The demand for trained, certified, and skilled cybersecurity professionals is at an all-time high. According to the "2022 Cybersecurity Skills Gap" report from Fortinet, 76% of company boards recommended increasing the security headcount to combat the alarming increase in the number of breaches and cyberattacks and to counter the rising cost of breaches. This represents a significant opportunity for skilled cybersecurity professionals and those looking to get into the industry.
But how do you know if a cybersecurity career is right for you, and what can you expect from such a career? We sat down with Christopher Hills, BeyondTrust’s Chief Security Strategist, to find out.
1. What different kinds of cybersecurity jobs are out there?
Chris: The cybersecurity industry over the last 15+ years has really taken on its own form of modernization. Similar to companies “Digitally Transforming,” cybersecurity has grown and will continue to grow far beyond the career opportunities we have today. Even now, cybersecurity can easily mean something different to every person. I could write an entire book on how cybersecurity gets broken down into various disciplines, but instead I will keep this a short list.
For career seekers and those thinking about cybersecurity as a profession, I try to guide them down a path, one that allows for growth from a technical standpoint as they progress along the way to their desired future profession. Ideally, this starts by looking at the bigger picture and deciding what side you want to work for:
- A cybersecurity provider
- A cybersecurity vendor
- An end user/business.
While some may think this is a trivial question, it is one that could pave different paths for the future.
Once you’ve established that bigger-picture goal, it’s time to consider your interests and skills. Some people are very technical, while others thrive in technical management. Some might be hardware focused versus software focused. You could be in technical sales or a sales engineer, a technical writer or marketer, a technical product manager or project manager—the list goes on and on.
The idea or concept of cybersecurity as a career is just the tip of the iceberg. Finding a cybersecurity discipline that you truly enjoy, whether that be as an analyst, engineer, architect, developer, or any of the many other options, is key to being successful long-term.
Understanding that technology in general continues to advance—and that cybersecurity is not excluded—is another key. A cybersecurity career involves constant learning and growing because your career will grow and change just a technology grows and changes. Advancements in Operational Technologies and Artificial Intelligence are two examples of how advancements in technology can drive a critical need for cybersecurity advancements, led by cybersecurity experts with advancing skills and expertise.
2. What are the most popular jobs in cybersecurity?
Chris: When we typically think of some popular cybersecurity jobs, it’s easy to break down some of the common ones. Each of this has its own path depending on what it is you are looking to do:
- Analyst - Someone that typically looks at data. This person could be good with numbers, reports, or spreadsheets. They will be able to view, type, and manipulate data to achieve an end result.
- Engineer – This is typically your hands-on job, where you are the one that is doing, configuring, setting up, evaluating, and helping put plans in place through software and hardware.
- Architect – This is typically the person who develops plans, evaluates and considers options, and comes up with the goal. In most cases, they work with the engineers to achieve that goal.
- Developer - Just as the name says, the developer typically develops the “code” that allows users to leverage applications and/or software to accomplish their goal. This could exist anywhere from in a database to on a website.
- Managers - Those responsible for leading, empowering, and managing teams of employees within the organization.
In the end, each of these positions spans across multiple verticals—from Helpdesk, Desktop, and Server security to Hardware and Software Security—and then into various types, such as various operating systems, hardware platforms, and coding languages.
3. How do you choose which cybersecurity career (or pathway) is right for you?
Chris: For most in the field today, we all have stories to tell about our career path and what led us to where we are. Cybersecurity is no different. Only the individual truly knows what they like to do, and those interests can shape the career you choose to land in—whether that means influencing your career path or placing you at the leading edge of a brand-new career path that you are helping to influence. Of course, we have all had painful jobs we didn’t particularly like at times, but these help shape our future, too.
I wish there was a secret formula for coming up with the ideal career path for someone. A lot of us have been given opportunities throughout our careers to learn and grow after being challenged with tasks we probably never imagined doing. As an entry level analyst, the last thing on your mind is managing a team of 30 people that is responsible for Security Operations at a big business. Always look at the big picture and consider as many of the opportunities that present themselves to you as you can—they will help you learn and grow.
