It’s no secret that cybersecurity jobs are in high demand. The median salary for cybersecurity analysts is about 100,000 USD a year, according to the U.S. Bureau of Labor Statistics. What’s more, jobs in this sector are projected to grow by 32% from 2018 to 2028, compared with the median job growth of 5% for all other occupations.
There was a global gap of over 3 million cybersecurity positions in 2019, meaning far more jobs than people qualified to fulfill them, and this chasm is expected to widen in the future. Part of the problem is that formal cybersecurity training didn’t exist until very recently, and some of the more experienced cybersecurity professionals have basically learned on the job.
[Want more tips and advice? Sign up for the ExpressVPN newsletter.]
The SANS Institute, a cybersecurity research and training firm in the U.S., attempted to find out the most sought after skills among cybersecurity job candidates by surveying 500 professionals in 284 firms across the country. The survey asked respondents to rate various skills on how important they were among cybersecurity workers.
The survey showed that the top skill was networking, with 85% of respondents saying it was “critical” or “very important.” That was followed by mastery of Linux at 77%, Windows at 73%, common exploitation techniques at 73%, computer architectures and virtualization at 67%, and data and cryptography at 58%. Programming was determined to be a critical or very important skill by only 39% of survey respondents.
How can I break into cybersecurity?
If you’re a complete novice, with no prior training or experience in computer science or engineering, then certifications are a valuable way of getting your feet wet and understanding whether the field is suitable for you.
The Computing Technology Industry Association (CompTIA), an industry body that aims to train IT professionals, is another good place to start. Its foundational certificate will help you build up your knowledge in systems administration, after which you can take the IT fundamentals test as well as the Security+ training to understand the principles of network security and risk mitigation.
Microsoft offers some certification courses too. For example, the Microsoft Technology Associate in IT Infrastructure will help you gain the requisite knowledge needed to work on desktop, server, and cloud computing environments.
I have an understanding of computer science. What should I do?
For those who already have a background in computer science, such as an undergraduate degree, they might want to consider taking courses in fields such as computational science, cryptography, artificial intelligence, systems integration technology, machine learning, hardware security, and risk management.
A postgraduate degree, such as a masters in cybersecurity, might also be something to consider. However, that does entail significant investment in both time and money.
If you would rather go down the certificate route, then networking giant Cisco has a couple of options for you. The company offers the Cisco Certified Networking Associate (CCNA) for specific specializations in routing and switching, security, and other areas. The Cisco brand helps you stand out.
Another certificate available for skilled professionals is the Certified Information Systems Security Professional (CISSP). Normally, cybersecurity professionals interested in acquiring this certification must have a minimum of five years’ work experience, but the requirement can be waived if you have a four-year undergraduate degree in computer science.
While studying for the CISSP, expect to learn things like asset security, security engineering, access management, security assessment and testing, security operations, and more.
One of the ways to prove your effectiveness in uncovering vulnerabilities and testing existing defenses is to participate in bug bounties. Bug bounties help you earn cred as an ethical hacker and assist in shoring up the security of end users, too.
White-hat hackers can benefit from earning the Certified Ethical Hacker (CEH) designation. It’s the most recognized certification in this area, offered by the EC-Council and the Infosec Institute.