You Don't Need To Be A Hacker ...

Uploaded on 2018-08-13 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

You don't need to be a hacker to get a high-paying cybersecurity job. Many people might not realize they have skills that are transferable to this in-demand field.

This week in Las Vegas, some of the most talented cybersecurity minds have gathered to take part in two of the year's biggest hacker conferences, Blackhat and Defcon. 

The highlights of these conferences are often what can best be described as cyber magic tricks, where technicians show off their skills by proving how they can break into various devices, such as computers inside cars, voting machines and medical instruments.

These demonstrations may lead you to imagine that cybersecurity professionals need technical abilities. But there are many career paths in the increasingly high-demand and lucrative field, and some may require only small tweaks in skills and experience.

Corporations in the U.S. and globally are seeing a major shortage in qualified applicants for cybersecurity jobs, meaning more people with transferable skills will need to be trained into them. Today, the U.S. Department of Commerce estimates there are around 350,000 cybersecurity jobs currently unfilled in the U.S. Cybersecurity analytics and research company Cybersecurity Ventures released data that indicate 3.5 million cybersecurity jobs are likely to go unfilled globally by 2021, making this an excellent career path.

These jobs can pay exceptionally well, too. Top cybersecurity jobs, like chief information security officer — typically the highest-ranking cybersecurity employee in a company — often fetch salaries above $300,000 in top metropolitan areas such as Washington, D.C., New York and San Francisco, according to cybersecurity recruiting firm SilverBull. Salaries for cybersecurity staff range from $90,000 to more than $200,000 for more experienced employees, including jobs such as information risk managers and security engineers, according to career information company Glassdoor.

"I think we have perpetuated this myth that cybersecurity is based on this hacker stuff, sitting in a basement and only working on technical things," said Vyas Sekar, an associate professor of electrical and computer engineering at Carnegie Mellon's Cylab.

"In fact, it's those with an analytical mindset that can do very well in the cybersecurity field. The sort of basic computer science that is necessary can be taught later. It's maybe more useful to think of cybersecurity as solving a bunch of interesting puzzles."

Calling all cops, musicians and crossword enthusiasts

People with experience in project management, analytics and data science, technical writing, law, policy, third-party oversight, or physical security functions like law enforcement or military roles, may all be able to qualify for cybersecurity jobs by fine-tuning some critically needed skills, said Pete Metzger, a recruiter of c-suite cybersecurity professionals with consulting firm DHR International.

"The fact is that, because of the imbalance in the equation of supply and demand, these jobs have become not only hot but highly paid," said Metzger, who started his career in the Marine Corps and later served as a foreign intelligence officer with the Central Intelligence Agency.

Companies are looking for people who can help them "reshape" how they think about security, he said. Having the ability to "solve problems, having exceptionally well-tuned leadership skills and the ability to influence people in various lines of business," are critical to what corporations are seeking in cybersecurity executives and staff, he said.

In addition, companies are increasingly being asked to cooperate with one another, with government agencies or with international organizations to share information about threats and incoming attacks. Doing so involves carefully creating channels for sharing sometimes sensitive information and building trust between factions who might not traditionally get along. Those jobs require excellent relationship-management skills and the ability to help move partnerships forward, especially those that involve a mix of the public and private sectors, Metzger said.

People with experience quantifying risk have become particularly valuable, including accountants and data analysts, said Sekar. "It's a very broad landscape. There are aspects of psychology, being able to understand users and user behavior. There are aspects of strategy, for people with experience formulating business strategies," Sekar said.

He used the example of how British military officers in World War II used a timed crossword puzzle in a newspaper — not complex math problems — to try to find people well-suited for solving the encryption of Germany's code-generating Enigma machine.

"Some early solvers of encryption problems were linguists, not mathematicians. What is necessary or critical in cybersecurity is the ability to analyze, and the curiosity and the desire to understand how things work," he said.

Many cybersecurity job listings focus very little on technology qualifications: Chronicle, the new, secretive cybersecurity company launched by Alphabet in January, is recruiting for technical writers who can provide "a key link between engineers, UX, product, marketing, and customers." The job calls for some experience interpreting source code, but doesn't ask for a technical degree, instead focusing on people who have experience with "technical writing, product documentation, or online publishing, including experience with writing technical customer-facing materials."

Apple is recruiting for a security counsel to help aid in investigations of cyber intrusions, fraud and other breaches. The job requires a law degree. Three of the top skills required don't even mention technology, but instead ask for investigations experience "in a prosecutor's office, law enforcement agency or corporate environment" and "excellent diplomacy and communication skills."

Many companies require certifications in cybersecurity, and the CISSP, or Certified Information Systems Security Professional, is still the "gold standard," said Metzger. But he adds that even top cybersecurity executives have entered the field from leadership positions in IT and risk, only to get those critical cybersecurity certifications later. "The key is really having those strong leadership skills and the ability to communicate and put a price on how these issues could hurt the company financially," he said.

CNBC:

You Might Also Read:

The Five Most In-Demand Cybersecurity Roles

« Darktrace Discoveries Report 2018
How Hackers Target Critical Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Secure Identity Alliance (SIA)

Secure Identity Alliance (SIA)

The Secure Identity Alliance is dedicated to supporting sustainable worldwide economic growth and prosperity through the development of trusted digital identities and the adoption of secure eServices.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

AntemetA

AntemetA

AntemetA specializes in network infrastructure, security and cloud computing, helping companies transform their Information Systems.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Sky Republic

Sky Republic

Sky Republic offers a Smart Contract Platform to integrate and synchronize business networks beyond EDI and API.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

At RIT’s Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Ballistic Ventures

Ballistic Ventures

Ballistic Ventures is a new kind of venture capital firm, built by and for cybersecurity entrepreneurs and investors.

Axient

Axient

Axient advances defense and civilian missions from aerospace to cyberspace with multi-domain test and analysis, mission engineering and operations, and advanced technologies.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.