Cybersecurity issues and events are constantly making headlines. From nation-state cyberwar to ransomware attacks against cities and schools, it’s hard to avoid seeing evidence of the impact of security vulnerabilities on our society. One reason for this problem is the lack of people working in the cybersecurity profession. According to industry group (ISC)2, there will be 3 million available cybersecurity jobs in 2022. All countries, all industries, all sizes of companies, are missing much needed security talent–people trained to help defend against and respond to cyber threats. Considering a career in cybersecurity? There is no better time than now to make a move towards this profession.1
Having a background in telecom architectures, from building to maintenance, is a skill set sorely needed in cybersecurity. The profession focuses on securing not just the information in our systems, but the hardware and communications infrastructures that connect and house the information.
The Right Fit?
For the uninitiated, cybersecurity can seem to be a place where highly technical, computer savvy individuals work long hours in darkened rooms, performing arcane computer rituals that few others can understand. While some security roles are indeed highly technical, and some security professionals like working in darkened rooms, the reality is that the security profession is extremely broad, with many types of skills and outputs, not all of which require deep computing knowledge.
Do an Internet search for “CISO Mindmap” (Chief Information Security Officer–usually the most senior security role in an organization) and look for images of the kind of functions included in a security team. You’ll see that some of the security functions are indeed technical–from hardware specialists to application developers. Within the technical side it can be building security systems, maintaining security solutions, penetration testing to assess weaknesses, or monitoring and operations. Alternatively, the other side of the security function is business/process focused, and much more about people and processes, rules and regulations, psychology, and social engineering. More broadly, security is a business function that uses technology to solve security problems of availability, confidentiality, and integrity, so working in security requires people to be both technical and business aligned.2
For people who already work in an engineering field, there are obvious parallels to working on the technical side of security, and the pathways to move from one kind of engineering to cybersecurity can be easier than someone with no engineering background. It is worth noting that security applies to all kinds of technology, not just software. Having a background in telecom architectures, from building to maintenance, is a skill set sorely needed in cybersecurity. The profession focuses on securing not just the information in our systems, but the hardware and communications infrastructures that connect and house the information. Knowing how these systems work (and can fail) is important for cybersecurity.
Getting Ready
If you are thinking about making a move to cybersecurity, start by doing some homework.
The first thing to consider is yourself: what kind of work do you like to do and what is it about security that aligns with your personal values? Working in cybersecurity has many rewards, and it also has challenges. Knowing why you are there and why it is important to you will help you deal with any stress that results. Review the MindMap link2 and think about the kind of security job that is a good fit for your skills, experience, and desired working state. If you have been working in another industry for a few years, you don’t have to start all over as an entry level cybersecurity person, but you will need to find the right kind of company that can help you grow your skills. Perhaps the company you work for now has a cybersecurity team you can transition into. Consider using Cyberseek.org as a tool to find the job roles and related skills you need.
Once you have a general sense of the kind of cybersecurity role you would like to pursue, consider if you need any additional training or experience to be qualified. Don’t worry! You don’t have to go back to college (although that may be an option you want to consider). There are professional certificates, boot camps, and free online learning that can be used to bring you up to speed with current industry thinking. Cybersecurity hiring managers will be looking for practical experience, so think deeply about how the job you are doing now might lend itself to the kinds of things you will do in a security role. If your job involves designing architectures, or maintaining systems, or responding to outages, or developing solutions for customers, these are all things that are also done in cybersecurity. Applying a cybersecurity lens to these activities is not a huge leap, learning the language of cybersecurity will help you make it.
As you work on closing any skills gaps, start networking. Meet with your company security team and find out what they do. Attend a local cybersecurity meet up, or industry networking event. Connect to security people on LinkedIn or Twitter or your favorite social media site. Get to know people who do what you want to do. The cybersecurity community is well connected, and we talk with one another, a lot. Getting to know people will help you learn when jobs are coming open and having an industry professional to vouch for you will also make your job searching easier. Later, those connections will also help you on your career journey, supporting you and helping you navigate what is to come.
Lastly, work on your resume, and refining your story about why you want to work in security. Have a security professional review your resume to help you make it stand out. Make sure you include anything that indicates what you know, and why you’re interested in making this move. Tailor the words you use to match the job posting you’re applying for–it will help you get past the recruiting filters and make it to the hiring manager’s desk.
Within the technical side it can be building security systems, maintaining security solutions, penetration testing to assess weaknesses, or monitoring and operations. Alternatively, the other side of the security function is business/process focused, and much more about people and processes, rules and regulations, psychology, and social engineering.
Landing Safely
If you are already working somewhere as a non-security person, and you want to stay with that company, consider looking for security roles within that company. Talk to the security team (or if there isn’t one, whoever does security “stuff”) to find out what kind of opportunities exist for you to move in that direction. While you’re in your current role, look for opportunities to incorporate security work into it. Minimally, making friends with the security team is a great way to begin networking.
One of the underappreciated skills of a good security professional is understanding the business in which they are doing security. If you’re already in the telecom sector, consider finding security roles in that sector. Your background will be well- received even if you are light on direct security experience. Telecom is considered critical infrastructure for most countries. This means that telecom companies are under pressure to improve their security capabilities, and that governments are making funding available to support the growth of security teams. The ability to protect communications infrastructures is in high demand–take advantage of the demand to find your next role. Functions such as security engineer, pentester, third party assessors, and even security governance analysts, will benefit from your background.
The experience of a lot of security job seekers was that getting their first security job was the hardest; once in a security role, moving around and up became easier. So, for your first security job, look in many places–it’s a numbers game. The good news is that many companies are open to hiring full-time remote workers, so you may not have to relocate to be available to more companies. The more challenging news is that taking a remote role will sometimes make your learning curve longer. If you can find a company which is geographically available to you, great. If not, remote works too, just set your learning expectations accordingly.
If you are thinking about a job in cybersecurity, now is a great time to make a move. The telecom industry, and all industries, need your talent, and they are willing to pay for it.
Start by doing your homework. The industry is big and broad, you will need to have an idea of the kind of security role you want to pursue. Network with security people to learn more, and to make yourself known. Consider training, self-taught or formal, to close any gaps.
Getting your first role requires patience and perseverance. Be ready to apply in multiple places, and to meet with many people. The effort will be worth it.
The cybersecurity profession is growing and is an exciting place to be. The security community is supportive and committed to their craft. This is a place where you will learn a lot, have job security, and have a career that will continue to grow.
REFERENCES AND NOTES
1. (ISC)² Study Reveals the Cybersecurity Workforce Has Grown to 3.5 Million Professionals Globally: https://www.isc2.org/News-and-Events/Press-Room/Posts/2020/11/11/ISC2-Study-Reveals-the-Cybersecurity-Workforce-Has-Grown-Globally
2. CISO MindMap 2021: https://rafeeqrehman.com/2021/07/11/ciso-mindmap-2021-what-do-infosec-professionals-really-do/
About the Author: Helen Patton is the author of “Navigating the Cybersecurity Career Path” (Wiley, 2021), and is an Advisory CISO at Cisco where she shares security strategies with the security community. Previously, she was the CISO at Ohio State University and an Executive Director at JPMorgan Chase. Helen actively encourages collaboration across and within industries, to enable better information security and privacy practices. She believes in improving diversity and inclusion in the workforce, and mentors people interested in pursuing careers in security, privacy, and risk management.
For more information, please email [email protected] or visit www.cisohelen.com. You can also follow her on Twitter @cisohelen.