If your goal is to break into security but not sure if you would like it, read on to discover that there’s something for nearly everyone. There are many different types of cybersecurity jobs available, and the demand for filling these positions will continue to rise in the next 5 years and potentially, well beyond.
Whether your start in IT is to tackle the tech, wrangle the networks, order the development, or unobscure cybersecurity, there are many ways to grab that awesome cybersecurity job in the future.
When you think of IT positions, you think of the breath of knowledge. IT jobs can be focal or wide spreading, ranging from generalist, interdisciplinary, or specialist work. When I started in the early 2000s, it was important to be a generalist.
Fortunately, for now, service management is becoming more important and you’re not finding as many one-size-fits-all IT roles as much as you used to.
The type of knowledge and how specialized your knowledge needs to be will depend on the type of role you would like to fulfill.
Security professionals are better at stopping threats and performing their necessary duties than they are given credit for. Everyone will understand this to some extent if they’ve worked in IT, but it seems to be amplified in security, especially if a good portion of your work is behind the scenes.
People don’t talk a lot when things are working smoothly. But when things go awry or if a few spam emails or malware get through to an endpoint, boy do you get an earful.
Your work may not be perceived as important as it truly is and even people within your own department may not understand what you do and how to truly help you.
I remember reading an article from a CIO magazine in 2008 that IT leaders were wanting more IT nerds with communication and business skills. Raw tech talent wasn’t enough anymore and it’s time for the introverted technomancers to level up their people skills.
This isn’t a wishlist item anymore. You need to be able to communicate well to advance nowadays. Your skills are still important but once again, raw talent won’t lead to a fulfilling career.
Here’s what you need to be able to do to be among the best:
- Effective verbal and written communication skills to all roles, including the ability to convey technical details in a clear and understandable manner to audiences with a variety of technical skill levels.
- Effective skill presenting findings, conclusions, alternatives, and information clearly and concisely.
- Analyze information through comprehensive research. Simple Googlefu isn’t enough anymore.
- Be able to benchmark and find best practices.
- Be able to plan or progress in projects, working collaboratively with others as necessary.
- Learn how to speak with regard to risk. Understand enterprise management functions beyond its technical needs.
- Strong problem solving and critical thinking skills with the ability to diagnose and troubleshoot technical issues.
- Working knowledge of general security concepts.
- The ability to lead or influence others, including senior leaders and other teams.
- A strong desire for continuous process improvement and excellence.
- Strong planning, time-management, and organizational skills.
There are many different types of jobs out there. What’s interesting is that similarly to IT jobs, cyber roles have grown more specialized as well. For example, you’re seeing fewer general security analyst jobs than you used to.
The job descriptions, potential responsibilities, and potential required knowledge per role below come from actual job posts for public and private jobs, as well as from my own professional experience and personal observations.
Security Analyst (Specialized)
An analyst serves as a subject matter expert in their designated role. This role can expect to work with others to identify threats and vulnerabilities and partner with other teams to collect and represent analytics and other reporting tools.
Depending on the role and how specialized the role is, responsibilities may include:
- Protection of digital assets and data loss.
- Be consistent with monitoring, create dashboards and reports.
- Develop and maintain documentation or other content of countermeasures in response to threats and incidents.
- Creation and administration of security controls.
- Administration of network security tools.
- Conducting blue team investigations, internal or external security audits, or analysis, reponse, and remediation on cyber incidents.
- Participating in the execution of red teaming, remediation, and testing.
- Point of contact for vendors, 3rd parties, or special projects.
- Create or evaluate information security policies.
- Could be SMEs on strategies, tools, and techniques.
- Conduct impact and risk assessments.
- Buiding relationships and status reporting.
- Be able to make independent decisions and be able to prioritize workload.
- Be able to understand and use the Common Vulnerability Scoring System (CVSS), as well as Common Vulnerabilities and Exposures (CVE).
- Demonstrate knowledge of information security programs and operations, data security practices and procedures, and risk identification/assessment.
- Knowledge of industry standards and frameworks, including NIST, PCI, ISO, OWASP, etc.
Required Security Analyst Knowledge
- Be able to configure, script, or automate.
- Operating systems and networking.
- Security architectures, devices, proxies, and firewalls.
- Security tools related to Enterprise Log Management, IDP/IDS, Antivirus, Firewalls, Proxies, DLP, Forensic Analysis, and SIEM solutions.
- Security event logs and correlating events.
- Pattern recognition and finding gaps or improvements that can be made in security monitoring.
