand for them will increase in dedicated areas of technology such as IoT, as these solutions and services begin to require privacy and personal data regulation.
Looking at more technology-oriented positions, we can examine the need for cybersecurity architects. This is a well-known profession that nevertheless is still difficult to recruit for. Companies try to find experts who can see the whole picture and connect all the pieces of cybersecurity architecture in one working mechanism. These specialists should know enough about all aspects of cybersecurity in a company, whether it is endpoint protection or anti-targeted attack mechanism.
They may not need to be as thoroughly versed as dedicated experts, but they do need enough knowledge to build proper protection systems. This demands expert knowledge and having a complex overall view on how the different parts of infrastructure work together, as well as having strong management skills. As well as computer law, the role of an IT security architect is a very well rewarded job, with Payscale estimating the average salary to be about $122,668.
Big data analysis
Cybersecurity architects, as well as security managers of different levels are required in many companies. There are also more exclusive defined specializations, where there aren’t as many workplaces needing their skills but there is still a lack of qualified people. One of them is the role of a big data analyst, who can build mathematical models for anomaly detection based on big data analysis. They are required in companies where an advanced level of cyber-protection is required, as well as in organizations offering specific cybersecurity services, such as system integrators or cybersecurity vendors.
In fact, big data analysis and math modeling are used in many verticals such as e-commerce, any kind of digital services, and banks — essentially, any areas where data about user behavior and events is accumulated. In cybersecurity, big data helps detect anomalies in the behavior of different objects among constant white noise, and creates algorithms describing actions required in case of anomalies. Specialists should have very strong analytical, mathematical, statistical and modeling skills, as well as a deep knowledge of cyberthreats and attacks. The benefits are also welcome — $117,345 is the average salary for a data science analyst in cybersecurity.
Old positions and new skills
More traditional and common specializations are worth mentioning because there is still room for improvement and opportunities to be taken advantage of.In security operation centers (SOC), there is always a demand for employees but the requirements are changing. Detection and response have come to replace the threat prevention paradigm. It has become clear that it is impossible to prevent 100% of attacks and breaches. Instead, companies need to be able to track them as early as possible, minimize their consequences, and survive in conditions that are constantly changing in which they could struggle.
Accordingly, SOCs need specialists who are able to detect threats and know what to do beyond the initial detection, who not only monitor, but also create detection rules, can decompose any attack or incorrect user behavior into an algorithm for detecting such events.
Technical skills can also be improved, along with management. It is often the case that managers in cybersecurity lack soft skills such as communication, leadership, effective negotiation, business sense and knowledge of the business’s specific targets or industry. The problem of the communication skills gap among cybersecurity graduates is noticed by 70% of IT decision makers.
Managers of any level in cybersecurity should be able to organize their department’s work to meet the business’s cybersecurity demands, and not just having security for the sake of it. They also should talk with the rest of business in the same language and be able to persuade people in other departments, across the organization, when necessary. Interestingly, leadership skills are still not what cybersecurity professionals consider as a priority – even in top management positions. In the same CISO survey in 2018, we found that only two percent of them put leadership as one of the top three skills to be a successful CISO.
Sources of knowledge and experience
New jobs in cybersecurity appear in a mixture of disciplines or require a fairly deep knowledge in various fields. University programs in such areas remain limited and academic, so self-education is key for current and aspiring cybersecurity specialists.
Students in particular need to choose the area in which they want to develop and learn the necessary subjects and skills. When they start working, it is important to not get stuck in a routine which could lead to burnout. At the beginning of a career, the routine is almost inevitable, but a specialist can take it upon themselves to be proactive, as well as work on new tasks and self-development. Fortunately, there are plenty of educational materials, sources, communities that help specialists improve their knowledge and learn something new.
An employer can also assist in skills development. Many companies, especially IT vendors, for whom cybersecurity issues are very serious, are investing in additional education, training, and staff development. The important thing here for employees is to understand priorities and choose the direction in which you want to develop. Then you can build a career, improve and demonstrate skills, so they are visible behind the dry severity of daily routine tasks.