Introduction
‘There are only two types of companies: those that have been hacked, and those that will be.’
Robert Mueller I FBI Director I USA - March 2012
The ongoing demand for specialists in the Cyber community means there will always be options open to develop any computing career. Not only is cyber security becoming one of the fastest-growing economic crimes, but also the fastest-changing industry with 53% of companies having difficulties filling Cyber jobs, (Ashton, 2016). Crime rates continue to rise around the world and companies are struggling to keep up with adapting to developing software and skills needed to solve problems. This means something must change about careers in cyber security.
The Job Market
The current national priority to recruit young specialists in the cyber security field is higher than ever, with the UK currently suffering a shortage of current specialists and a further absence of fully/ appropriately qualified teachers. Cyber Security Intelligence has said there may be a shortage of 1.8 million workers by 2022 and another 3 to 4 million needed in the next decade, (The Global Cyber Skills & Training Shortage, 2019).
The industry, however, is not only looking for young recruits; they are looking for more females to level up the gender gap. With the current statistic falling at just 10 percent of people in the cyber security workplace being women, it seems essential that they should recruit more females (DiversityQ, 2018).
Therefore, with Jenny specializing in the technology area, she may be more legible for future jobs. According to ComputerWeekly, the key to closing the cyber security skills gap is women. However, prioritizing the computing degrees when filtering job applications, creates a barrier for women as 76% of female professionals in the UK have never studied for a computing degree, (Ashford, 2017).
Every company has at least one area of security, whether it's picking a lock to help crack a forensics case or tracking a breach and looking for stolen information. This is what makes cybersecurity skills so critical. With millions of different companies out there, there are not enough trained specialists around and with this in mind, Jenny will be most wanted for jobs if she takes part in a Computer and Information Security degree.
Career development
Penetration testing (pen testing) is also known as ethical hacking and is a cyberattack stimulation to help exploit and test IT security. Although it may be time-consuming and cost a lot of money to hire people, it can avoid even more costly breaches and potentially losing vital information. This is a career path Jenny could benefit from for multiple reasons.
One of these is the money; the starting salary for a pen tester is around £30k. The security salaries are very competitive, this could be because people in this field are highly respected and can detect and stop potentially company-destroying events. Therefore, the need for appropriately qualified
graduates is necessary. When it comes to developing Jenny’s career and earning more money, an advanced and more senior salary can be as high as £300k, however, the sky is the limit. There are senior pen tester jobs that can have salaries of around £90k and even higher depending on the location (Pen Tester salary in the UK, 2019). For example, if Jenny decided to live in London, the salary would be greater than if she worked in Plymouth. This may be due to the demand for jobs and the overall cost of living in the two cities.
However, there is a contradiction within sources that suggest that a salary may not be so fixed. For example, if Jenny goes into a large business like JP Morgan, she will be looking to earn between £97k-£106k (JP Morgan Salaries in London, 2017), whereas if she went private, she would earn much more money, (Penetration Tester (contract), 2019). See below for other average salaries in the cybersecurity sector. As a cybersecurity specialist working at CISCO Systems, Jenny could earn around £107k, (Cisco Systems Salaries, 2018).
There is also variation in different places around the UK. As we can see in the graph below (showing cybersecurity job salaries in different places in the UK) there is a large variety of salaries. For example, working in London could allow Jenny to earn up to £20k more than she could if she worked in Plymouth, (Penetration Tester, 2019). Furthermore, at the beginning of her career as an apprentice or a junior, Jenny could earn £30k, (Junior Penetration Tester Salaries, 2017).
Specializing in cyber security, following a degree, means Jenny will have extensive knowledge of not only security-based topics but also coding and networking. This is important as it means she will be able to vary her occupation throughout her working life. For example, with networking and coding knowledge, she would be able to go into being a network consultant (which also has competitive salary rates). This is the same as being able to take the route of management with the knowledge of professionalism and managing forensics.
Whilst Jenny is at University, her professors should urge her to complete a year in the industry for the key experience of being in a workplace. This may essentially put her above other candidates when applying for jobs, simply because she has already had previous experience. This experience is important because it will have given her first-hand involvement with real-life issues and helped her to develop communication skills and teamwork. These are all qualities that are vital in the work environment.
