Cyber security refers to a unique set of strategies and techniques used to protect computer systems, networks and programs from unauthorized access, damage, and attack. According to Forbes, the global cyber security market is expected to reach 170 billion by 2020.
In today’s connected world, a cyber attack can result in an individual experiencing identity theft, extortion, or loss of important data. On a broader level, critical infrastructure like power plants, hospitals, and financial service companies can be affected. On a global level, cyber threats can affect the military, political or infrastructural assets (through cyberterrorism, cyberwarfare and cyberespionage). Securing all data, whether on a personal or a national level, is crucial to keeping our society functioning smoothly.
Keeping up with cyber security strategies and techniques can be a challenge, as attackers are now launching sophisticated attacks at lower and lower costs. The last few years have shown a dramatic uptick in sophisticated threats and malware. Companies and organizations worldwide are now facing the challenge of finding skilled cyber security professionals who can outpace advanced threats, as there are more devices than people and attackers are becoming more creative than ever.
Adam Vincent, CTO-public sector at Layer 7 Technologies (a security services provider to federal agencies including Defense Department organizations), describes the problem: “The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It’s no longer possible to write a large white paper about the risk to a particular system. You would be rewriting the white paper constantly.”
“For many years, the focus has been on perimeter defense and defending the walls of the castle,” says Eddie Schwartz, the international vice president of ISACA, chair of ISACA’s Cybersecurity Task Force, and president and COO of WhiteOps. “The emergence of security professionals that can cope with advanced threats and advanced adversaries hasn’t kept up with the changes in cybersecurity. Right now, many organizations try to solve this problem on their own, and they try to hire people,” he says. “It is sort of like a bunch of small countries trying to fight a superpower in terms of organized criminals and nation-states; there’s just no hope.”
Skills shortages in cybersecurity are widespread. The “State of Cybersecurity: Implications for 2015” study reports that fewer than 25% of cybersecurity applicants are qualified to perform the skills needed for the job due to a lack of credentials and the ability to understand the business. The main reason is that the skills required to fight cyber threats are very different from those that are needed for conventional IT security.
Some technology proponents are looking to higher levels of automation (and point toward moving away from manual processes). “Automation is a good thing if you can get there from here,” says Schwartz. “Our industry, security, has not perfected predictive analytics yet; we are not even close to getting there, and artificial intelligence isn’t here yet either. So I think for a long time to come we are going to see the need for humans to be deeply involved in the cyber security process, particularly when it comes to stopping events.”
Training and certifications that equip candidates to actually perform the skills needed are gaining momentum. According to a report by job analytics firm Burning Glass Technologies, job postings in cyber security have grown three times faster than those for IT jobs overall, and cyber security professionals are earning nine percent more than their IT counterparts.
If cyber security interests you, start by exploring the various careers that are offered in this field:
- Ethical Hacker
- Cryptographer
- Security Architect
- Security Engineer
- IT Security Consultant
- Information Security Analyst
- Information Security Auditor
- Information Security Director
- Computer Crime Investigator
- Security Software Developer
- Security Systems Administrator
- CISO
Many experts suggest that someone interested in cyber security begin with a job, internship or apprenticeship in IT. This will provide the fundamentals such as administering & configuring systems, networks, database management and coding. It also offers an understanding of IT procedures and real-world business operations.
IT jobs that can lead to cyber security careers include:
- Computer Programmer
- Software Engineer
- Technical Support Specialist
- Computer Systems Analyst
- Database Administrator
- Network Administrator
- Computer Network Architect
- Computer Systems Administrator
- Web Developer
Note: If you are already in general IT and would like to transition to a cyber security career: CyberDegrees.org