Security Researcher / Vulnerability Analyst
- This can be a regular position at a company or a position at a security research organization.
- Could be software focused or part of the incident response team.
This type of analyst will work closely with the other vulnerability management members to identify threats and vulnerabilities to the organization. Responsibilities can include:
- Administer industry-standard vulnerability management tools.
- Provide and support efforts to maintain metrics, including vulnerability remediation efforts.
- Discover, identify, and track vulnerabilities to assess risk. This also includes identifying vulnerability false positives.
- Contribute to the vulnerability management program including maintaining a vulnerability assessment schedule to assess risk.
- Measure the effectiveness of safeguards by performing testing to ensure they provide the intended level of protection.
- Participate in execution of testing, red teaming, and enforcement of security standards and remediation tracking.
- Build and maintain relationships with other teams, business units, and stakeholders. Regularly communicate status to key stakeholders.
- The ability to make decisions independently and prioritize assignments and workload.
- Ensure staff at all levels consistently apply defined processes and procedures to established standards.
- Escalate issues to management in a timely manner with appropriate information regarding risk and impact.
Required Vulnerability Analyst Knowledge
- Expert-level understanding of and experience in the practical application of the Vulnerability Management Lifecycle and associated best practices.
- Experience with industry-standard vulnerability management tools.
- An understanding of the vulnerability identification, analysis, and vulnerability scoring standard Common Vulnerability Scoring System (CVSS) as well as Common Vulnerabilities and Exposures (CVE).
- Demonstrated knowledge of information security programs and operations and data security practices and procedures, including risk identification/assessment.
- Working knowledge of general security concepts (Authentication, Authorization, Encryption, and Digital signatures), PKI concepts, and TLS.
- Knowledge of industry standards and frameworks, including ISO, ITIL, COBIT, and NIST.
- Scripting and Automation experience.
- Experience with and understanding of different threats to an organization.
- Experience working with vulnerability management modules.
Emergency Response / Incident Response
Incident response responsibilities could come as a dedicated position or as an expectation to participate as a security or operations team member. This really depends on where you work, as well as the sector you are expected to protect.
Here are the potential responsibilities you can have as a responder:
- Provide support in the detection, response, mitigation, and reporting of cyber threats.
- Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
- Triage and correlate cyber security incidents, providing technical assistance with network assessments, response, malware analysis, and computer forensics as necessary.
- Perform forensics analysis on compromised systems to identify the extent and nature of intrusions and provide recommendations on remediation steps.
- Perform analysis for correlated information sources to protect and secure sensitive information and systems. Assist with the analysis of previously undisclosed software and hardware vulnerabilities.
- Partner with other security and operation teams. Report and share information related to significant cyber incidents to internal and external stakeholders.
- Provide updates to Incident Managers and/or leadership as to the cyber security posture.
- Drive innovation by analyzing and interpreting data to test and inform a new initiative or approach.
- Manage change and demonstrate adaptability by embracing change and adjusting priorities or processes and approach as needs dictate.
- Take responsibility for successes and failures related to individual and team-based project work assignments; actively presents suggestions for solution(s), if objectives not met.
- Meet and maintain compliance with information assurance and other frameworks.
Required Incident Response Knowledge
- Cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks.
- Configuring and implementing technical security solutions, such as firewalls and intrusion detection systems.
- TCP/IP protocols and analysis.
- IT security principles and standards. network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology).
- How to respond to IT vulnerabilities and threats.
- Proper handling of evidence (evidence seizure, forensic analysis, and data recovery) or classified material.
- Malware analysis, reverse engineering, and forensics.
- Scripting languages such as Bash, Ruby, Perl, or Python.
- Various log types (e.g. Windows Event, Web server, Firewall logs, etc.).
- Linux at the command line level.
- Working knowledge of forensic methodologies and related tools such as TK, EnCase, and SANS SIFT.
Security engineers are the heroes that help set up and configure systems. These more senior roles are very common in MSPs and enterprise sales teams. Besides technical skills, it’s required to have strong communication skills.
Since the goal for an engineer is system integrity and quality control, these pros help IT departments understand cyber issues.
Engineers could be SMEs on strategies, tools, and techniques. Responsibilities may include:
- Operations based design and implementation of security systems.
- Administration of one or more network infrastructure, identity and priveledge access management systems, security tools, and other threat platforms.
- Risk assessment and risk management, including identification and quantification of risk, identification of mitigating controls, and development of action plans.
- Communication with internal parties and effective liason with outside parties.
