I've spoken with and read a lot about the dreadful shortage of talent in the security industry, but I also wonder if there really is the great dearth of candidates that companies are claiming. Is the problem not so much that there really aren't enough skilled men and women to fill these 1.5 million jobs, or is the problem more with the pre-requisite level of experience companies want from new hires?
For those security newbs who are looking to get a foot in the door, perhaps you might be better off taking a more circuitous path than the traditional front door. A lot has been written about training from within, so maybe your best bet is to just get in by any means. Once you've landed that mail room position, you can start showing off your skill sets and move on over to the security team.
[ ALSO ON CSO: CSO burnout biggest factor in infosec talent shortage ]
That's just my opinion, though. Rather than expect you to rely on my sage advice alone, I'm also sharing some tips from Lloyd Webber, director of product management for Sonavation, who noted that the more traditional path of formal education provides a solid foundation to build upon.
How do folks get a foot in the door?
Many cyber security experts begin their career as an IT specialist, computer programmer, network/system administrators, or network security architect. A lot of IT specialists have a huge range of non-security career options across a wide variety of industries (e.g. finance, government, retail, etc.), which is a solid background to make the transition to cyber security.
It should be noted that many cyber specialist come from diverse career and experience paths. Just to name a few, a military or law enforcement intelligence career, mathematics, computer scientist, or advanced technology backgrounds are a perfect springboards into the cyber security field.
Volunteer or intern to gain experience at an organization. Build your own test environment to try things out. Avoid the illegal route of hacking someone else's system. Network. Find groups and get involved in discussions.
What are the greatest challenges people usually face in the first few years?
The fast-paced change in technology and hacking tactics. Of course, this is also a great opportunity. The diversity and complexity of today's computing networks require candidates to be versed in a variety of skills both self-taught and through academia. It means that you must gain as much hands on practical knowledge as possible, studying the trends and technology and then looking for a pathway into a role of interest to you.
What are some of the greatest rewards/surprises/lessons learned?
It is phenomenally satisfying to know that you are integral in helping to protect business and personal information that has so much value. With the majority of businesses going bankrupt after a hack, it is great to be able to help small business owners stay in business and protect their digital assets.
Is there value in having a mentor/sponsor?
Absolutely, mentors / sponsors as an experienced and trusted adviser are an important resource to help share knowledge and information. He or she is vital to one’s success.
How do new folks get their voices heard?
Active participation in activities to gain a reputation of someone that can be counted on and is a subject matter expert is the best way to get your voice heard.
What continued professional development benefits newbies the most?
Honing your craft is very important. The Internet is a perfect way to gain knowledge on news and information surrounding the cybersecurity field. There are a vast number of Internet resources from blogs to pages, vulnerability databases, research information conference proceedings, and articles. Additionally, a great way to stay informed is to become active in an online group or forum to share ideas and gain greater insight.
As with most industries, a lot of your ability to land a job is in networking. Market your assets by making yourself known. If you read a blog, make a comment. Engage people in conversations. Attend conferences. Enter a cyber competition or a hack-a-thon. More importantly, recognize that your skills are your greatest commodity. Trust that you have what is needed to be successful, then connect yourself to a community who can link you to a job opportunity.
This article is published as part of the IDG Contributor Network. Want to Join?