Skip to content ↓ | Skip to navigation ↓

National Cyber Security Awareness Month (NCSAM) has entered into its fourth week, introducing us into the topic of cyber security for small and medium-sized businesses and entrepreneurs.

SMBs are extremely vulnerable to cybercrime. Small businesses have embraced online transactions, but with limited budgets, many lack the resources to afford effective security measures, let alone the millions of dollars they would need to respond to a data breach.

Today, however, the need for businesses to invest in cyber security is essential for all companies. Large enterprises might be able to afford strong cyber protection but their massive customer base still makes them very lucrative targets. As we’ve seen with the recent network intrusions at JPMorgan Chase, Home Depot and Target, big corporations are not impossible to crack.

Ultimately, all businesses are in the same boat, but as we all know, technology only goes so far. Skilled people make the difference in protecting sensitive data, so it’s more critical than ever that public and private sectors begin training and hiring cyber security professionals.

Are you considering a career in cyber security? Here is what various industry professionals had to share about how to find your place in the field, make the most out of your profession and help protect companies’ sensitive information:

A Wide Career Path

shutterstock_27596383Chris Conacher, Manager of Security and Compliance Solutions at Tripwire, knows the layout of the cyber security field quite well, including how far the industry has come.

“When I started out, there were no certifications or related education and only the government and its contractors had specific security roles,” said Conacher. “Nowadays, there is a whole career path from entry-level all the way up to executive-level, which is great.”

Professionals in the field have a variety of career options and specializations available to them. You can be in operations, systems engineering, development, architecture, or testing and there is an established third-party service model, so it’s easy to create your own company and get work,” said Conacher.

In addition to the diversity of professions, careers in cyber security also range across numerous industry sectors. “If you want to be left alone in a dark room developing tools or finding exploits, there are people who will pay for that,” said Jason Waterman, who leads the Cyber, Information and IT Security Practice at Badenoch & Clark. “And if you want to be out as an evangelist, meeting people and speaking at conferences, there are people who will pay for that, as well.”

Just remember that each path usually comes with its own certification requirements. General credentials, such as CompTIA Security+ or the Certified Information Systems Security Professional (CISSP), are likely to apply but vendor-specific certifications may also be required. Simon Hember, MD and Owner of Acumin Consulting, adds, “Like with many professions, gaining relevant qualifications, such as a CISSP or CISM, is as important as gaining ‘hands on’ experience to build a solid foundation.”

Cyber Security is Indispensable to Businesses

The danger of being breached is an ever-present concern, so as companies continue to integrate with the global economy and expand, more and more will recognize the necessity of implementing strong cyber security measures. This means that cyber security careers will multiply. In fact, Forbes reported last summer that the field is expected to grow tenfold in the next decade.

“Not only will professionals be at a premium and therefore, be rewarded accordingly but they will also be at the cutting edge of business and technology decisions across all industries,” adds Waterman. “No company, no matter the size or industry, is immune to a cyber breach and every business must be prepared.”

Curiosity and Communication as Critical Skills

shutterstock_218895625Cyber security professionals will succeed in the field if they have two traits: inquisitiveness and an ability to communicate with others.

Problem-solving is at the heart of cyber security, so experts in the field need to have a willingness to dig deep into vulnerabilities and develop creative solutions, says Conacher: “I got into security because I enjoyed puzzles, taking things apart and understanding how things work. If you can combine this inquisitiveness with a level of discipline around how you approach problems and implement solutions, you will do well.”

Another important trait is the ability to communicate with others, especially since many people in the industry don’t speak the highly technical language. Therefore, it’s imperative that cyber security professionals can explain the value of their security efforts and how it benefits the overall business.

“The ability to effectively convey your message to peers of all levels will be increasingly important as many employees still are not aware of simple steps to help avoid breaches,” explains Waterman. “Often candidates and clients I deal with stress the importance of this skill set, which will have a direct impact on how far you can take your career.”

Other skills, including an ability to analyze data and experience in project management, are also useful depending on the nature of the work involved.

A Bright Future Ahead

Reflecting the diverse cyber threats in existence today, the field of cyber security is full of opportunities. If that weren’t enough, there are a number of changes that may happen in the near future. As Waterman predicts, “Over the next five years, I can see more C-Level positions being created for cyber professionals and the role of the CISO developing into an ever-increasing board room role.”

“My hope is that a more visible CISO and security policy will increase the interest in this subject… [which] will create more opportunities at an industry level for companies to build strong and skilled cyber aware work forces.”

Meanwhile, Hember sees an imminent growth in the number of cyber security start-ups: “We’re also seeing a lot of significant funding rounds in the vendor community, so opportunities to get involved in exciting—and often disruptive—start-up companies in both technical and commercial roles can also offer an exciting career path.”

Given the versatility, indispensability to business and promises for the future, cyber security is whatever professionals decide to do with it. As Conacher notes, “security is the one career where the sky is the limit; professionals are limited only by their ambition and their imagination.”

That is fortunate to hear. To face all the cyber threats confronting us today, we need all the help we can get.

 

Related Articles:

Resources:

picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

Images courtesy of ShutterStock.com.

Endpoint Detection & Response For Dummies
  • Craig Erickson

    I completely underestimated the challenge of selling security to SMBs. My lesson learned: Engage with people who know you and trust you, and be patient as you increase your personal connections. Focus on reducing risk in areas that enable operations, marketing, and profitability — i.e. what your clients want most, and continuously measure their success. When your clients begin to modify their personal computing habits, you know you're on the right path.