For background, the cybersecurity talent shortage is very real. A CNBC technology video stated, “… in late 2019 that 2.8 million professionals work in cybersecurity jobs globally, but the industry would need another 4 million trained workers in order to properly defend organizations and close the skills gap.”
A survey of more than 300 cybersecurity professionals from ISSA shows that 70% of organizations report being impacted by this worker shortage, and 45% of respondents say the cybersecurity skills shortage and its associated impacts have only gotten worse in recent years. (download this year’s report)
In fact, the drought of talent has become even larger as cyber attackers have exploited the pandemic, taking real advantage of all of the unsecured devices, databases and cloud assets that have become available to them due to remote working.
That’s the good news, because you want to break into cybersecurity, and this shortage is your opportunity. The question you need to ask yourself, is whether you have the qualifications and temperament to do the job?
Our team at Parabellyx is here to help you answer that question and many more. We want to help potential talent by providing some guidance for anyone interested in a career in cybersecurity.
Typically, when somebody wants to break into cybersecurity, they opt to go for one of the various cybersecurity programs available in post-secondary institutions, ranging from one to three years of study. And what does this cybersecurity program do? Well, it gives you the basics of cybersecurity and then provides you with a lot of applied hands-on knowledge, but there is a problem with this approach. The best people in cybersecurity happen to be technology generalists.
Great cybersecurity professionals understand software development, infrastructure, cloud computing, etc. The reason why those people are technology generalists isn’t because they went and worked in all of those areas, but because they had some fundamental knowledge, formally or more often informally gained on how computers generally work. They understand how an operating system works. They know how the networks function. They understand the algorithms that simplify data management. They have learned at least one or more computer languages and understand some things in software development, even if they haven’t necessarily done any software development work directly. The point is that you can’t learn all of these things by simply taking a cybersecurity course. You may come out of a cybersecurity program with some knowledge, but you emerge without really understanding what it takes to truly succeed in cybersecurity.
Great cybersecurity talent must have a voracious appetite for learning, and it never stops, regardless of age or seniority.
In other words, the best talent is always striving to understand what’s under the hood of everything around them, relating to technology. When we look to hire anyone at Parabellyx, we focus less on cybersecurity-related questions, and ask more general questions about technology. If they are into gaming, for example, we want to know how they assembled their gaming computer or tried to modify gaming stats such as health or XP in memory or in saved games. We will ask if they’ve done any projects using Raspberry Pi or if they’ve tried any applications that use high-level languages where you don’t need a lot of software development skills.
We want to know that they are interested in technology, and they’re driven to learn new skills with a self-directed drive to continually challenge themselves. We want to know that they aren’t interested in security just because it pays well. We’re looking to find someone who is interested in really advancing and turning cybersecurity into a career, and they have the right mentality to stay for the long run.
So, what questions should you ask yourself before you step into a job interview?
- How am I spending my time around technology? Am I just a user, or am I trying to tinker with it? Am I a “hacker” who wants to understand how that technology works? Am I trying to also understand the business processes behind it all? Am I looking to break it all apart so that I can understand how to put it back together? If the answer is yes, then you are off to a good start.
- If the answer is no, is it because you don’t have an interest in tinkering or hacking, or are you missing the skills to do so? If you have the interest, but not the skills, then you need to focus on learning those skills. You should be building your own systems. You can start doing something easy, like starting a Raspberry Pi project around automation or anything else that interests you. You can even write some simple mobile applications. If you aren’t interested in learning those skills, cybersecurity is not likely going to be your future career path.
- Another question that you must consider is whether you need a strong work/life balance. If the answer is yes, you will have a difficult time in this career, at least for the first few years. Cybersecurity is like being a technology doctor. You need to be on call, always. You also need to be continually learning, because the diseases keep changing and adapting. It won’t always be 24/7, but the first many years will require a dedication that is similar to a residency for a Doctor. You need to be prepared.
Cybersecurity can be a rewarding and fulfilling career, but it requires dedication and a commitment to learning. We’re here to help you. If you’re still interested in learning more, Parabellyx will be creating a Q&A dedicated to helping people break into the sector. Reach out to us at here and ask us your questions. We will send you directly a list of all of our answers and are happy to spend some time with you directly as well.
In the meantime, keep learning.
Parabellyx are security-matter-experts who take a focused and business-aligned cybersecurity approach to developing strategies that accomplish your key business goals and objectives. We then train your entire organization in security, preparing you for any threat, until a security mindset is entrenched across your entire company, protecting and ‘future-proofing’ your information, your employees, your customers, your shareholders and your reputation.