Cybersecurity is a nebulous term. It encompasses devices, networks, applications and e-commerce transactions—it can even involve cars such as autonomous vehicles. So, if your aim is to make it a career, you might want to narrow your focus a little.
Cybersecurity also encompasses best practices and processes. Traditionally, it’s fallen under the jurisdiction of an organization’s IT department, but as hardware and software application deployments have evolved, responsibility has shifted and dispersed. Cloud platforms and the “as-a-service” paradigms such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) move the onus of security to the provider, although the lines can be murky. When a line of business opts to use a SaaS-based CRM, for example, it’s still governed by a company’s cybersecurity policies.
Cybersecurity policies are ultimately in place to protect data. Their stringency can be governed by an industry sector and the regulatory and compliance characteristics that come with them—whether it’s a financial, military, legal, educational, medical or government organization. Protecting that data means securing the networks, applications and devices that handle sensitive information, including sensitive information, personally identifiable information (PII), financial data, or intellectual property. Accidental exposure or unauthorized access to this data could unleash negative consequences including legal action, government-imposed fines and even the collapse of the business itself.
Because there’s so much data to secure and so many technologies enable it to move and be used effectively, there are many career paths you can take if you want to work in cybersecurity. It can go beyond just working with technology—savviness around risk management, regulatory frameworks and legislation, sometimes at a global scale, might be prerequisites for the job. Increasingly, cybersecurity is, to a certain degree, everybody’s responsibility.
4 Common Cybersecurity Hats
The dynamic nature of technology means responsibility for security within an organization is evolving, but there are five roles you should look at if you want to make cybersecurity your career. Note that cyber security job requirements vary.
IT Security Consultant
The role of IT security consultant is an excellent example of cybersecurity role that needs more than just technical know-how—risk management is a key part of the job. They make sure a data breach doesn’t happen to their company or client. They’re expected to be up on the on the latest technology, including encryption management, and threats to data across many platforms. Duties include identifying, assessing, developing, and implementing security solutions, whether it’s for their own organization or an external customer. In the latter case, there might be some sales support involved to educate potential new customers about what your company offers. Reporting back to their company or customers is also a big part of the job.
Education Requirements: You’ll need either a bachelor’s degree, preferably in computer science or engineering, as well as industry training in cybersecurity.
Information Security Engineer
Information security engineers, meanwhile, combine technical skills with analytical ones. Their role is to protect computer networks and systems by planning and carrying out security measures to monitor and protect sensitive data and systems, including implementation and testing. As part of a larger IT team and reporting directly to upper management, information security engineers are responsible for developing information security plans and policies. They also set and manage standards and best practices to prevention security incident, while putting plans in place to deal with a security breach should it happen. It’s also up to information security engineers to educate the workforce on information security.
Education Requirements: If you want to be an information security engineer, your training begins in high school with math, science and computer science classes. Good writing skills are also necessary for communicating with your company or customers. You’ll also need to obtain a bachelor’s degree in computer science.
Forensic Computer Analyst
The TV series CSI: Cyber didn’t last very long, but don’t let that dissuade you. As a computer forensic analyst, you’ll combine computer science with forensic skills to recover information from computers and storage devices. You might assist law enforcement officers with cyber crimes and to retrieve evidence, or even end up working for law enforcement yourself. While other cybersecurity jobs involve prevention, you’ll be spending a lot of time hunting for files and information that have been hidden, deleted or lost. The job is more about making sure data can be recovered and preventing future losses and breaches.
Education Requirements: A bachelor’s degree in computer science is required and possibly additional certification from an organization such as the International Society of Forensic Computer Examiners (ISFCE) and the International Association of Computer Investigative Specialists (IACIS).
Chief Information Security Officer (CISO)
The role of Chief Information Security Officer (CISO) is a relatively new one, and at the top level of cybersecurity—think Lieutenant Worf but without any torpedoes or phasers to fire. You’re basically spearheading the governance of all security policies, procedures, designs, networks, application deployments, and implementation at all facilities within your company.
But it’s not just about establishing and implementing security program policies and standards for a large organization that likely has multiple department and locations. In addition to collaborating with engineering and developers on security concerns for network and application projects, the CISO needs to be aligned with business requirements so that security enables the company to meet its objectives and financial targets, rather than being a barrier. You’ll also find yourself presenting information security topics for business-specific issues to senior leadership, department heads and the board of directors, while also overseeing any compliance activities.
If you’re having a really interesting day, you might find yourself teamed with law enforcement to help investigate network breaches that lead to arrests and convictions, but otherwise you’ll be overseeing security audits that lead to LAN/WAN architectural changes and coordinating the development, implementation and testing of business impact analysis, disaster recovery, and business continuity plans.
Education Requirements: To get to this point in your career, you’ll likely need at least a decade of experience in security roles with increasing levels of responsibility, backed by a relevant university degree in computer science with additional security-related certificates and ideally, some business education.
Job and Earnings Potential
More and more people are recognizing there’s career opportunities to be had in cybersecurity, but despite more applicants last year—searches for cybersecurity positions as a share of Canadian job search activity grew 16 per cent from 2015 to 2018—it’s still a job seeker’s market.
According to Indeed.com, cybersecurity postings averaged 4,300 per million Canadians in 2018. While this roughly matches their 2015 daily average, job seeker interest hasn’t caught up with the available opportunities, which are well-paying. In fact, annual salaries of cybersecurity jobs posted on Indeed averaged $82,000 in 2018, 14 per cent higher than the $72,000 for tech openings overall, reflecting the limited talented pool, combined with specialized knowledge necessary for cybersecurity roles.
It’s likely going to be a job seeker’s market for cybersecurity for the foreseeable future, given that security and digital privacy is becoming entrenched in everyday life. Compliance regulation such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR) means cybersecurity is more integral to daily business operations than ever before.
Cybersecurity roles are also becoming more nebulous, going beyond configuring anti-virus software and managing firewalls. In a world of fake news that’s looking to alter the course of democracy, it’s just as much about building digital trust through policy and education. The federal government’s recently announced digital charter demonstrates that cybersecurity today is more than just protecting people from malware and other threat actors looking to steal personal information and money.
Emerging trends such as SecDevOps, where applications are built with security in mind, are helping to cement “privacy by design” thinking. In a world where everyone lives online, cybersecurity as a job will most certainly continue to evolve, but it’s unlikely opportunities in the field will ever be lacking.
You don’t need to be an aspiring security analyst to learn more about how to protect your organization. Check out Canada’s top-rated cyber security courses to learn more.