When addressing entry-level jobs within the cyber community, the options may seem limited. However, these early job years will contribute to the blueprint for later jobs, supporting Jenny as she learns. Previous knowledge of computer science is desirable when Jenny looks for a career in cybersecurity and considering 50% of women have cybersecurity post-graduate degrees compared to only 37% of me; Jenny will be an obvious candidate for excellent job opportunities (Seals, 2017). These entry-level jobs will provide Jenny with essential experience in a work environment handling everyday problems and simultaneously allowing her to earn a very competitive salary.
A junior network technician is an example of an entry-level job where Jenny would be expected to perform basic networking maintenance tasks like rebooting services, adding users to the network, and verifying connectivity. Jenny would be paid £15-£20 an hour for this job which equivalates to £29k-£39k a year (Patterson, n.d.). This salary could be higher if there are certain qualifications required.
Within information security and digital forensics, there is a wide range of managerial jobs and areas to explore and develop Jenny's career to the fullest. These come with many responsibilities and tasks to manage and take part in. For example, an information security analyst seeks to prevent attacks and protect sensitive information but also to train other employees. Another example is a software engineer who assesses risks, develops secure software, and identifies vulnerabilities. Finally, the managerial job that could incorporate Jenny’s previous knowledge would be a criminal investigator. Using Jenny's prior experience in digital forensics from her degree and post-degree expertise, it would be a good opportunity to develop her penetration testing skills. This career would involve investigating cyber-attacks, exposing fraud, and tracking malicious activity. This could be to the extent of tracking terrorist activity and protecting the country’s borders.
Essential skills set
All institutes expect a certain level of professionalism which must be met as it is not all about the qualifications Jenny may have. For example, the IISP Skills Framework displays 10 disciplines with 32 varying skills within them all. Jenny should familiarise herself with these as they are used to assess an individual's role within the business, and their degrees and plan their training. These disciplines are named from section A and include some of the following skills: operational security management, implementing secure systems, and compliance. These can allow Jenny to compare herself to what a company may be looking for and help her direct future training.
However, although computer skills are essential, it is also critical that Jenny has other skills such as communication and teamwork. These are important as is it unlikely that Jenny will be working on her own. There she will need to be able to communicate effectively with her team and managers to keep them updated on security within the business. Furthermore, writing code will not be a one-man job so Jenny must be able to accept other input within a discussion and coding to make the business run smoothly.
As for computer skills, Jenny must be familiar with one program language like Python (at a basic level), where she should know what a variable looks like and different types of loops (for and while loops). She should also be comfortable using tools like Nessus (a security scanner) and Burp Suite (to test software). Intelligence gathering is important as throughout Jenny's life as a penetration tester, she will be gaining information on potential targets. Technical reconnaissance like port scanning and fingerprinting of systems is a part of the job but there are many other key pen tester skills she must know, (Nufryk, 2017).
Post-University learning
If, when Jenny has graduated from the University, she wants to extend her learning, she can further her understanding by completing other courses like a master’s which will cover more in-depth information within the cybersecurity field. This will give her advanced knowledge of aspects and concepts allowing her to perfect her practical skills.
There is also an option to do online courses if Jenny is unable to attend a college or university, this may be due to location or a child which she may have. An example is the Cyber Security course run by ‘The Defence Works’ which is GCHQ certified and is completely free. This provides monthly modules and live 1-to-1 demos about phishing simulation and security awareness training. (Cyber Security Training, 2019)
Many senior positions are being left unfilled whilst the industry grows rapidly so extra qualifications will aid her in getting the most out of her career. Jenny must keep her skills set up to date as the industry is always changing. Cybersecurity is an industry where new threats are always presenting themselves and therefore Jenny must have the capabilities to adapt. (How to further your career in cybersecurity, 2019). There are further certifications that will allow Jenny to specialize in different areas so these could help Jenny direct her studies if she finds a key interest in an area of security, or if she wants extensive knowledge in a certain field.
