Hoping to get a career in cyber security? We asked Jim Wheeler, the Director of Operations at PGI Cyber some questions about what a job in the sector entails. Here is part 2.
1. How do you become a cyber security professional – what are the routes in?
This is a great time for individuals to kick-start a cyber security career, due to the high demand for professionals and the rapid growth of the industry. There are a number of challenges out there - such as the Cyber Security Scheme, from which employers hire skilled personnel whom may not have a traditional computing education. The best way into the industry if you don't feel like doing a degree is to start reading books (such as Web Application Hacker's Handbook), following online blogs and tutorials on different aspects of hacking, and to practice at home using virtualised environments. Take part in competitions, network as much as possible and start pushing your CV to every employer you can find. If you've got the skills or the potential, it won't take long to spark some interest.
2. What sort of people make good cyber security professionals; and bad ones!
A good cyber security professional needs to master a wide range of skills, such as a professional and corporate attitude, report writing, low-level technical knowledge and a thirst for learning. The worst security consultants are those who think they can stop learning, as two months down the line a vast amount of their knowledge will be outdated and largely irrelevant.
3. What personal qualities do you need, and do you have to be really nerdy!
Being a security consultant requires a great number of personal qualities. One day we may attend a meeting with the executive management of a medium sized business in order to elicit his requirements and put together a proposal for work, and the next we're picking padlocks on the back entrance to a car dealership. Each of these tasks requires a very different mentality and attitude, therefore, a security professional must be able to change hats quickly and seamlessly. Whilst most people with excellent technical skills are nerdy, this can often be below the surface. The most successful individuals within the I.T industry seem to be exceptionally nerdy and technical, but also have great social and professional skills; it's all about getting the balance right.
4. Interests – do you have to have been an amateur hacker from adolescence?
The most important thing to develop at a young age is an in-depth knowledge of computer systems and networks, as this is the foundation for security expertise. Once a concrete understanding of computing has been developed, you can then begin to study and understand security; at the end of the day, it is simply a specialisation, just as a doctor may choose to specialise in brain surgery. Experience is not required when starting a career in information security. At a junior level, it does not matter where you have come from, it is your skills, willingness to learn and potential that an employer will be interested in.
5. Can you transfer from other ICT jobs; or from outside the industry altogether?
Of course - as with any industry it can be much more difficult to start a career later in life, however, there is no reason why it can't be done. To start with, you may have to take a considerable pay cut whilst training in the cyber security specialisation, but once fully trained the pay is exceptional.
6. Rewards/benefits – compared to other ICT careers, other security professions
Much of this is down to the individual. Those with a technical interest, keenness to learn and professional attitude will find the industry very engaging and exciting, whereas those who wish to do their job and go home will struggle with the fast-paced nature of the job. As a consultant, I daily get to practice skills which would be considered illegal if applied in any other context, and that alone gives me the motivation to get out of bed in the morning. It's a fantastic job with a lot of perks, but you have to be in the right mindset to enjoy them.
7. Prospects – career progression etc.
There are many career paths one could choose with a specialism in information security. You could contract in the private sector, contract for government departments like the MoD, pursue a management route reaching as high as CIO or choose to get as high as Principle Security Consultant and stay there forever. Each of these paths will pay you very well, therefore, it is down to your personal interests and ambitions.
8. Tips on getting a job in cyber security
Learn as much as you can about general computing, networking, programming and security by reading, watching videos and practising in virtualised environments. Join security challenges, attend conferences, and get involved with online forums and blog posts. Apply for as many jobs as you can find out there and you will find one in no time. Networking is one of the most important ways to enhance your cyber career!
For part 1 click here