With graduation season well underway, many of those leaving university will be thinking, what next? In this feature, we take a look at the gender gap in cybersecurity in the context of
- The benefits of a career in cybersecurity
- Labour shortages in the sector
- Routes into the sector and the variety of roles
- Closing the gender gap in cybersecurity
Labour shortage to be in the millions
The Exabeam 2018 Cybersecurity Professionals Salary and Job Report have some great news for recent graduates – cybersecurity could be the perfect career. It offers a unique mix of analytical, social and ‘detective’ type work, and can lead to a career that you really enjoy, with a competitive salary and long-term job security.
What’s more, there is no shortage of jobs. Analysts predict the market will reach more than $181 billion by 2021, and studies by Cisco, ISACA and Symantec – to name just a few – all predict the industry’s labour shortage to be in the millions.
Beyond all the traditional ingredients for a great career, cyber security also offers something many do not – purpose. For graduates looking to make a difference, a job as a security analyst – protecting the good guys from the constant threat of attack – could be perfect.
Routes into the cybersecurity without a technical degree
The good news for new graduates is you don’t need a background in security or IT to embark on a cybersecurity career. There is a range of initiatives aimed at getting those with limited or no technical background into the industry, many contributing to closing the gender gap in cybersecurity.
For example, the SANS Institute (a trusted security training organisation) has created a ‘CyberStart’ programme, which offers a suite of challenges, tools and games designed to introduce young people to cybersecurity and help them gain foundational skills. The organisation also hosts a wealth of information on the various cybersecurity roles, why they make a difference and how you can qualify for them.
Careers in cybersecurity can take many forms: it is inherently a multidisciplinary field. You will find that the most successful tend to have a particular approach rather than a specific set of technical skills. Most think laterally, out of the box and almost back to front. Although I’m an engineer, I find I enjoy taking things apart to find out how they work rather than necessarily building them—many professionals I come across in cybersecurity have these traits.
Having a good platform from which to launch your career in cybersecurity, and with the right approach to problem-solving, you can quickly learn what you need ‘on the job’ with the right employer. Not only do these positions offer financial rewards, they present such a variety of opportunities that you will find the roles you have rewarding in many different ways.
Whereas many careers today take you into a sector where you are likely to operate for many years (unless you choose a radical career change), cybersecurity can see you work in just about any sector you can think of. Any organisation (public or private) that’s using information technology or has ‘smart’ devices needs the skills of cybersecurity specialists. If you like solving puzzles, if you like situations that can involve any combination of people, processes and technology, if you want a career that is rewarding in its broadest sense, then cybersecurity really is for you.
If you choose to, you can bolster your information security skills by undertaking an MSc, typical of these are those offered at the University of Surrey. It is worth looking for those departments, like the Surrey Centre for Cyber Security, that is approved by GCHQ as Academic Centres of Excellence, and/or have an approved MSc programme.
Professor Alan Woodward from the University of Surrey
Closing the gender gap in cybersecurity
One less than stellar data point from the Exabeam survey is the small percentage of women who work in cybersecurity— just 10 per cent.
That’s a worrying statistic for the cybersecurity industry, even falling below the already low number of women who work in technology overall. While it is difficult to paint an accurate picture, many studies put this at around 26 per cent.
Supporting women in gaining skills in science, technology, engineering and maths (STEM) is an important step. More needs to be done to encourage females to enter careers in the Security Operations Centre (SOC) to close the gap.
Members of Women in CyberSecurity include those women who are already leading the charge in cybersecurity. They have some excellent advice for those considering the career move.
My advice for women is to not be afraid to take the leap. It’s important to remember that you do not need to qualify for every single bullet item in a job description. If you have the majority of the skills, apply. And if you don’t end up getting the position, at least you had practice interviews.
Tania Ghods, security intelligence and operations consultant at IBM Security Services
Become certified. One of the most accepted certifications is Security + by CompTIA. The exam is not too expensive. This exam will cover the necessities needed for understanding the concepts used within SOC environments.
Ruth Agosto, who works in security and compliance at KPMG
Organisational culture is important to recruiting and retaining women, but it’s also important for career satisfaction and advancement. Finding a company with an open and supportive culture can ease many of the barriers to success.
Lora Vaughn McIntosh, a VP who manages a SOC for Regions Bank
I find that the more you talk to people—no matter who they are or where they work—you will always find someone who knows someone that is on a SOC team and knows of openings. The key is to ask questions and not be afraid to ask for a referral. Networking will always pay off. You’re not asking for a handout—you still have to prove yourself and you still have to do the work. I attend online job fairs and then follow those I speak with on LinkedIn.New graduate Kristina Greenshields, who is currently in negotiations to become a cybersecurity administrator