Conclusion
In conclusion, Jenny will always have a variety of options open for her throughout her career as a penetration tester. A job report by Burning Glass Technologies found job openings in cyber security have grown three times faster than those for IT jobs overall, and cyber security professionals are earning 9 percent more than their IT counterparts, (How to Work in Cyber Security, n.d.).
To make the most of Jenny’s career, she should finish her degree (with the highest grade possible) use her initiative, and take part in online courses or further education to help develop and widen her knowledge in some areas. Preferably, she would become a specialist in one area which will make her stand out from the rest of the candidates who haven’t got a specialism. Following this, she should utilize her experience from her third year in the industry to settle into a well-paid, successful career as a Penetration Tester.
References
- Ashford, W. (2017, March 15). Recruiting women key to closing cyber security skills gap, say experts. Retrieved from computerweekly.com: https://www.computerweekly.com/news/450414802/Recruiting-women-key-to-closing-cyber-security-skills-gap-say-experts
- Ashton, W. (2016, Feb 25th). Cybercrime is the fastest growing economic crime, says PwC report. Retrieved from ComputerWeekly.com: https://www.computerweekly.com/news/4500274608/Cyber-crime-is-fastest-growing-economic-crime-says-PwC-report
- Cisco Systems Salaries. (2018, February 13). Retrieved from Glassdoor: https://www.glassdoor.co.uk/Salary/Cisco-Systems-Information-Technology-Salaries-EI_IE1425.0,13_DEPT1011.htm
- DiversityQ. (2018, July 24). Graduates – addressing the gender gap in cybersecurity. Retrieved from DiversityQ: https://diversityq.com/addressing-the-gender-gap-in-cybersecurity-1003297/
- How to further your career in cyber security. (2019). Retrieved from absolutions: http://dev.gbsolutions.co.uk/how-to-further-your-career-in-cyber-security/
- How to Work in Cyber Security. (n.d.). Retrieved from Learn How To Become: https://www.learnhowtobecome.org/computer-careers/cyber-security/
- JP Morgan Salaries in London. (2017, March 18). Retrieved from GlassDoor.com: https://www.glassdoor.co.uk/Salary/J-P-Morgan-London-Salaries-EI_IE145.0,10_IL.11,17_IM1035.htm
- Junior Penetration Tester Salaries. (2017, Nov 20). Retrieved from Glassdoor: https://www.glassdoor.co.uk/Salaries/junior-penetration-tester-salary-SRCH_KO0,25.htm
- Nufryk, J. (2017, September Wednesday 20th). Required Skills for Cyber Security Professionals. Retrieved from IT Career Finder: https://www.itcareerfinder.com/brain-food/blog/entry/required-skills-for-cyber-security-professionals.html
- Patterson, J. (n.d.). The Best Entry-Level Cyber Security Jobs: Titles, Pay and Getting Hired. Retrieved from Start a Cyber Career: https://startacybercareer.com/best-entry-level-cyber-security-jobs/
- Pen Tester salary in the UK. (2019). Retrieved from Nauvoo: https://neuvoo.co.uk/salary/?job=Pen%20Tester
- Penetration Tester (contract). (2019, October 11). Retrieved from Indeed.com: https://www.indeed.co.uk/Contract-Penetration-jobs-in-England?vjk=3bd506b8395ecbd9
- Penetration Tester. (2019). Retrieved from Indeed: https://www.payscale.com/mypayscale.aspx?pid=a70d4710-9b8d-43bd-bf33-86033b9a9435&wizardid=7&s=1&ft=0&surveyId=3c0e2e58-a16e-499d-a49c-e50fb117720b
- Seals, T. (2017, March 15). Gender Inequality Runs Rampant in Cybersecurity. Retrieved from Info Security Group: https://www.infosecurity-magazine.com/news/gender-inequality-runs-rampant-in/
- The Global Cyber Skills & Training Shortage. (2019, August 19). Retrieved from Cyber Security Intelligence: https://www.cybersecurityintelligence.com/blog/the-global-cyber-skills-and-training-shortage-4456.html
- Works, T. D. (2019). Cyber Security Training. Retrieved from The Defence Works: https://thedefenceworks.com/demo/?msclkid=129034dfab651a0690196968bbdb2f01