- Document design and implementation details of system configuration and administration.
- Advanced system estimation, planning and project execution.
Security architects are great in that they are more business problem solvers than previous security positions. Sure they are still technical, as they are heavily involved in an organization’s security infrastructure. However, the focus is on business requirements and information needs.
Setting up computers and network infrastructure is only the beginning. Systems must be maintained and evaluated to make sure business needs continue to be met.
Sometimes you will see similar responsibilities as you would from a Security Engineer position, depending on infrastructure setup and personnel requirements.
Information Security Officer
Responsibilities may include:
- Coordinates computer security incident response activities and brings in additional parties as necessary.
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyzes of relevant event detail and summary information.
- Evaluates firewall rules, configuration, and change requests from operations and assesses/reports associated risks and recommendations.
- Communicates alerts regarding intrusions and compromises to their network infrastructure, applications and operating systems.
- Assists with implementation of countermeasures or mitigating controls.
- Ensures the integrity and protection of networks, systems, and applications by working with key staff to enforce organizational security policies.
- Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system, and external integrity scans to determine compliance.
- Prepares incident reports of analysis methodology and results.
- Maintains current knowledge of relevant technologies and makes recommendations.
- Analyzes and reports cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions. Leverages experience and understanding of application security standards, frameworks, attack methods, and mitigation best practices.
- Administers enterprise vulnerability management and security awareness solutions.
- Performs security activities, including security design reviews, and threat modeling, on developed software.
Required Information Security Officer Knowledge (From KSAs)
- Knowledge of computer processing operations, procedures, and equipment.
- Knowledge of database conversion, programming, testing and implementing application programs.
- Knowledge of security and penetration tools in problem solving.
- Knowledge of computers and software.
- Knowledge of the principles, practices and techniques of computer programming and/or computer systems analysis.
- Ability to identify and evaluate port and software vulnerabilities.
- Ability to evaluate new software in order to make security recommendations.
- Ability to maintain, and enforce application security development policies, procedures and standards.
- Ability to monitor and resolve problems with computer system components.
- Ability to prepare clear, concise and comprehensive reports.
- Ability to establish and maintain effective working relationships with internal and external groups.
Even though security functions are delegated to staff to actually implement, security managers are ultimately responsible for implementing the security program as a whole.
Security awareness, security policy management and procedure development, and more are important to accomplish. There is more of an emphasis for the security manager to serve as a liaison with other officials.
The security manager will develop information security baselines, investigate, recommend, evaluate, deploy and integrate security tools and techniques to improve the protection of assets and infrastructure and work with the project teams to ensure the technical architecture, design, and development of integrated systems and products are secure.
Depending on the role and size of the organization, this position can be responsible for the entire security program or is responsible for sub-programs within a larger enterprise. The manager will work closely with the cybersecurity leadership to shape the strategic vision for and continuously develop and mature the program.
Responsibilities may include:
- Oversee development of entire security program or sub-program.
- Directs the budgeting, planning, evaluation, implementation, and supervision of the Information Systems Security group of the Information Technology Department.
- Manages the capacity planning, installation, operation, and tuning of the information system security software and hardware.
- Prepares Information Systems Security hardware, software, and support capital and operating expense budgets.
- Provides a focal point for coordination of internal and external audits of Information Systems Security.
- Develop and mature a growing team of cybersecurity personnel.
- Apply demonstrated practical and management experience towards the optimization of processes and tools.
- Identify areas of cyber risk and provide oversight, analysis, and risk-informed expert advice and recommendations.
- Provide guidance to application and system owners on vulnerability remediation requirements.
- Regularly conduct vulnerability and attack surface research.
- Provide reporting to appropriate leaders and decision makers on outstanding issues and remediation tasks as needed to include timely and relevant updates.
- Manage third-party contracts and engagements or entire vendor management program.
- Collaborate with industry partners and internal lines of business to discover and evaluate vulnerabilities.
- Escalating issues to management in a timely manner with appropriate information regarding risk and impact.
- Develop and establish operational metrics and reporting based on Key Performance Indicators (KPI’s).
- Manage personnel to include establishing KSA’s (Knowledge Skills, Abilities), performance management and professional development, and provide leadership, guidance, and technical expertise.
- Provide external audit evidence/support and assure compliance to required standards, procedures, guidelines and processes.
- Track and perform adversary emulation based on TTP’s as defined within the MITRE ATT&CK framework as well as subsequent and detection validation.
