Where to work in cybersecurity

1 April 2020 Training & Education

We’re told that there are over 1 million positions available in the cybersecurity industry and that this talent shortage is a challenge in combatting the ever-growing cyber risks organisations and individuals are confronted with on an almost daily basis.

Looking ahead, there is very little possibility that this skills shortage will be dealt with any time soon. Even the most advanced cybersecurity tools still need skilled people to manage them and the much touted automated artificial intelligence (AI) tools are yet to hit the market.

The skills crisis is only worsened by the continued digitisation of almost every aspect of our business and personal lives and this includes the physical security industry where the move to IP-based systems puts this market in the middle of the cyber war.

Kaspersky recently surveyed CISOs in many countries and found that a third of them have trouble with recruiting skilled cybersecurity professionals. Furthermore, a previous study by Frost and Sullivan estimated that 1.5 million cybersecurity positions will be open and unfilled by this year (2020).

Hi-Tech Security Solutions spoke to Andrey Evdokimov, head of information security at Kaspersky, to find out more about the skills shortage and where there is potential for new entrants to the market.

Hi-Tech Security Solutions: Are there really so many jobs open in the cybersecurity market? Are these specialised jobs or general cybersecurity skills? Is there still room for general cyber skills in the market today?

Evdokimov: Even though having advanced cybersecurity solutions in place can help safeguard organisations to some extent, the fast-evolving threat landscape puts companies constantly at risk of compromise. This means being able to track, analyse, interpret and mitigate evolving IT security threats is a must.

Achieving this threat intelligence is a massive task, one that cannot be achieved in isolation. We have seen that irrespective the company size or industry sector, companies face a shortage of up-to-the-minute, relevant data that can be used to help them manage the risks associated with IT security threats. This puts the onus on them to have skilled employees in place who are comfortable with both general cybersecurity issues and more advanced ones and can manage this process of protecting business data and infrastructure.

Considering that cybercriminal activity will remain a risk, there will always be a need for cybersecurity skills. As such, there can be much to gain from building a career in this field. Given how quickly the digital world is evolving, the industry cannot generate enough skilled cybersecurity experts to keep up with demand. This ensures that those heading into this field will continue to be in high demand with options to specialise in more advanced cybersecurity skills, making for a fruitful career journey.

Hi-Tech Security Solutions: What is the solution? Will companies have to invest in autonomous solutions that cut people out of the equation?

Evdokimov: Automation and artificial intelligence are having increasingly important roles to play in the cybersecurity environment. However, behind technology there will always be humans. So, any technology or cybersecurity tool used will be impossible to apply without professionals.

This means that it is not a case of lacking in talented or promising young people to work in cybersecurity. Instead, many roles that need new talent are in areas that remain unseen and therefore under-employed. To seize the moment, those looking to have a career in cybersecurity should know which specialisation to choose and what skills to develop.

Hi-Tech Security Solutions: What can people looking to get into cybersecurity do to take advantage of the skills deficit? What key areas or specialisations are important, and why? What scope is there for employees in other fields to upgrade to the cybersecurity field and how would they do it?

Evdokimov: Those entering the cybersecurity field must have a strong understanding of the fundamentals of cybersecurity practices, along with a thorough technical understanding of networks. Additionally, they should have skills in servers, clients and the cloud, as well as firewalls, intrusion prevention systems and even knowing how exploits work.

And for those more interested in fighting malware, reverse-engineering skills are critical. The evolving cybersecurity market means that skills must remain adaptive to change. Those who will excel are the ones that seek to consistently grow in their knowledge and skill set.

Additional skills to take note of include digital forensics, malware analysis, incident response, reporting and analytics, to name a few. It goes without saying that a person must have a passion for the industry and be open to take on new challenges with a positive attitude and willingness to continually learn.

Hi-Tech Security Solutions: What can organisations do internally to deal with the situation?

Evdokimov: Companies must look at continually improving not only the technical skills of their employees, but to also manage them better. It is often the case that managers in cybersecurity lack soft skills such as communication, leadership, effective negotiation, business sense and knowledge of the targets the organisation must achieve.

Managers of any level in cybersecurity must be able to organise their department’s work to meet the cybersecurity demands of the company. It is not a case of simply throwing technology at the problem. These managers must be business-savvy and be able to engage with non-technical people to get them to buy-in to the cybersecurity approach of the organisation.

Interestingly, leadership skills are still not what cybersecurity professionals consider as a priority – even in top management positions. This means there is significant potential for companies to grow in not only their cybersecurity approaches, but how they train their employees as well.

Hi-Tech Security Solutions: How can individuals and organisations ensure they are continuously up to date in terms of their abilities to deal with constantly changing threats?

