Most likely, someone will have fallen for a phishing scheme by opening an unsolicited e-mail and clicking on a link that launches malware by the time you finish reading this sentence. In that same moment, botnets might have launched a distributed denial of service (DDoS) attack on a major financial institution. A CEO might be suddenly locked out of their smartphone, with hackers demanding ransom.

Canada needs as many people who know how to tackle these kinds of cyber security challenges as possible. People like Mo Hamdi.

Though he hopes to work on the front lines of cyber security one day, Hamdi is currently continuing his studies while also working as a recruiter of cyber security talent at Toronto-based Tundra Technical Solutions. That means he is not only acquiring the skills necessary to land a cyber security job, but has a close-up view of how the labour market for such skills is evolving.

“I would say since the pandemic began, it’s been on fire. The demand for talent is incredible,” he told CourseCompare. “There’s a lot of cyber security positions, a lot of roles, but not enough people to fill them. And that’s been the case for quite some time.”

Common Cyber Security Roles and Responsibilities

Some of the most common roles where recent graduates of programs and bootcamps find cyber security careers in Canada include cyber security analysts. Hamdi said their duties range from evaluating potential attacks to configuring security tools and running reports. Many are part of a team within larger organizations that operate a Security Operations Centre (SOC), where cyber threats are constantly monitored and deflected.

SOC analysts can be a straightforward transition for those who may have started off in a more traditional IT department job, such as a help desk agent, and who build on their experience by learning cyber security skills, Hamdi added.

Hiren Joshi, branch director of recruiting firm Robert Half, said many firms are also seeking network engineers to bolster their data protection, given how integral networks are to the performance of their business applications. The same is true for roles such as system administrators, he added.

Career Progression for Cyber Security Specialists

With enough progressive experience and additional management training, the top job in cyber security is often the Chief Information Security Officer (CISO). However, Hamdi doesn’t necessarily see his own future headed in that direction.

Instead, he suggested there are plenty of ways to leverage cyber security skills. Cyber security auditors, for instance, can be a core contributor to risk management teams who assist with governance, risk and compliance (GRC) efforts within regulated industries.

Another possible step up would be to become a cyber security architect, someone Joshi described as designing a “zero-trust” strategy that oversees areas such as identity and access management, incident response and more.

Cyber Security Skills and Qualities Employers Want to See

One of the reasons Canadian companies are hiring so many cyber security professionals is the constantly changing nature of data protection and the nature of threats that they face.

According to Jake Munro, IT specialist and mentor at Lighthouse Labs, said a successful career is about continuing to build upon a solid foundation in terms of skills training. The coding bootcamp has designed programs such as the Cyber Security Bootcamp with just such a foundation in mind.

“There are always new threats, new attack vectors, new software flaws, but the core concepts are staying the same,” he said. “Being in the field, quite frankly, is the easiest way to stay up to date.”

Where candidates could get an edge is in obtaining additional training and certification. This includes cyber security courses and cyber security certification, but also certification in related technologies that cyber security efforts are intended to protect. He pointed to certifications in cloud computing platforms such as Microsoft Azure, for example, while Hamdi called out similar certifications in AWS.

Joshi said employers aren’t simply looking at educational credentials, however. They also want to see someone able to communicate and engage well with team members in other departments, particularly as more organizations support remote or hybrid work policies. This is also an area where demonstrating a go-getter mentality is a considerable asset.

“Especially in the cyber security space, you have to be proactive and anticipate what’s coming,” he said. “When you’re in reactive mode in terms of cyber security, that can be a real nightmare for an organization.”

As tempting as it might be to present yourself as a top expert, Munro added that employers may place greater value in showing a willingness to continuously learn.

“One of the things I’ve noticed in a lot of interviews is that if you say to a question, ‘I don’t’ know,’ that’s honestly a good answer,” he said. “Explaining that you’ll take the time to research that, and how you’ll research it, is probably one of the best answers you can give.”

Top Canadian Companies Hiring Cyber Security Talent

Here’s a list of industries and specific organizations CourseCompare’s Learning Advisors, the recruiters we talked to, and Lighthouse Labs, identified as looking for cyber security professionals at the time this post was published:

Financial Services Institutions

The ongoing shift towards digital payments and the need to preserve customer trust make banks among the top employers for those with cyber security skills, Hamdi said.

Bank of Montreal (BMO)

BMO cyber security career opportunities span everything from cloud security advisors and enterprise system architects to physical SOC analysts.

Browse the jobs on BMO’s career page

Scotiabank

With locations in Canada, the U.S., Latin America and beyond, Scotiabank has opportunities for senior audit managers, a senior lead crypto security engineer, penetration testing and IT asset management.

Browse the jobs on Scotiabank’s career page

TD Bank

New graduates might turn to TD for roles such as cyber security associate, which work directly with other lines of business within the organization solving complex problems. TD is also hiring for information security specialists to help implement controls and more.

Browse the jobs on TD’s career page

Moneris Solutions

It may not have the household name recognition as the big banks, but Moneris serves as one of Canada’s largest payments processing providers. It explicitly calls out information security analysts as one of its key areas of interest, and has jobs that span network engineering to cloud engineers.

Browse the jobs on Moneris’ career page

Consulting Firms

Although it can be highly fulfilling to focus on protecting the data of a single organization, consulting firms offer cyber security professionals an opportunity to serve a variety of businesses, Joshi pointed out. Employers on the lookout here include:

Deloitte

Application security, crisis and resilience, detect and respond – these are just a few of the areas where Deloitte is on the hunt for talent. Some of these are security engineering jobs, while others are technical lead for identity and access management

Browse the jobs on Deloitte’s career page

EY

As a specialty consulting group within its Technology Consulting division, EY’s cyber security practice provides comprehensive risk services through a suite of strategic, outsourcing, and industry-focused operational solutions. Lots of opportunities here at the analyst and consultant levels.

Browse the jobs on EY’s career page

KPMG

Strategy and governance, cyber defence and security transformation are the three main categories by which KPMG divides its cyber security career opportunities. The company says its work includes assessments to the design of sophisticated data protection solutions.

Browse the jobs on KPMG’s careers page

Retail

Both Hamdi and Joshi argued that retail organizations need to be more vigilant about safeguarding digital systems than ever before, given many of their sales now happen through e-commerce and they manage large volumes of customer data to personalize experiences.

Canadian Tire

Besides hiring cyber security analysts and specialists, the hardware, sports and leisure retailer also runs a program called New Grad Next Generation Talent, which Hamedi suggested could be an avenue to find interesting opportunities.

Browse the jobs on Canadian Tire’s careers page

Loblaw Companies

The grocery giant is looking for senior cyber security specialists across areas that include vulnerability and compliance management as well as risk assessment. More opportunities are being promoted across LinkedIn.

Browse the jobs on Canadian Tire’s career page.

Telecom Firms

They provide services to homes, businesses and even government entities, which mean telcos can’t afford to risk being caught off-guard by bad actors.

Bell Canada

The company’s Vulnerability Assessment team is a strategic security planning, governance and operational team responsible for the operations of the vulnerability detection and assessment. It is looking for cyber security specialists as well as senior solution architects, pen testers and more.

Browse the jobs on Bell’s career page.

Telus

Grouped under Security and Automation, opportunities at Telus include security consultants but also mid-level and manager-level positions, as well as those focused on specific vertical sectors such as health.

Browse the jobs on Telus’s career page.

Rogers

Cyber security professionals could find jobs within Rogers’ Digital and Technology Team, as well as The Rogers Information & Cyber Security Unit (ICSU), which is hiring for roles such as cyber security advisors.

Browse the jobs on Rogers’ career page.