- Proactively search for data exposures or related incidents, indications of compromise, and providing advanced threat analysis for security events.
- Develop and maintain a catalog of intelligence products for a diverse stakeholder audience as well as intelligence requirements to drive collection, processing, analysis and dissemination of cyber threat information.
- Support the incident response team in the effective detection, analysis, containment, and eradication of malicious activity.
- Regularly conduct Lessons Learned / After Action Reviews.
Required Security Manager Knowledge
- Building out an operational capability, preferably within a cyber-related function.
- Strong planning and organizational skills for the purposes of prioritizing tactical/strategic initiatives and achieving goals.
- Supervisory or management experience over a technical team.
- The ability to foster team work and collaboration across operational teams, including managing a geographically dispersed workforce.
- Strong leadership qualities to include the ability to team-build, lead, mentor, and motivate others.
- Understanding of vulnerability assessment methodologies and maturity models.
- Ability to maintain a deep understanding of current threats, vulnerabilities, attacks, countermeasures, and how to respond effectively to them.
- Experience using and evaluating enterprise-level vulnerability management solutions and assessment tools.
- Experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, etc.
- Familiarity with controls and control frameworks such as NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, OWASP, ISO, COBIT, etc.
- Understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and other related standards.
- Knowledge of AWS and Azure Cloud configurations and how to secure them.
- Knowledge of virtualization configurations (to include those for containerization) and how to secure them.
- Experience with Red Team/penetration testing methodologies for networks, web-based applications, APIs, and mobile apps.
- A strong understanding of the current threat landscape and adversary tactic, techniques and procedures (TTP’s).
- Experience in adversary emulation, dark/deep web research, and threat hunting.
- Understanding of the intelligence cycle, analytical tradecraft, threat modeling, and research methodologies.
- Experience with CND-based analytical frameworks (e.g., Cyber Kill Chain, Pyramid of Pain, MITRE ATT&CK, etc.).
- Experience with leveraging Splunk or other big data analytic platforms.
Responsibilities may include:
- Directs, manages, and oversees operations; collaborates; develops, implements, and monitors strategies, goals, and objectives in support of vision, mission, and core values.
- Develops and maintains the Information Technology Plan and supported budget, which defines the IT Strategy and associated projects.
- Provides management guidance to divisional managers or leads.
- Develops departmental human resource, operating, and capital needs; prepares procurement plans and written justifications.
- Establishes, interprets, and enforces operating policies and IT best practices consistent with objectives and organizational policies; evaluates the results of overall operations and service levels and provides reports as required.
- Incorporates the use of established IT best practice frameworks including ITIL and COBIT to enhance service delivery.
- Establishes formal Service Level Agreements with customer departments for IT services with supporting metrics.
- In coordination with Internal Audit, develops formal IT risk management and mitigation plans; prepares Business Impact Analyses in conjunction with user departments to determine system recovery priorities.
- Selects departmental new hires and prepares staff promotion recommendations; leads staff by example; develops staff through training and project assignment; reviews and evaluates employee performance; applies disciplinary action as required.
- Defines the responsibilities, authority, and accountability of all direct subordinate managers and staff and provides them with regular performance reviews and guidance.
- Advises, coaches, and mentors IT management and supervisory staff on leadership, training, safety, and disciplinary matters; oversees training programs and provides effective and motivational leadership to department personnel.
- Identifies information technology; coordinates with user departments to seek out areas where the application of technology can produce business efficiencies and cost reductions; develops and implements programs to achieve established goals and objectives; applies formal Project Management tools where necessary.
- Provides commitment to continuous process improvements and exceptional customer service in support of the vision, mission, and core values.
- Develops cooperative professional relationships with representatives of regional, statewide, and national groups and leaders in a professional manner.
- Formulates the strategy for information technology training requirements and coordinates the training program.
- Plans, organizes, directs and exercises supervision through directors over employees engaged in all information technology infrastructure, integration, and support functions.
- Oversees groups, information, data integrity of the enterprise.
- Formulates IT business plan and performance measures, defines short and long term IT needs, and develops policy to meet operations objectives and enhance group performance.
- Develops, recommends and implements organizational long range and short range information and data communications technology plans and strategies.
- Establishes organization standards with regard to computer hardware, software, and networks.
- Develops operational and capital department budgets and monitors department expenditures to assure proper budgetary control is maintained.
- Monitors cost-effectiveness of operations, reduces costs and improves efficiency, including negotiates contractual terms and conditions with vendors.
