A year after the COVID-19 pandemic made virtual learning a reality for students around the world, a fresh group of college grads is about to enter the technology job market over the next few months. For those college and university grads ready to leap into the cybersecurity market, there remain plentiful opportunities for those with the right skills and outlook.
While hiring managers and recruiters have noted for years that there are more open security jobs than can be filled, the worldwide pandemic has opened additional doors for those looking to start a career or explore some alternate employment opportunities.
In a study released in early May, security industry group ISACA surveyed about 3,600 infosec professionals, finding that 61 percent of respondents reported that their cybersecurity teams were understaffed, while 55 percent said that they had unfilled cybersecurity positions.
The same ISACA study found that 53 percent of respondents reported having difficulty in recruiting talent within the last year—a likely result of the COVID-19 pandemic. In another survey, the International Information System Security Certification Consortium (also known as (ISC)²) found that one reason why organizations have trouble recruiting cyber talent is that many teams focus too much on recruiting the perfect candidate, and now is the time to look for those with a variety of skills who can fit an organization’s culture.
“Many organizations still default to job descriptions that rely on cybersecurity ‘all stars’ who can do it all,” Clar Rosso, CEO of (ISC)², noted in the report. “The reality is that there are not enough of those individuals to go around, and the smart bet is to hire and invest in people with an ability to learn, who fit your culture and who can be a catalyst for robust, resilient teams for years to come.”
Of the over 2,000 participants in the (ISC)² study, about 42 percent reported that dedicated security education is critical for a role in cybersecurity. At the same time, a background in IT is still a leading gateway into the cybersecurity job market.
Abhijit Ghosh, CTO and co-founder at security firm Confluera, noted that when his company looks to recruit and hire recent grads, a degree is important, but those candidates who have experience and know-how to keep pace in a fast-changing environment (such as cybersecurity) have an edge.
“To keep up, I look for new grads with internships or other part-time work experience where they have been exposed to the pace at which this industry operates,” Ghosh told Dice. “The rapid pace is something that cannot adequately be taught in an academic setting but rather has to be experienced in a real-world environment. New tools and innovations are also being introduced at such a rapid pace that they can only be best experienced in live environments.”
While there are several cybersecurity certificates that graduates can earn to help make them stand out during the hiring process, security professionals still have mixed views on which ones can help when hiring for a particular position. Ghosh noted that he favors the Certified Ethical Hacker certificate, since he likes potential employees who can think outside the box.
“In addition to showcasing their understanding of hacking tools and techniques, the experience with hack-a-thons and catch-the-flag competition is not unlike the real-world scenario in which cybersecurity professionals must respond in real-time to an attack-in-progress,” Ghosh said. “I also associate this certification with the individual's passion for this industry. Something that you’ll need a lot of when cyberattacks hit at the most inopportune time like the weekends and holidays.”
Mohit Tiwari, co-founder and CEO at Symmetry Systems, has found that a traditional background and knowledge of encryption basics, memory errors and web application exploits, as well as knowledge of network-layer security, is a good start. However, recent graduates need to understand how the industry continues to change.
“A large fraction of security work is done in security operations centers—SOCs—where security engineers have to both know attackers' tactics and techniques as well as analyzing large streaming logs through data science and engineering techniques,” Tiwari told Dice. “Knowing how to build data pipelines for streaming, batch, etc. … use-cases and understanding how to build attacker-resistant machine learning algorithms is now a key skill for security engineers.”
Tiwari also sees how disciplines like DevOps are changing the way organizations are approaching security. As a result, graduates who have skills related to CI/CD, or have knowledge of systems such as Terraform and Kubernetes, have a head start in the security job market.
The (ISC)² report also found that cloud security was rated as the most important technical skill for those looking to enter the field. At the same time, problem-solving was the top-rated “soft skill” they should have.
Find What’s Right for You
Grant Wernick, CEO and co-founder of security firm Fletch, noted that, while he looks for candidates who are creative thinkers or have done original security research, graduates who want to enter the cybersecurity field should also consider what kind of company they want to join.
Wernick suggests finding those companies that are using the latest technologies and are willing to give new employees chances to grow and provide mentoring.
“Thanks to the accelerated technological transformation that COVID has brought on to every company, the need for security engineers is at an all-time high. As you make your decision to join a company, look for those who have the latest stack, are in the cloud, and are investing in the latest technologies so you can practice your analytical thinking skills and not get stuck doing data plumbing all day,” Wernick told Dice. “Look for security leaders who will mentor you and forward thinkers who take an interest in shaping the next generation of security professionals.”