I, personally, am not a developer. I do not do well with coding. I have known this all along. I do excel in engineering and architecture while also being a people person. If you asked me five or 10 years ago what my future looked like and what my five and 10 year plan was, I honestly don’t think I could tell you this is the position I saw myself in: working as a Chief Security Strategist in cybersecurity, working with Privilege Access Management on the vendor side, helping existing customers and potential customers, and presenting to hundreds of people throughout the year to try to help them become more secure.
4. What are the most important certifications for obtaining a career in cybersecurity?
Chris: When it comes to certifications, I feel they are great for a foundational understanding—for learning concepts and how things “Should Work.” While there are many different certifications out there for cybersecurity, some of which are required for different positions, none of them can or could replace hands-on experience.
There are a lot of us that can relate to this: you become certified after answering the certification questions with the “Text-Book” correct answer, but then it comes to “real-world” scenarios, which are not always how the textbook or certification process says it’s supposed to be.
What I can say is, depending on what path you want to go down, CompTIA Security+ is a great entry level certification. As you advance and want a deeper understanding, CompTIA has an Advanced Security Practitioner—or another great one is the Certified Information Systems Security Professional by ISC2.
My best advice is to take a look at the options, start with smaller certifications, and build off of those as a foundation. If you go straight into an advanced or senior-level certification, you will likely be lost without having that foundation to build on.
5. What are the practical skills needed for a career in cybersecurity?
Chris: Some of the most common practical skills we all need and use are:
- Basic computer literacy.
- Proficiency in back-office products – Proficiency in Word, Excel, Outlook, or even PowerPoint (to impress your manager) are useful.
- Being a team player - It is pretty common in today’s world of cybersecurity that we work as teams or in a team, so being a “Team Player” is key.
- Communication - In cybersecurity, we often find ourselves explaining to non-cybersecurity or non-technical people what and why we are doing something. Having the ability to communicate and grow as an effective communicator will help with your career and your future.
6. A day in the life—what does an average day look like when working in cybersecurity?
Chris: As with any job, those seeking a new career in cybersecurity have to “Pay their Dues.” So, what does that mean and what could that look like?
- Working in shifts - As the new guy, getting a job in cybersecurity could mean getting the odd work shift or schedule.
- On-call duty - In the event that something happens, you could end up being on-call. This can keep you strapped to your phone or email.
- Meetings - In most cybersecurity professions, meetings are a big part of your time. You’ll be taking lots of notes, and then taking action based on the outcome of the meeting and the intended results.
- Analytics and data reviews - In most cases, there is always some sort of analytics or data review to be done, whether it be with service tickets, change management, or generic requests.
- Information gathering - We also typically have some fact or information gathering to do, and, in some cases, troubleshooting.
With a career in cybersecurity, the tasks may not always appealing. But in the end, those less-appealing tasks are probably going to be the ones that truly shape you into a security expert. Could you imagine going through your career, never being challenged or learning from failure, only to fail at the end of your career? It isn’t exactly the ideal situation for a professional in the cybersecurity industry who wants to be able to grow and advance with the industry.
Not every day is the same as the last. Some days will be easier while some will challenge your patience, in those cases, just remember that tomorrow is a new day.
7. Why is cybersecurity a good career?
Chris: Working in cybersecurity is a great career for many reasons:
- Career prospects - Technology has far outgrown the job market for talent in cybersecurity. There is no shortage of IT- or even security professional-related careers. In fact, the opportunities continue to grow year after year. So, if you like cybersecurity, there is no shortage of careers.
- Pay scale - Cybersecurity careers pay well, and you will have a growing pay scale as you move up the ladder. Depending on what vertical you choose, it can prove to be rewarding in many ways.
