Guest blog: A career in Cyber security
The computing industry for Information and Cyber Security has rapidly grown over the last decade, resulting in it being hit globally with a shortfall of skilled workers and an increase in demand from businesses.
Before discussing what it’s like to work in the industry, it might be a good idea to explain why this has occurred and why so fast?
Unfortunately for security to have become as large as it has, some bad things have had to occur. There’s been large significant breaches (hacks) in recent years against businesses, which have gathered media attention and cost those involved millions of dollars. These breaches have occurred because over the last three decades businesses have been increasing their usage and dependencies on technology to enable them to remain competitive and efficient, but not necessarily reviewing the security regarding what they’ve been doing. For example, a business needs a website to show a presence online, but once up and running, the only maintenance they might do, is updating their blog. Then 5 years in, with no updates, their website may be subject to a large collection of vulnerabilities and it gets defaced. This as you can imagine costs the company in regards to its reputation.
The above is a simple example, and the larger breaches have resulted in millions of people's personal identifiable information (PII) being leaked, which have much further consequences than defacing a website. Due to these breaches, both businesses and governments globally have tried to step in and and push for improvements. These improvements have driven the demand for cyber security and information security professionals upwards and created a significant skills shortage in the industry.
What does this mean to anyone wanting to pursue a career within this industry?
It means that in the UK when looking at IT work, you’ll be getting paid in the higher range of salaries on offer, and once skilled enough you may be regularly head hunted for the work you do.
The two job roles of Cyber security and Information security do vary hugely and this needs to be considered when looking into this industry. Cyber security means getting your hands dirty with the technology on a regular basis, which could involve performing penetration testing, hardening systems, configuring group policies, or handling incidents. The information security role, usually revolves around governance, awareness and policy pieces. Depending on your strengths, you may find that one role is better for you than the other.
Now we know there’s a high demand, the money can be good and the jobs can be interesting, but what are the hardest parts? It can’t all be good can it? The hard parts come in relation to the work, firstly, security doesn't sit still. There are always people trying to break into systems, and gain access to information, which results in a fast paced cycle of exploit, patch, exploit, patch and staying on top of this is hard work, because it requires a constant awareness of the industry and your network/systems.
Secondly, job roles on offer can often be a blend of cyber security and information security, because businesses want both but can’t always afford both. This means becoming certified in one aspect might not be enough and that you’re constantly needing to study.
Lastly, depending on the position you seek, you may be required to travel a lot. This for some is a great thing and for others is a difficult thing, it depends on personal circumstances.
There is a lot of fun to be had in this industry though, for example if I am to speak from my own personal experience. I have exploited programs so I can watch youtube, I have accessed systems I shouldn't have been capable of doing so and I have made servers so busy that they have failed. All of this has only been performed with permission from the owners, and when you get a break through whilst exploring technology in these ways, it feels great. Aside from doing the actual work, there’s also some really big security conferences which can be attended, and they’re never boring. The talks and presentations are enjoyable and interesting, and the community is filled with friendly people. A few of the local ones in the UK include:
- Bsides https://www.securitybsides.com
- InfoSec Europe https://infosecurityeurope.com/
Then if you go further a field, there’s
- Defcon (USA) https://defcon.org
- SecurityFest (Sweden) https://securityfest.com/
In summary, working in cyber security and information security is hard work, but it is also very rewarding. If you have an interest in technology, then there’s no reason why you shouldn't explore security. If you’re after a challenge now, and looking for some capture the flag style games, then the following two places are great for learning and developing skills in this industry and come with no risks.
FOR LATEST UPDATES SUBSCRIBE HERE: