By Andy Skrei, Sr. Director of Product Management, Exabeam
A recent survey from the World Economic Forum found that 59% of organizations would have difficulty responding to a cyberincident due to shortage of skills. The cybersecurity workforce gap also increased by 26.2% in 2022 compared to 2021 at a time when adversaries are working faster than ever.
Graduation season is almost upon us. As a fresh new batch of cybersecurity graduates enter the workforce, I’d like to offer a few bits of advice.
While it’s not the only way into a career in cyber, it is good to major in relevant fields. The common majors include computer science, computer programming, network administration, cloud computing, information technology management, information security and assurance, computer forensics, and machine learning. Each of these programs provide candidates with insights into what it takes to work in security operations — but it’s not the only route to a successful career in the industry. Some of the best cybersecurity professionals I have worked with do not have specific degrees or certifications, but have a thirst for knowledge and want to defend against adversaries.
I also encourage individuals to look at free resources for learning available online. Websites such as Bugcrowd University, Hack the Box, and Try Hack Me can help budding cybersecurity professionals learn more about the field and put their skills to the test by solving test scenarios.
Meaningful internships are also great to see on resumes. Younger candidates who have worked at technology, cybersecurity, and data-driven companies will typically take preference but it’s never too late to seek out your first internship in cybersecurity. Companies need and want to train you!
Going Beyond Technical Credentials
What distinguishes candidates who will fare well in the high-stress, continually evolving cybersecurity industry? Teams are always tasked with identifying and mitigating threats before they result in issues that harm network, application and data security, and performance – or worse yet, become major breaches that end up in the news.
In addition to technical skills, leading candidates should possess soft skills that will help them adapt and grow in a fast-changing cybersecurity and technology environment, including:
-
Solid communications skills – Cybersecurity professionals need to be able to communicate very technical, and sometimes abstract, concepts to leadership in order to make the right decisions. How one effectively communicates not just what the problem is, but also its impact, can influence the steps an organization takes to mitigate issues and ensure continuity in the future.
-
Demonstrating curiosity – Leading candidates will show a passion for the industry, which will likely manifest in tough coursework, targeted internships, networking and more. Truly motivated candidates may have taken the time to pursue industry certifications during college, such as the Cisco Certified Network Associate (CCNA), Microsoft Certified Systems Engineer (MSCE), Certified Information Systems Security Professional (CISSP), CompTIA Security+. These certifications provide students with exposure to new technology, processes, and enterprise support needs that can give them a jump-start on working in industry. Recruiters will know to target these individuals immediately as high-priority candidates, as gaining these certifications evinces not just technical expertise, but candidates’ determination and commitment to accelerate their growth.
-
Growing analytical skills – Cybersecurity analysts need to be able to think both horizontally and vertically. They must know how threat patterns are changing and affecting their industry, company, and networks. Delving deeper, they must be able to understand the nuances of threat behavior, and what that says about attackers’ motivations, targets, and changing strategies.
-
Fostering teamwork and collaboration – Cybersecurity is a team sport. Individuals who can work well with others will fare the best in fast-growing companies. Recruiters look for candidates who are able to ask questions, consider and synthesize others’ perspectives, work collegially on projects, and enjoy teamwork.
-
Possessing grit and a long view – The cybersecurity industry is incredibly challenging. New hires will probably work long hours, handle expanding responsibilities, and train even greener recruits. Those who flourish in this environment will view the ebb and flow of workers as an opportunity to gain skills and experiences faster than would ordinarily be possible. They’ll be able to build their talent stack, mastering such areas as threat intelligence, incident handling, penetration testing, forensics, and more. Many will also get early leadership opportunities, due to their ability to lean in, take charge of their careers, and build the skill sets needed for cybersecurity management. To screen for grit and a long view, recruiters will ask questions about candidates’ long-term goals and how they went about achieving them. Recruiters can also ask job candidates probing questions to ask if they’ve tackled tough challenges willingly to get desired experience. In this area, non-traditional candidates can often shine, sharing stories of working full-time while gaining a college degree or spending late nights doing online training to bridge the gap with college coursework.
The 2023 graduating class deserves congratulations for successfully navigating not just challenging coursework, but also an ongoing pandemic that strained learning, social relationships, and mental health. As graduates begin to look towards the future, my final piece of advice is to lean into the cybersecurity mission and go all in — doing so might just make you the next best cybersecurity leader.