CHAPTER 9: EXAMPLE: CAREER DEVELOPMENT IN THE CYBER SECURITY SECTOR
In this chapter I focus on the cyber security industry, illustrating the career development paths and options available in this sector. I outline the different entry points and career options and provide an example of career development in this growing marketplace.
The cyber security industry
If you have chosen or are thinking of selecting cyber security as a career, you’ll be working in a marketplace where there is high demand for talent. According to the UK Cyber Security Council cyber security covers “all aspects of how individuals and organisations reduce the risk of cyberattack”.14
Cyber security is one of the world’s most pressing challenges. Cyber threats impact critical infrastructure, national security, the global economy and society. CB Insights’s “Cyber Defenders 2021” report identified 14 technical categories of cyber security, including growing marketplaces such as automotive security.15 The report identified a lack of dedicated cybersecurity staff, with 22% of companies reporting significant shortage and 42% a slight shortage. The high demand for talent is predicted to grow as the world of work, post COVID-19, moves to higher levels of hybrid and remote working, which brings with it increased risk of cyber attacks.
Roles in cyber security
There are many opportunities for people to start and to develop their careers in cyber security. A useful resource is CyberSeek (www.cyberseek.org/pathway.html), which provides an interactive career pathway for cyber security roles. It shows entry and transition opportunities and gives detailed information about the credentials and skillsets required for each role as well as the salary levels. Feeder roles for cyber security include:
• Networking
• Software development
• Systems engineering
• Financial and risk analyst
• Security intelligence
• IT support
The following table provides a brief overview of roles and career development paths.
Table 5: Example: Career Development in the Cyber Security Sector
Entry-level roles | Mid-level roles | Advanced roles |
Cyber security specialist | Cyber security analyst | Cyber security manager |
Cyber crime analyst | Cyber security consultant | Cyber security engineer |
|
• Incident and intrusion analyst • IT auditor | Penetration and vulnerability tester | Cyber security engineer |
Note that as the cyber security industry is growing and constantly evolving, you may see different categories or titles depending on the company or resource you use.
The good news is that there are very many career options. The three principal routes for career patterns tend to fall into:
1. Developing technical expertise
2. Security management and governance
3. Leadership
Another key consideration is whether to apply for roles in-house as part of an internal security team or to work in the outsourced managed security sector. There are many start-ups and entrepreneurial firms that are expanding the specialisms in the managed security sector.
Useful resources
A useful resource is the UK Cyber Security Council.16 The Council provides information on careers and development opportunities. In the US, there is the Cybersecurity and Infrastructure Security Agency (CISA).17
If you are new to the cyber security sector, the UK Cyber Security Council website sets out routes into the industry such as cyber security apprenticeships18, free online resources and development opportunities, including qualification and training options.
The membership body ISACA® also provides cyber security qualifications and accreditation to suit all levels, from beginner to practitioner to manager to decision maker.19
The body is also a useful source of information and insights. For example, in his December 2021 ISACA blog,20 Dr Jack Freund, VP and Head of Cyber Risk Methodology at security vendor BitSight, predicted the three skills for success in cyber security in 2022:
1. Cyber risk quantification – “the process of evaluating the cyber risks that have been identified and then validating, measuring and analysing the available cyber data using mathematical modelling techniques”. In other words, maths capability and analysis skills are very important.
2. Executive presence – cyber security professionals need the soft skills to present to and influence senior executives competently and confidently.
3. The ability to ‘learn how to learn’ – with large-scale innovation and change predicted in the cyber security sector, the ability to learn and relearn is critical.
Career examples in the cyber security sector
After achieving a BA in Computer Science at Loughborough University, Beth began her career in IT support, where she undertook her Microsoft Professional Certification.
During this time, Beth had a mentor who advised her to look at the expanding cyber security industry as her next career move. In her own time, Beth completed a further qualification (Information Systems Certification) online. This helped her secure a cyber security specialist role at a managed security organisation.
Now 28 and having worked since she left university, Beth is planning to take a year’s sabbatical to go travelling and work as a volunteer for a charity overseas. She wants to come back to the industry and is debating whether her next steps should be to deepen her technical expertise or to move into a people management role.
She believes her time as a volunteer where she will be leading a small group of people will help her in her decision.
Beth is not certain of coming back to the same role in the industry on her return. She is considering looking for project work or an interim role after her sabbatical if a full-time position does not immediately become available as work–life balance is important to her.
Mark is a chief information security officer for a major insurance company.
Having undertaken a degree in technology, Mark joined a well-known IT consultancy where his roles focused on project management of major software integration programs.
Taking a new job in the US, Mark broadened his knowledge of the cyber security field by becoming a Certified Cloud Security Professional (CCSP).
With an ongoing interest in business and people development, he worked in cyber security for a major retailer before undertaking a master’s degree in cyber security and information assurance.
Moving back to UK, he worked for a time as a consultant in the cyber security sector, expanding his network as well as undertaking a professional qualification in coaching.
He landed the job of chief information security officer a year ago and sees his key skills in the C-suite as leadership, communication and influencing, and financial fluency.
Key learning points
You may already work in cyber security or be thinking about moving into the field – or you may know very little about it. Whatever your level of cyber security expertise, I have used the cyber security industry as an example of career development opportunities as I feel it epitomises that successful career development is about having the following mindset:
Being self-driven
Successful cyber security professionals take the initiative and are self-driven.
Change ready
As the world of cyber security moves quickly and constantly, innovation and collaboration skills are increasingly important to help people be change ready.
Development oriented
The speed of technological change means that people in this sector need to learn and adapt quickly.
14 www.ukcybersecuritycouncil.org.uk.
15 www.cbinsights.com/reports/CB-Insights_Cyber-Defenders-2021.pdf.
16 www.ukcybersecuritycouncil.org.uk/.
18 www.instituteforapprenticeships.org/apprenticeship-standards/?keywords=cyber.
19 www.isaca.org/training-and-events.
20 www.ukcybersecuritycouncil.org.uk/news-insights/news/isacareveals-the-skills-we-ll-need-for-2022/.