The cyber security industry is booming. With data breaches affecting all sectors of industry, organizations are clamoring to hire IT security professionals.

There’s a high demand for cybersecurity pros, but a shortfall of qualified personnel. According to CSO, “by 2019, there will be 6 million job openings for information security professionals—but only 4.5 million security professionals to fill those roles.”

So how should an ambitious individual prepare for this field? And what can they expect from such a career? To find out, we asked veteran IT security professional Chris Stoneff, our VP of Security Solutions.

1. What are the pros and cons of being a cybersecurity professional?

Chris: The pros include job satisfaction. There is a constantly changing landscape of problems needing solutions. If you like learning and evolving your skills, cybersecurity is a great place to be. The cons of the job include generally longer hours than other areas of tech, with a lot less room to make mistakes. Precision is key as we address areas affecting large swaths of the global financial and military community, directly or indirectly.

2. What kind of person is best suited to a cyber security career and why?

Chris: Cybersecurity covers a lot of ground and a lot of different disciplines from basic tech support skills to auditing to IT to engineering to networking communication. You also need general presentation skills and the ability to talk to people at all levels of the corporate ladder. Successful cybersecurity pros deal with many of these disciplines, not necessarily all of them. Again, there are a lot of places a person can go in the world of cybersecurity

3. What 3 tips would you give to someone starting out on this career path?

Chris: (1) Understand the concept of acceptable loss. The bad guys are getting into networks. No amount of conventional IT security protection helps. They break in, or you let them in as employees and contractors. (2) Don’t put down the book just because you get certified or get a degree. The person who stops learning about their trade will wither and die. (3) Know yourself and your enemy. To quote Sun Tzu: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."

4. What does the average work day in cyber security involve?

Chris: An average work day involves lots of customer interaction in discovery (what’s going on), determination (how did it happen), and prescriptive guidance (how we can protect you). It involves conversations about what can be done versus what should be done, and knowing the difference.

5. Is there a common career goal among cybersecurity professionals?

Chris: I haven’t found a common career goal among cybersecurity professionals, though I have noticed intrinsic guiding lights like “don’t be on the cover of the Wall Street Journal” for the wrong reasons.

6. What would you say is the biggest challenge that cybersecurity professionals face today?

Chris: The biggest challenge cybersecurity professionals face today is companies (customers) who don’t want to change their IT behaviors. The professional must prescribe process changes and technology changes which often mean a fundamental modification in the way people have approached computing and big data for the past 3 decades. Looking at the data breach headlines, and from an insider’s point of view, cyberattacks are now more intelligent and automated and taking advantage of IT mistakes. Customers need to act similarly: automated and intelligent.

7. What is the most rewarding part of cybersecurity?

Chris: The most rewarding part for me is keeping my customers from being involved in a data breach scandal.

We’re always looking for great people to join us - have a look at our careers page to see current openings.