By Jesse Varsalone
According to the U.S. Bureau of Labor Statistics, the demand for information security analysts is projected to increase 31% from 2019 to 2029, faster than the average for all other occupations. Although the demand for cybersecurity jobs continues to grow, anyone interested in pursuing a career must figure out where to invest the time and resources needed to rise above the competition.
Offense, defense and the cloud: What kind of job can I expect?
A job in cybersecurity requires, at the very least, an Associate degree from an accredited program. Beyond that, anyone seeking a career in cybersecurity should have an understanding of the opportunities in the field, what recruiters are looking for, and what certifications, if needed, will help them gain employment and career advancement.
Jobs in cybersecurity generally fall into two categories – defensive and offensive. Defensive security requires an understanding of how hackers get into networks, the actions they take during an incident, and the artifacts they leave behind after an intrusion. Learning offensive security can help you understand the warning signs of a coming attack, how to detect an intrusion, and what preventative measure to take to secure your systems and prevent an attack from happening.
To detect and understand the behavior of hackers, you need to know how to analyze network capture files and logs, RAM, the Windows registry, services and configuration, file system artifacts, and malware or suspicious files. Commercial off-the-shelf tools like Splunk (Log Analysis) and EnCase (forensics) do an outstanding job of parsing artifacts, and some employers require you to be proficient in them.
Although offensive cybersecurity is more popular, garnering the many news headlines, most jobs in cybersecurity are defensive – analyst positions, such as cyber threat analyst, malware analyst, and system vulnerability analyst, among other roles. Individuals trained to respond to and analyze a network intrusions often are in high demand. An intrusion analyst, for example, needs to understand how networks are compromised, which not only requires deep knowledge of networks, but also operating systems, forensics, incident response, and network and perimeter defenses.
Also in high demand are cloud security, cloud architecture, cloud infrastructure and other cloud-related positions within the cybersecurity field. As more organizations transition from physical, on-premises infrastructure to cloud-based infrastructure as a service (IaaS), platform as a service (PaaS), and other models, they will need experts in Amazon Web Services (AWS) and Azure who can move, secure, and maintain their network infrastructure within the cloud. The current COVID-19 pandemic has accelerated this movement, as companies cancel leases of their physical locations and try to avoid having people in their buildings due to health concerns.
Getting in the door
I’m often asked by people new to the field, “What should I be prepared to talk about in an interview?” Employers will often ask simple questions such as: “What is your home network like?” The wrong answer would be, “I don’t have much of one.”
Employers are looking for individuals who are passionately involved in cybersecurity, and who are exploring and learning on their own. They are interested, for example, in people who are using virtualization with a library of Linux and Windows systems on which they do testing and implement security configurations. An advanced user might even have an ESXi and vSphere setup, as well as a custom firewall and/or other network appliances commonly found within a typical network infrastructure.
Those unfamiliar with cyber competitions may view them as a hobby for an enthusiast rather than an avenue toward employment, but employers want to know that applicants have participated in them. These competitions include Red Team and Blue Team experiences, forensics and log analysis challenges, as well as reverse engineering and cryptography problems. Individuals who are highly skilled in these areas are considered desirable by employers.
Navigating a sea of certifications
If you are looking to become a cybersecurity professional, in addition to your degree, certifications can open doors to jobs and help determine salaries. But sorting through all of the certification options and determining which ones to choose can daunting. How do you know which one is right for you? It helps to think about what you want to do and what skills you want to develop. What follows is a brief overview of some of the top cybersecurity certifications based on skillsets and employability.
From a compliance, DoD 8570, and an overall employability perspective:
- CompTIA Security+ is a top entry-level certification that is required by many employers and also meets DoD 8570 IAT Level II and IAM Level I Requirements.
- CISSP is an all-encompassing management-level certification that is required by many employers and also meets DoD 8570 IAT Level III, IAM Level III Requirements, and IASAE Level II.
- CEH (Certified Ethical Hacker) meets DoD 8570 the CNDSP Analyst, CNDSP Infrastructure Support, CNDSP Incident Responder, and CNDSP Auditor requirements.
For the offensive security minded:
- The CEH-Practical examis a good entry level hands-on certification for people interested in a career in penetration testing.
- CompTIA Pentest+ is a good entry level, hands-on certification for people interested in a career in penetration testing.
- OSCP (Offensive Security Certified Professional) – Individuals passing this certification exam must already be highly skilled hackers and penetration testers who would require little to no re-training and could hit the ground running for an employer hiring seasoned penetration testers.
For the defensive security minded:
CompTIA CYSA+ is a is a good entry-level, hands-on certification for people interested in a career as an analyst, perhaps working in a Security Operations Center (SOC). While the offensive side of security is popular and attacks garner more attention in the news headlines, the majority of jobs in cybersecurity are in defensive positions, like that of an analyst working in a SOC. Other roles include cyber threat analyst, malware analyst, or system vulnerability analyst.
It’s also important to note that the Microsoft is retiring its MCSE (Microsoft Certified Solutions Expert) certification. Cisco is also making major changes to the CCNA (Cisco Certified Network Associate) and CCNP (Cisco Certified Network Professional) certifications.
The bottom line
The field of cybersecurity has evolved to encompass a growing array of sub-areas and rapidly changing technologies. From forensic analysis to data loss prevention, no longer does one size fit all. But the one common thread through all of the changes in the field is the need for a firm understanding of the basics: offense, defense, and threat identification and remediation. Demonstrating mastery of these areas, and showing employers that you are passionate about cybersecurity and eager to explore and learn will go a long way toward a successful career.
Jesse Varsalone is associate professor of Computer Networks and Cybersecurity at University of Maryland Global Campus