Evdokimov: New jobs in cybersecurity appear in a mixture of disciplines. While university programmes may give a good academic background, self-education is a priority for anyone entering an ICT field, especially cybersecurity.

Students should choose the area in which they want to develop and learn the necessary subjects and skills. When they start working, it is important to not get stuck in a routine which could lead to burnout. At the beginning of a career, this is one of the biggest risks, but a specialist can take it upon themselves to be proactive, as well as work on new tasks and self-development. Fortunately, there are plenty of educational materials, sources and communities that help specialists improve their knowledge and learn something new.

An employer can also assist in skills development.

Many companies, especially IT vendors for whom cybersecurity issues are very serious, are investing in additional education, training and staff development. The important thing here for employees is to understand priorities and choose the direction in which they want to develop. A person can then build a career, improve and demonstrate skills and differentiate themselves in a market ripe for the taking.

Hi-Tech Security Solutions: Are cloud services contributing to the vulnerabilities in organisations or are the threats evenly spread out over all digital business?

Evdokimov: Cybersecurity is about more than just protecting devices, but developing a cyber-immune ecosystem where everything connected is protected. True cybersecurity is about supporting the creation of connected systems that are secure-by-design. Security cannot be approached as an optional add-on layer.

It is not necessarily a case of the cloud contributing to the digital vulnerabilities, but they are making them more visible. Being connected means there is a responsibility on the organisation to ensure how it transmits data to the cloud, how it is analysed and what it is used for are done as securely as possible.

To this end, the regulatory environment is aiding companies to know which boxes to tick. But it goes beyond that as well. It is about making a concerted effort from both a solution as well as a people perspective to safeguard data and business infrastructure.

Hi-Tech Security Solutions: If a person has no experience in the cybersecurity world, where do they start to ‘get a foot in the door’?

Evdokimov: Digital will continue to grow and evolve. This provides people with opportunities to upskill and reskill themselves as circumstances change. The youth have grown up in a digital age and are exposed to all things digital – the benefits, opportunities and convenience it brings. However, they also understand some of the risks involved. Getting a ‘foot in the door’ is about demonstrating how to practically link this awareness to steps to help guide and implement cybersecurity best practices.

A career path in the cybersecurity space will not only result in an exciting future, but a fruitful one as well. Set studies and graduate programmes are available, while there are a myriad of options to enhance these with online certification programmes that reflect changing market conditions.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Revised ASIS Security Risk Assessment Standard
Training & Education
ASIS International has released a revised American National Standards Institute (ANSI) - approved standard for security risk assessments. The revised standard provides a comprehensive overview of conducting a thorough assessment to manage security risks.

Gallagher Security launches Augmented Reality Training in Australia
Gallagher Training & Education Access Control & Identity Management
Gallagher Security has announced the latest addition to its innovative suite of training solutions, Augmented Reality Training, demonstrating its continued commitment to innovation and improving access to security training opportunities.

SAIDSA achieves ISO 9001 certification
SAIDSA(SA Intruder Detection Services Association) Associations News & Events Training & Education
The South African Intruder Detection Services Association (SAIDSA) has announced that it has achieved ISO 9001:2015 certification. This milestone reflects its commitment to quality management and excellence in the security services industry.

Tips and tools for trade businesses
News & Events Training & Education
ServCraft brings together trade industry associations and corporations to launch blox, a digital content platform and community impacting lives, businesses and industries across hundreds of thousands of trade business SMEs.

Africa Online Safety Platform launched in SA
Training & Education News & Events
Impact Amplifier, with the financial support of Google.org, launched its African Online Safety Platform (AOSP), a platform providing a rich repository of research, education content, funding opportunities and ways to seek help after an online crime.

South African Keiron PRO laser target system
News & Events Training & Education
Jacstech, based in Cape Town, South Africa, has been appointed to supply a complete Keiron PRO laser training system to the SIRT Academy. The SIRT Academy is a firearms and tactics training facility in Perugia, Italy.

Practical guide to protect data privacy
Training & Education Information Security
The Data Privacy Toolkit, reflecting the evolving landscape of data privacy, includes guidelines and recommendations to safeguard sensitive information crucial for protecting sensitive information from malicious actors.

ONVIF releases first add-on for secure communications
Surveillance Training & Education
ONVIF has released the final version of the TLS Configuration add-on to increase the security of communications between devices and software clients within a physical security system.

Mastering security awareness in the digital era
Security Services & Risk Management Training & Education
Human error and lack of security awareness remain the first security threat. Companies must consider the importance of managing employee cyber risk and the significance of training and awareness programmes.

Preparing young entrepreneurs
News & Events Training & Education
Liquid Intelligent Technologies SA recently announced that its Youth Empowerment Programme is successfully preparing young South Africans with the skills they need to succeed in a digital future.