- Provides leadership and direction for information technology activities by developing and implementing strategic plans, processes and programs to support technology needs.
- Leads the effective and efficient operations of shared information systems and services throughout the circuit and directs technology, professional and management personnel engaged in the optimization and unification of IT resources and services.
- Participates in and leads and directs IT project teams focused on implementation of emerging and existing technologies.
- Defines and assesses IT governance, policy, and management standards.
- Leads and/or participates in working groups tasked with defining and implementing standards and best practice solutions, writes high-quality project reports, and makes effective presentations.
- Conducts strategic, tactical, and project planning. Align IT objectives and programs to enterprise objectives and strategies.
- Prepares requests for information, requests for proposal, and other procurement documents, and assists in vendor and product selection and procurement project quality assurance.
- Develops policies and procedures in consultation with senior management to ensure efficient and economical system operations; evaluates results to ensure compliance and to identify deficiencies.
- Confers, in writing and orally, with division/department staff, users, and management to effectively convey information.
- Reviews the performance of employees and ensures compliance with rules, regulations, safety policies and standards.
- Confers with Department Directors in planning and solving administrative and operational problems where computerization appears to be necessary.
Required Security Executive Knowledge
- Thorough working knowledge of theories, principles, practices and techniques of computer hardware and software, office automation, database design, and data communications.
- Knowledge of basic concepts, principles and theories of management.
- Knowledge of project management practices and procedures.
- Knowledge of word processing, spreadsheet, and database computer software, as required by the position.
- Ability to analyze, evaluate and resolve technology issues and make recommendations for proper action.
- Ability to successfully lead, manage and implement projects with strong organizational skills.
VIP Security Consultant
Someone who digitally serves and protects people of interest.
- The Rich and Famous.
- Executives (not an IT employee of the company).
- Other people who are big targets.
This isn’t just for house calls. Specialized security consultants can be found in boutique security firms that target higher-end clientele.
Other Cybersecurity Jobs
Cybersecurity can be made up of many broad functions:
- Network security
- Host security
- Application security
- Privacy and ethics
- Regulation and law
- Copyrights and patents
- Physical security and fire suppression
- Disaster recovery and business continuity planning
- Project management
- Business development
- Data, integrity, records retention, and storage
- Optics, PR, incident response
- Hacking, blue teams, and red teams
- Policy management and documentation
How to Determine Which Security Job is For You
In the beginning, you may not be able to pinpoint exactly what you want to do.
However, that’s no excuse to be lazy. You can always fine-tune your path while you are in it.
Look at State of Cybersecurity and IT Industry as a Whole
Usually, when you are evaluating jobs for a potential career path, you want to check to see if the industry or field is worth getting into. When you do this for cybersecurity, you’ll see the ever increasing number of predictions to suggest there will be more jobs than people who can fill them.
Therefore, growth won’t be a problem.
The industry has changed dramatically over the past five years. A lot of the developments happening now and the developments that will be established in the future will create jobs that don’t even exist yet.
I have yet to see mass layoffs that weren’t expiring contracts. Besides, if something does happen to a cybersecurity job, you’ll have another one by the end of the month if you’re passible, let alone a top performer.
Morale is typically good with employees who work in this area as they are driven by the nature of the work they do. This is of course assuming they aren’t severely underpaid as that could cause morale to be low.
Again, there are so many jobs in this space that if your pay isn’t at the market rate, you can easily get the salary you deserve. If you get into cybersecurity now, you’ll have great positioning when these types of jobs mature and become harder to get.
I want you to do 3 things before you move on:
- Find a couple professional websites, newsletters, and journals that you like that relate to IT and security. It may also help to read a few good cybersecurity books.
- Find a local relevant organization you can join. If there isn’t one that appeals to you find a group or meetup you can attend.
- Follow some important people in the industry that you like. There are many IT and security folks to choose from. Bonus points if they are local to you.
Look at What Work is Like
Get an idea of what a typical workday looks like. Depending on the role that interests you, this could be challenging as certain positions tend to have different days.
Search on YouTube for a day in the life of whatever position you’re interested in. There are more materials are out there than there have ever been. If it isn’t obvious by this point, find out what skills are required for the position you’re interested in.
See what parts of the job are most challenging and why people who do the jobs remain. What motivates them? What do they find most enjoyable? Does this resonate with you?
Research some of the dangers associated with the job, even if it’s an unquantifiable risk or exposure. What will some of the nuances and “gotchas” will you need to learn?
