The cyber security industry is booming. With the recent spate of data breaches affecting all sectors of industry, organizations are clambering to hire IT security professionals. According to the Bureau of Labor Statistics, in coming years cyber security job growth is expected to be 18%, much higher than the outlook for industries in general.
But finding qualified personnel is a challenge. A recent survey discovered that nearly 85% of IT professionals think it’s a struggle to find skilled IT security personnel. So how can an ambitious individual break into this field? And what can they expect from such a career?
To find out, IdentityWeek (IW) sat down with veteran IT security professional Chris Stoneff (CS). Mr. Stoneff is the VP of Technical Services at Lieberman Software, which specializes in privileged identity management security solutions.
1. IW: What are the pros and cons of being a cyber security professional?
CS: The pros include job satisfaction. The biggest factor in job satisfaction is a constantly changing landscape of problems needing solutions. If you like learning and evolving your skills, cyber security is a great place to be. The cons of the job include generally longer hours than other areas of tech, with a lot less room to make mistakes. Precision is key as we address areas affecting large swaths of the global financial and military community, directly or indirectly.
2. IW: What kind of person is best suited to a cyber security career and why?
CS: Cyber security covers a lot of ground and a lot of different disciplines from basic tech support skills to auditing to IT to engineering to networking communication. You also need general presentation skills and the ability to talk to people at all levels of the corporate ladder. Successful cyber security pros deal with many of these disciplines, not necessarily all of them. Again, there are a lot of places a person can go in the world of cyber security.
3. IW: What 3 tips would you give to someone starting out on this career path?
CS: (1) Understand the concept of acceptable loss. The bad guys are getting into networks. No amount of conventional IT security protection helps. They break in, or you let them in as employees and contractors. (2) Don’t put down the book just because you get certified or get a degree. The person who stops learning about their trade will wither and die. (3) Know yourself and your enemy. To quote Sun Tzu: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
4. IW: What does the average work day in cyber security involve?
CS: An average work day involves lots of customer interaction in discovery (what’s going on), determination (how did it happen), and prescriptive guidance (how we can protect you). It involves conversations about what can be done versus what should be done, and knowing the difference.
5. IW: Is there a common career goal among cyber security professionals?
CS: I haven’t found a common career goal among cyber security professionals, though I have noticed intrinsic guiding lights like “don’t be on the cover of the Wall Street Journal” for the wrong reasons.
6. IW: What would you say is the biggest challenge that cyber security professionals face today?
CS: The biggest challenge cyber security professionals face today is companies (customers) who don’t want to change their IT behaviors. The professional has to prescribe process changes and technology changes which often mean a fundamental modification in the way people have approached computing and big data for the past 3 decades. Looking at the data breach headlines, and from an insider’s point of view, cyber attacks are now more intelligent and automated and taking advantage of lazy IT behavior. Customers need to act similarly: automated and intelligent.
7. IW: What is the most rewarding part of cyber security?
The most rewarding part for me comes when I don’t see my customers appearing on the cover of the Wall Street Journal in a data breach scandal.