Careers in fighting cybercrime

One of the ways in which STOP. THINK. CONNECT.™ – which describes itself as “the global online safety awareness campaign to help all digital citizens stay safer and more secure online” – works towards achieving its aims is by inviting participating partners such as ESET to offer tips and advice in the course of its frequent Twitter chats (#ChatSTC).

On October 20^th, the subject of one of these events was Recognizing and Combating Cybercrime (the link leads to the entire chat). These generally take the form of commentary from a wide range of organizations in response to specific questions. A particularly interesting question – well, it interested me – was Question 11:

Q11: What are some examples of cybercrime-fighting careers, and what skills are needed for a cybersecurity job?

Not that I have a secret yearning to launch a new career in careers counseling, but I do actually get asked to give such advice quite a lot, probably because people think someone as old as I am, after 30 years or so in or on the borders of the security business, must have something useful to say. That may be optimistic on their part, given my somewhat random career path, but I’ll come back to that below. In the meantime, here are some articles cited by @ESET in that Twitter chat that address the topic:

• “The future health of our security requires a more diverse workforce. Here are some resources that can help.” [A pointer to an excellent article by Lysa Myers on addressing the all-too-obvious gender gap in IT security, with lots of useful links. – DH]
• “For parents of kids who’d like to get into security, these tips will help nurture their genius.” [Fortunately, you don’t have to be a genius to get a job in IT security, else I’d probably be working in a bar. Come to think of it, that’s not a bad idea. Anyway, some useful thoughts in this more generic article.]
• “If you’re looking to start a career in cybersecurity, this post has some great tips and links.” [Another article by Lysa Myers, again with useful links.]
• “One of our researchers, @dharleyateset gives some insights on ‘what it takes’ here.”

That last entry requires a little explanation, since it’s not an ESET link. Earlier in 2016, Matt Ashare contacted me on behalf of OnlineEducation.com, asking several interesting questions relating to working in IT security, to which I responded at some length over the next few weeks. (I hasten to add that I was by no means the only person he interviewed in this way: among others were my friend – and sometime co-author – Robert Slade, and Kelly Jackson Higgins, executive editor at Dark Reading.)

The questions we were asked were as follows:

• Can you provide a rough outline of what cybersecurity has come to mean as a discipline and a career? How has it come to be incorporated into the larger fields of IT and computer science/programming?
• With that in mind, what should we be teaching the next generation of IT and computer science specialists about cybersecurity?
• On a practical level, what does the day-to-day work of cybersecurity look like, and what kind of person/personality is well suited to this kind of work?
• What kinds of coursework and practical training should students look for in an advanced degree in cybersecurity, and what kind of experience outside of the classroom is helpful in cultivating expertise in the field?
• How did you get into the field, what drew you to it, and how have you seen it evolve over the last decade or so?
• What are employers looking for in cybersecurity hires and how should someone who’s aiming to enter the field prepare him or herself?
• What should we be teaching the next generation, and even the current generation of information security specialists and technicians, both in terms of skills and ethics?
• How is the interplay between government policies, technological innovations, economic forces, and social dynamics impacting the evolution of cybersecurity, and what are the biggest factors shaping education and employment in the field?
• From your perspective, what are the one or two biggest misconceptions that people seem to have — even people “in the know” — about cyberattacks, malware, and information security?

Those seem to me to be questions that may well interest people contemplating a career path in security, and if nothing else you’ll get a wide range of viewpoints. And if all that seems a little daunting, you could try the comprehensive summary elsewhere on that site that includes quotes from several of us, plus a lengthy list of further resources: Guide to Careers in Cybersecurity, Information Assurance and Digital Forensics