- Opportunities for growth - We all know technology will continue to grow and push forward, whether we want it to or not. As technology develops, it will bring with it new cybersecurity challenges that will require new skillsets to combat. A career in this industry is unlikely to leave you without opportunities for growth in whatever areas you might be interested in.
- Sense of purpose – If you are looking for a career that will allow you to feel that you are contributing to a worthwhile cause, cybersecurity is a good place to be. There will always be cyberthreats, and there will always be people who need to be protected from those threats. A career in cybersecurity means you are helping to drive an industry that is dedicated to securing and protecting people who are vulnerable to a pervasive and ever-growing threat.
8. What is the most rewarding part of working in cybersecurity?
Chris: For me, working in cybersecurity is about making an impact. When I was working as an engineer and architect, my goal was to help keep my company secure against threat actors. Fast forward to present day and the most rewarding part of my career is connecting with future customers and existing customers, helping them meet compliance and cyber insurance qualifications, and helping them secure their companies and businesses against threat actors. I truly enjoy sharing, teaching, and mentoring people about what I do, our products, and how we help them become more secure.
9. What are the biggest challenges facing cybersecurity professionals today?
Chris: I truly believe one the biggest challenges cybersecurity professionals face today is failure. If we fail in cybersecurity, it could mean severe financial loss. While smaller failures are truly learning curves, there is no handbook that tells you what and how to stop the threat actors. Technology will continue to evolve, just as the threat actors do. Sometimes we fail at staying ahead of them.
Another challenge is not knowing. While it is impossible to know everything, seeking advice, guidance, and expertise from those around you will benefit you in the long run. Do not be afraid to ask for help. I highly recommend mentorship in cybersecurity. Seek a senior cybersecurity professional as a mentor and leverage their skills and expertise to help you learn and grow.
10. How do you get your career in cybersecurity started?
Chris: In most cases, a career in cybersecurity starts with a Technical School, a Degree Program, or even something as simple as obtaining a certification or two. Cybersecurity and even IT isn’t for everyone. I can personally attest to this. In my graduating class, I am the only one that chose a path in IT that would lead to cybersecurity. But there are a lot of different avenues to get into within cybersecurity—including sales and marketing. Don’t let your perceived knowledge gaps prevent you from looking into the different opportunities that exist. Explore your options, ask lots of questions, network with security professionals, and try to find your niche.
11. What advice would you give someone who is just starting their cybersecurity career?
Chris: If there were any advice I could give to a new cybersecurity professional looking to make a career in the field, it would be to network, network, network!!
Connect with as many peers and other security professionals as you can. While it may seem trivial at first, making connections and talking with other cybersecurity professionals will help you on your career path—especially if you are great at what you do. Another word of advice I would give for a newcomer is to find a mentor. Find someone in the cybersecurity space who can help guide, shape, and steer your knowledge and growth. Having a mentor will also help propel your career in the right direction.
Ready to start your career in cybersecurity?
We’re always looking for great people to join us. Click here to learn more about the many cybersecurity career opportunities at BeyondTrust.
Christopher Hills, Chief Security Strategist, BeyondTrust
Christopher L. Hills has more than 20 years’ experience as a Technical Director, Senior Solutions Architect, and Security Engineer operating in highly sensitive environments. Chris is a military veteran of the United States Navy and started with BeyondTrust after his most recent role leading a Privileged Access Management (PAM) team as a Technical Director within a Fortune 500 organization. In his current position, he has responsibilities as a Chief Security Strategist (America’s) working with Customer, Marketing, and Executives on Thought Leadership, Market Trends, Company Vision and Strategy. Chris has held the Sr Solution’s Architect, Deputy CTO, and Deputy CISO roles since starting with BeyondTrust. Chris is also co-author in the Cloud Attack Vectors book, a contributor in the New Privileged Attack Vectors book, and editor in previous books. In his free time, Chris enjoys spending time with his family on the water boating, supporting his son’s college football career, going to the sand dunes off-roading.