Are you willing to be on call or work past 5 PM and on the weekends? How about a consistent year-round schedule or a seasonal or academic schedule?
Another helpful tip is to volunteer at a STEM event or make a connection to be able to tour a facility. It sounds a bit ironic that it would be easy to tour a secure facility, but it can be done. I’ve toured many places in the last 4 years by making connections. Yes, this was all in the up and up.
Look at Pay and Advancement Opportunities
Let’s face it, money is important. It’s ok to be guided by pay but don’t let it define you. You still need the skills and desire to perform the work.
Look at starting salaries in your area versus regional and national averages. It’s pretty easy to find salary data, whether it’s salary ranges, grade information, or paycharts.
Here are a few resources to get you started:
- IT Occupational Outlook Handbook by the Bureau of Labor Statistics. The grouping is a bit out of date but the statistics BLS generally provides are useful.
- Cybersecurity Supply and Demand by Cyber Seek. I love this website. It has more than salary information. Bookmark it and take a look around.
Do some digging to see if job hopping is necessary to get promotions. Depending on the sector and where you are located, job hopping may be required to get your raise. Check out this post for more information on cybersecurity job myths, including info on raises.
In many different companies, security jobs are new, and companies don’t know how to value the people who fill them.
I like to start from an end position, pinpoint where I presently am, and fill the potential spots in between. If you do this, you’ll be able to gather about how long it takes to get into management and how long it takes for managers to rise to the top.
Take a look at the background of senior level leaders, especially at the executive level. What got them to where they are? If you can’t find a useful bio, ask them directly. I think you’ll find these folks are more approachable than you think. Especially, at a conference or group event.
Look at Skilling Up
Besides education, what is necessary to learn to qualify for your job?
How do most people enter the role you want? In general, people enter security from all manner of positions.
Not including soft skills, which of your skills are you strongest in?
What gaps in knowledge do you have that would prevent you from getting the role you’re interested in?
Ramit Sethi of I Will Teach You to Be Rich has mentioned that your resume needs to show a narrative. What narrative do you want to get across? How are you structuring your resume to make sure your narrative is received as intended? What skills do you need to better support that narrative?
Which courses or certifications do you need in order to qualify for your intended role?
Finding a Worthy Company or Organization
Which companies, agencies, or organizations can you best serve? What companies might be interested in hiring someone with your background?
Is it a 3 letter agency?
- DHS, NSA, FBI, ATF, etc.
- You will need to learn How to Specifically Write a Federal Resume. They are way more involved than what you’ve been writing so far.
- Government employees have access to free training.
What type of lifestyle changes are necessary to work at your potential job?
- Frequent travel or casual business meetings.
- Onsite or remote work?
What type of personal attributes are necessary for success?
- How do these people talk?
- How do they present themselves?
What jobs make use of your background?
- Skills, education, and experience.
- Are there community involvement opportunities?
What is the company culture like?
- How often do people leave this company?
- Is there a culture that is engaging, fun and energetic?
- Does the organization support Work/Life balance?
What is progression like?
- Does the environment promote growth and professional development, including internal and external training opportunities?
- Is there tuition and certification reimbursement?
- Are there opportunities for self-employment in this space? Where?
Is compensation a good fit?
- Is salary competitive?
- Is there a comprehensive benefits package including medical, dental, vision and life insurance?
- Is there a 401K plan with company match?
- What type of leave options are available and is there paid time off upon date of hire?
- Are there wellness programs and incentives?
- Is a sign-on bonus or relocation assistance provided?
Becoming Worthy Yourself
We briefly discussed building blocks and skilling up. I would be remiss if I alluded that cyber and information security jobs were all about progression.
There’s more nuance, more marketing, and self-promotion that goes into a successful security career.
I mentioned previously that many security positions that are popping up now are new. These organizations do not yet know the value of these positions, let alone will heed the advice you bring. You need to be able to gather and properly relay the information to them.
It doesn’t stop at the job itself, you need to be able to market and promote yourself, more so than you normally would in other professions as an aspiring contributor to the workforce.
Furthermore, you will need to learn how to integrate with functional groups, learn culture, and be able to be a good team member (good fit).
Thanks for checking out this nearly 4.5K word post. It was originally 2K and I had to double it. And yet, I still barely scratched the surface.
If you are the least bit curious about cybersecurity jobs or information security jobs, I highly recommend you do the work and move forward.
It’s totally worth it.
In the meantime, let me know what else can be added to this post besides more job examples. There’s so much information to write in this space but I at least want this post to make you think. Now get to it!