Since the invention of the personal computer and the internet, demand for skilled technical professionals has been growing. Today, one of the hottest fields in tech is cybersecurity. And it’s one in which demand is only likely to grow for the foreseeable future.
Just how in-demand are skilled cybersecurity professionals?
“It’s a war for talent,” said David Cass, vice president of cyber and IT risk at the Federal Reserve Bank (New York Supervision Group), in a cybersecurity chat with Bruce Huang, director of information technology graduate programs at Harvard Extension School.
The high demand for cybersecurity skills translates into both choice and opportunity when it comes to selecting a career path.
“The exciting thing about cybersecurity is that all of these unfilled positions represent huge opportunities for people who want to enter the field,” Cass said. “There’s no one path into cybersecurity. There are multiple pathways, multiple career options. There are so many ways to get into information security that people can find good roles without having to master all domains to get a job.”
There are many reasons why you should pursue a career in cybersecurity. However, the breadth of available jobs and pathways to building the necessary skills can make it hard to know where to begin.
In this comprehensive guide, we offer an overview of the different ways you can build the right skillset to pursue a successful career in this burgeoning field.
What Cybersecurity Skills Do I Need?
The cybersecurity field is not limited to IT specialists. Some cybersecurity jobs involve knowledge of law, finance, auditing, business strategy, analysis, and risk management.
However, most cybersecurity careers require some degree of technical knowledge.
For an overview of the technical skills you’re likely to need for a job in cybersecurity, see our blog post Eight Cybersecurity Skills in Highest Demand.
Soft Skills for Technical Jobs
Soft skills are just as important as technical skills for a successful career in cybersecurity. Some of the most important nontechnical skills for cybersecurity jobs include:
Communication. Any job in cybersecurity will involve working as part of a team and working closely with other technical and nontechnical teams. You’ll need to translate jargon or complicated topics for lay people, and to talk clearly and specifically about your projects.
Curiosity. It’s not enough to be able to detect and stop a cyberattack. You’ll also need to be curious enough to discover how it occurred in the first place or where the next attack might occur. Plus, inquisitiveness signals a desire to learn and do better—a key to success in any field.
Tenacity. Too often, the first solution that comes to mind isn’t the one that works. Particularly in cybersecurity, where you’re dealing with rapidly developing, hostile threats, you’ll need to be creative, quick, and willing to keep trying until you find the best solution.
As you contemplate a job in cybersecurity, it’s worth thinking about soft skills like these as well as your technical skills. Some soft skills may come naturally and offer a clear niche as you pursue your cybersecurity career. Others, like technical skills, can be developed and practiced through education and on-the-job training.
Where to Learn Cybersecurity Skills
Tech is one of those fields where being self-taught can work in your favor. It shows initiative, curiosity, and an ability to manage yourself.
However, there are substantial benefits to a more formal education, including networking opportunities, institutional credibility, higher starting salaries, more job opportunities, and long-term potential for advancement into more specialized and more senior roles.
And while you may not need a degree in cybersecurity, many cybersecurity positions—at least in the United States—do require an undergraduate degree in information technology, computer science, or software engineering.
Self-Guided Courses and Bootcamps in Cybersecurity
If you are just starting your career and want to build technical skills, there are many options for short-term skill building.
For example, the US National Initiative for Cybersecurity Education offers access to a wide range of free or low-cost cybersecurity courses. These resources are ideal for those who may just want a glimpse into what this field entails, as well as those looking to reskill or upskill on a budget.
The drawback of free or self-guided courses is that they may lack the opportunity to interact with peers and instructors who can help out in a pinch or provide other perspectives that could be beneficial to your learning. Still, it’s hard to beat “free,” so it’s worth checking out if they’re right for you.
Cybersecurity bootcamps, while sometimes as expensive as a college course, promise to deliver targeted technical skills in a matter of weeks.
Some tech bootcamps are designed to help you earn entry-level certifications for specific cybersecurity jobs. Becoming a Certified Ethical Hacker, for example, can be a great way to enter the cybersecurity field as a vulnerability analyst or penetration tester.
Bootcamps and entry-level certifications can be effective for those who want an intensive crash course in cybersecurity. However, many technical bootcamps are full-time endeavors. It may be difficult to successfully complete a bootcamp while maintaining a regular job. So look into the time commitment before you sign up.
Cybersecurity Degrees and Graduate Certificates
If you already have an undergraduate degree in a technical field, pursuing a graduate degree or certificate is another way to gain cybersecurity-specific knowledge and demonstrate your expertise to employers.
Advanced credentials can ensure that you maintain a strong technical foundation. And through careful course selection, you can develop the specialized skills needed to address current issues like computer forensics and investigations, threat analysis and vulnerability assessment, or intrusion detection.
Master’s degree programs also help you develop the nontechnical expertise you need to advance in a cybersecurity field. Coursework on risk analysis, for example, can augment your technical skills. And graduate classes improve your skills in strategic thinking and problem-solving, communication, leadership, and business acumen.
The good news is that many companies are willing to help their employees move into the field of cybersecurity. It’s worth exploring whether your organization has a tuition assistance program that can help pay for your continuing education.
Technical Certifications for Cybersecurity
For some cybersecurity jobs, specific technical certifications may also be important. Some of the most in-demand certifications include:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- CompTIA Security+
- SANS/GIAC Certification
- GIAC Certified Forensic Analyst
These certifications require advanced technical knowledge and multiple years of experience to complete. They are appropriate for individuals seeking a management or strategic role, or even a future as a chief information security officer.
If you already have technical skills, you may be able to translate them into a cybersecurity job through on-the-job upskilling.
“The first step is to demonstrate to employers that you have the aptitude and the willingness to learn security,” said Heather Hinton, chief information security officer at RingCentral, in a conversation with Bruce Huang. “[A career in cybersecurity] takes a special mindset. And if your employer is clever, they will jump at the opportunity and say, ‘Please, come and help us with this.’”
A simple first step is attending cybersecurity conferences. Conferences can help you gauge your interest in cybersecurity generally or in a specific subfield. You can gain knowledge and insight in the field and build a network of cybersecurity experts. And you can demonstrate your interest and commitment to your employer.
In addition, working directly with your organization’s security department can offer a hands-on method of skill-building.
“See if there’s a way that you can go and work for them, say, 20 percent of the time,” Hinton said. “Arrange with your manager to assist with a project. If your company has its own in-house security operations center or an incident response team, see if you can apprentice with them or even spend some time shadowing.”
Hinton also recommended coaching or mentoring high school or college students in cybersecurity competitions. The Air Force Association’s National Youth Cyber Education Program is just one of many such programs running across the country. Helping tomorrow’s cybersecurity experts get started may enable you to build your own skills as well.