The hackers and cybercrooks are busy. Happy days for IT security professionals.
ISACA’s 2015 Global Cybersecurity Status Report says 92 per cent of its members are planning to hire more cybersecurity professionals this year.
Eighty-six per cent believe there’s a global cybersecurity skills-gap – in 2014, Cisco estimated a shortage of over a million IT security professionals worldwide. There’s a lot of work out there.
From data privacy and regulatory compliance to cloud security, penetration testing and ethical hacking, application and network security engineers, CISOs and risk managers, the career opportunities are as plentiful as they’re varied. And if you’re an ambitious tech professional, the fact that Information Security is now a boardroom issue means there are clear opportunities to scale the corporate ladder.
Boom time for Information Security
InfoSec is booming. Most of the major players are hiring in multiple locations globally. Cork, in particular, is developing into something of an IT security hub; eSentire plans to establish its European HQ here will see it joining FireEye, Malwarebytes, Intel Security (McAfee) and Trend Micro, among others.
Constantly evolving security risks and threats mean Information Security professionals can expect a challenging and varied career. It also means you walk a fine, often contradictory line between certainties – the best practices you know should be in place – and constant ambiguity. That takes an interesting blend of technology skills, management capabilities and personality attributes.
Here are a few things to think about
Certification: IT security certifications generate a lot of debate. While the CISSP continues to be viewed as the gold-standard, there’s value further down the chain, from the entry-level CompTIA Security+ and SANS GSEC to more role-specific qualifications like CISA, which focuses on auditing. There’s quite a lot of overlap on these courses; for mid-career security specialists, it pays to identify the courses that are most relevant to your chosen path in the industry – there’s a growing perception that having armfuls of different certifications suggests a lack of hands-on experience or clear direction in your IT security career. Be logical – that’s a trait hiring managers look for in IT security experts anyway.
Flexibility: That contradiction we mentioned earlier? Here it is now…While it’s not always a good idea to have loads of cross-field certifications on your CV, it is good if you can demonstrate hands-on experience across IT and operations. More senior security roles call for multi-dimensional candidates with some experience in other IT disciplines.
Visibility: The Information Security community is an active one. And they’re generous with their expertise and time. Get out and mix with them – instead of taking another certification, attend respected conferences like Black Hat or RSA, where you can learn about current threats and trends, make connections and learn from others or maybe even give a talk. Closer to home, the Irish information security scene is active – check out CorkSec, a very friendly monthly meet up in Cork City for anyone interested in IT security. Like Cork, Dublin has an active OWASP group. Get Googling and get along.
Business smarts: You might like the sound of good old fashioned air-gap security, but business doesn’t work in a vacuum and it’s up to you to figure out a way to enable business using effective security practices. If you’re standing between productivity and profit, you’re not doing your job properly (and you won’t hold on to it for very long, either). A solid understanding of exactly what you’ve been hired to secure will help you build effective policies and defences that don’t get in the way of the business.