Anywhere high-tech is used creates a demand for security technology professionals. “We need to make sure every door has a lock, so to speak,” said PK Agarwal, regional dean and CEO of Northeastern University-Silicon Valley and former CTO for California under Governor Schwarzenegger.
Security professionals are in demand right now. Entry-level security jobs, according to Corey Wilburn, security practice manager at DataEndure, fall into either an engineer or analyst role.
“An engineer role would be primarily accountable for the deployment, integration and maintenance of technology-based security controls,” Wilburn explained. “An analyst, on an incident response or security operations team, would handle the review of data feeds generated by technology-based security controls to track down potential malicious activity within an organization.”
Every career path needs a starting point, but these security jobs could take you down the road to a C-level position someday.
The Most In-Demand Security Jobs and How to Get Them
Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths.
Security analyst is one of the top job needs right now, and many professionals believe this is a good place to begin a career in cybersecurity. “With artificial intelligence and automation technologies transforming cybersecurity, it will be easier for entry-level security analysts to perform more investigative responsibilities as relevant context and intelligence of threats will be provided to them automatically,” said Peter Kaloroumakis, CTO with BluVector.
The security analyst position merges together two fields: the “police and crimes” with the “inner geek,” Roy Katmor, CEO and co-founder of enSilo, added. “Whereas fighting the bad guys moves on to the cyber world, there’s a big challenge here as they’re fighting unknown folks, and on the other hand, merges multiple disciplines challenging their technological skills.”
Malware Reverse Engineers
Malware reverse engineers look at a specific piece of malware and determine how it works, explained Ron Delfine, director of Career Services at Carnegie Mellon University’s Heinz College. This particular security career requires strong technical skills, including familiarity with how operating systems work, as well as how a specific piece of malware interacts with that system. “Knowing this allows them to identify system security threats and to create tools and techniques to combat them,” said Delfine. “As the number of system attackers increases (who are using more and more sophisticated tactics), so does the need for reverse engineers, who have the skills to combat them.”
Threat Intelligence Analysts
These are the professionals who try to put the pieces of the security threat puzzle together. They not only understand how malware works within a system and how to combat it, but they also analyze how the threat was delivered into a system, said Delfine. “Threat intelligence analysts might work in conjunction with a malware reverse engineer to detect potential threats and its effect on a system, but they also look at how an organization treats data, what policies are in place to safeguard data, how suspicious phishing emails are treated, who within an organization has access to what information, how they respond to threats and inform employees about potential risks.”
Cloud Security Architect
As more businesses turn to cloud computing, the need for systems architects and programmers who understand security, cloud architecture and computing increases. “The Cloud Security Architect leads the design and development of innovative security architectures for protecting data deployed into different types of public, private and hybrid cloud solutions,” explained Dotan Bar Noy, CEO and co-founder of ReSec Technologies. “This position will directly contribute to the overall global enterprise cloud architecture and lead the security, vision and strategy around cloud-based applications, across all types.”
Smart Device/IoT Security
Geoff Webb, VP of Strategy with Micro Focus, sees a need for professionals who can bridge the gap in smart device or Internet of Things security. “If I were entering the field today, I’d be looking at how very computationally lightweight devices can be designed with security – especially encryption – built in,” he said. “How to create smart ‘things’ that are able to self-defend is going to be essential for the first real generation of IoT devices we will see rolling out over the next five years. What we’ll need is a new generation of security professionals who are less focused on managing infrastructure and much more on looking at complex information flows, distributed environments and edge computing.”
Someone has to prepare future security professionals for their career, and security educators are an often overlooked, but vital, security career. “Security education teaches security awareness,” explained Kevin Du, IEEE senior member and computer security professor at Syracuse University. “Most of today’s security problems are caused by software design vulnerabilities and malfunctions and, of course, human error. Software errors are often made by software developers and I teach my students about the pitfalls of these security missteps. In my industry, I have witnessed many developers write software without any knowledge or background in security, and thus their software ends up having major security flaws. I educate students on the importance of software developer training and education.”
“Intelligence is a bit of a different animal in the information security career field. It still requires many of the same base skills as an incident response analyst, albeit maybe not to the same level of depth, but has the added requirement of understanding intelligence: the intelligence lifecycle, collections, developing various types of intelligence analysis, and ultimately creating timely and relevant intelligence products,” said Travis Farral, director of Security Strategy at Anomali.
Farral explained that there are two primary tracks into information security intelligence. One is through traditional intelligence training (either through a university or through military training). The other common path to a career in intelligence is learning skills in the intelligence field as an information security professional, but this path requires a lot of legwork for interested candidates to expand out of traditional security into the nuanced intelligence knowledge.
No matter which direction the security career path takes, certifications are the number one way to gain entry into the security field, regardless of whether you have a high school diploma or Bachelor’s degree combined with IT experience, according to Keeran Vadewattie Persaud, senior fulfillment manager for CDI Corporation. The top certifications include:
• CEH: Certified Ethical Hacker
• GSEC: SANS GIAC Security Essentials
• CISSP: Certified Information Systems Security Professional
• CISM: Certified Information Security Manager