Security is one of the most in-demand roles today. According to recent numbers, the demand for security workers is expected to grow to 6 million worldwide by 2019. So how do you get into or grow your career in security?
What makes security so interesting is the many directions you can take — traditional or not. This post will walk you through how to build a security career path suited to your skills and interests.
Define Your Path
In today’s world, you may not necessarily need a degree or expensive equipment to become proficient in information security. If you’re naturally curious, eager to learn, and have a decent computer (which doesn’t have to be pricey), then you can learn a lot on your own and do quite well in this field.
However, because there are so many paths you can take, we caution you to do your research before jumping on the first job offer you get. There are many niche security careers, but you don’t want to to get too narrow too early on in your career and risk not having a broad enough understanding of the security landscape at large.
Plus, because security is a demanding field, you want to be sure you will enjoy the role you’re in. With that in mind, let’s walk through the various industries and roles for you to consider as you shape your career.
Narrow in on the Company Type
Security is in demand in just about every industry today, so here’s a brief breakdown on the top hiring industries and what it’s like to work in each.
Governments have plenty of demand for security pros at the local, state, and national level — with particular need in the defense sector. Government agencies can be interesting places to work, as you’ll likely be exposed to a variety of sophisticated attacks. However, government security can come with a lot of red tape. It also doesn’t move as fast as other sectors, since you are likely to be limited by budget and long procurement processes. Depending on your preferences, this may or may not be a good fit for you.
Startups offer a fast-paced and innovative work environment. If you’re eager to try the latest and greatest tools and strategies, and with a good salary to boot, you can learn fast and make a big impact. However, startup teams are often small, meaning employees regularly work long hours and with fewer resources to solve complex problems. If you enjoy being scrappy and wearing many hats, a startup can be a great environment. If that doesn’t sound like you, it may quickly burn you out.
If you’re looking for more work-life balance, a large company may be more to your liking. Additionally, enterprises often have their own security operations center (or SOC), which can offer structure and training that smaller companies often cannot provide. Especially early on in your career, working at an enterprise can be a great way to get a broad range of exposure without the risk of immediate burnout.
Every industry is different, and all have their pros and cons. Consider who you are as a person and what type of environment you thrive in, and it’ll become clear which is best suited to you. Or, you may want to try a few different areas out! Sometimes there’s no better way to find out what works than to dive in head-first.
Common Security Roles
If you’re looking to make a career out of security, or make the transition into security, there is a general career path most follow as they rise up in the ranks. Here they are in order of entry to senior level:
Security analysts are the foot soldiers of the organization, responsible for detecting, investigating, and responding to incidents. They’re often involved in preventative measures and managing tools. This is a great role to get your feet wet in.
If you prefer the more technical side of things, landing a role as a security engineer gives you exposure to building and managing security architecture and configurations — the bones of any security program.
Moving on up, security managers oversee SOCs or security teams. Responsible for hiring, building processes, and developing the technology stack, a person fit for this role should be able to provide both technical guidance and managerial oversight to their team.
Chief Information Security Officer (CISO)
The CISO has the biggest responsibility of all — defining the organization’s entire security posture. They’re responsible for representing the interests of the security team and balancing that with the needs of the greater business. It often takes decades to ascend to this role, and comes with quite a bit of responsibility and power.
You don’t have to start out in security to do well in a security role. In fact, very few organizations hire entry-level security folks today. So, even if you wanted to follow a more traditional track, it could be tricky. You may be better off starting elsewhere (or wherever you happen to be today). Here are several roles well-suited to transition into security:
Many IT roles are now being held accountable to having some security knowledge, making them a great entry point for a career in security. In other words, working in IT can give you exposure to security, so that you can see if you enjoy the work and get experience while doing so.
Folks are flocking from government intelligence agencies to private sector cybersecurity roles. Experienced in similar defense and offense skills, but with a fresh take on hunting down threats, intelligence professionals can be well-suited for security roles.
Support professionals get exposure to a lot of different challenges on a daily basis, from computer failures to helping an employee clean up after a phishing scam. Troubleshooting is a huge part of security, making support people great candidates for security roles.
Academia and Education
IT or security professors or researchers who have a broad and deep knowledge of the landscape are often great security candidates. Security academics and researchers, for example, can make for great security analysts. IT and security professors adept at teaching others make for great managers and leaders when they’re ready for a career transition.
Defining Your Career Path
While there is no fast and straight path up the ladder, the good news is you can truly craft your career in a way that best suits your interests, skills, and personal preferences.
For a full framework on defining and building your unique career path, learn from many of the experts we interviewed in a recent eBook, including Deidre Diamond of CyberSN, Doug DePerry, Director of Product Security at DataDog, and more.