It’s

YOUR TIME
9 Tips to Supercharge
Your IT Security Career
OPPORTUNITY KNOCKS
There’s never been a better time to be a cybersecurity professional.
Security skills are in high demand and will remain so for the
foreseeable future. By 2022, the world is expected to face a shortage
of 1.8 millioni cybersecurity workers, which means organizations will
continue to step up recruiting efforts to compete for a limited pool
of qualified candidates.
The competition is fierce. Currently, 70% of employers plan to hire
cybersecurity workers, according to (ISC)² research.ii The reason is no
secret: Cybersecurity attacks occur with alarming regularity, and the
trend is for attacks to continue increasing in frequency and damage
potential.
A net effect of rising cybercrime is a vibrant cybersecurity job
market. But if cybersecurity jobseekers think they can write their
own ticket, it isn’t quite that simple. Candidates are bound to run
into obstacles that can turn a relatively straightforward job search
into something much more complicated.
Although research shows employers by and large intuitively
understand their organizations are facing new threats, many lack
a clear or accurate assessment of what’s needed to mitigate the
risk those threats create. Often, companies shortchange their
investments in technology, human resources and training.iii They
often have an unrealistic view of the skills cybersecurity job
candidates should possess. For example, many expect new hires to
have deep knowledge and skills in a discipline that is often complex
and rapidly evolving, requiring experience as well as continuous
education and skills development.
The disconnect between employers’ expectations and the reality
of the job does create challenges for job seekers. However,
understanding those challenges and knowing how to navigate
today’s cybersecurity hiring landscape creates opportunity for savvy
jobseekers.
NEW CAREER CHOICE
Cybersecurity is a much broader field than endpoint protection,
firewalls, SIEMS and even that cool SOC your organization may have
built. In today’s world, effective cybersecurity professionals aren’t
2
necessarily strapped to a keyboard rooting out malicious code or
reverse engineering active attacks. Cybersecurity professionals help
drive risk management, security policy creation and enforcement,
user education, data governance and protection, and a whole lot
more across all departments within an enterprise or government
agency.
Finding talent for those roles isn’t easy. Cybersecurity is still a
young discipline, and historically viewed as a first career choice by
relatively few. According to the (ISC)² Global Information Security
Workforce Study, the vast majority of cybersecurity workers
(87%) didn’t start out in security, so they’ve had to acquire skills
and expertise along the way.iv This will hopefully change as more
colleges develop cybersecurity curricula, but in the meantime it
means opportunity for aspiring cyber professionals, no matter what
their professional background. Traditionally, IT/ICT workers have
been fertile ground for bolstering the cybersecurity ranks, but it’s
no longer enough. Moreover, employers are growing increasingly
aware that a successful cybersecurity program requires a team with
a diverse skillset, experience and perspective. Professionals from
a broad array of disciplines – including finance, risk management,
legal, marketing and sales – are turning to cybersecurity as a new
and rewarding career opportunity.
RISE ABOVE EMPLOYER EXPECTATIONS
To even get in the door, jobseekers need to be marketable
and demonstrate their value. Then, to actually land a desirable
position, you need to understand what employers want beyond
your technical acumen. Prove you have the necessary skills (even
if employers don’t quite understand what that means), show you
can implement security strategies without being a roadblock to
the business and instill confidence that – once in place – you will
be ready to play the advocate role in sharpening management’s
understanding of cybersecurity.
Employers emphasize communication and analytical skills in
recruiting cybersecurity professionals, but finding candidates
with all the requisite skills is difficult. Candidates with technical
backgrounds often lack formal experience in communication and
may inadvertently undersell their skills here. And business analytics
expertise, much like cybersecurity, is hard to come by because it is
an emerging discipline for many already in the field.
For jobseekers, this is important information to absorb so you can
dedicate your energies to developing and presenting the skills
employers are seeking.
Find a Mentor
Join a local (ISC)² Chapter near you to meet
and engage with cybersecurity professionals
in your area. These local, one-on-one
relationships are a great way to kickstart your
career and job search. Find an (ISC)² chapter
near you at www.isc2.org/chapters.
9 TIPS TO SUPERCHARGE
YOUR IT SECURITY CAREER
With typical salaries topping $100,000,v cybersecurity is a
desirable career path, even if it carries the heavy weight of
responsibility for protecting organizations from cyberattacks.
Keep this in mind as you are looking for a job and preparing for
interviews. Employers will be looking not only for specific skills
but also confidence, professionalism and an individual they can
instantly see advocating for cybersecurity at all levels within their
1
organization.
Here are nine considerations when seeking a cybersecurity job:
1. BE THE EXPERT
As the threat landscape evolves rapidly, cybersecurity
professionals must stay on top of the latest security
developments to ensure their organizations have the necessary
tools and resources to protect against cyber-incursions. Research
shows data exposure and infiltration, and ransomware are high
on employers’ lists of concerns.vi
Cybercriminals adopt new tactics every day to cast as wide
a net as they can to infect PCs with data-stealing malware,
ransomware and more. Meanwhile, other cyber-crooks are
growing increasingly adept at more targeted campaigns aimed at
specific individuals or organizations, deploying disciplined, multi-
stage cyberattacks and data exfiltration campaigns that may
go undetected over extended periods of time. Moreover, new
vulnerabilities in software and systems are discovered constantly,
and organizations have to hurry to test and deploy necessary
patches in a timely manner without disrupting operations.
2
Ensure employers are confident in your know-how when it comes
to threats their organization faces.
2. SHOW YOU’RE A COMMUNICATOR TOO
The ability to communicate clearly and authoritatively is an
asset in any job, and it has become especially important in
cybersecurity. Security professionals not only need to understand
the technical aspects of security but also explain them to staff
ranging from entry-level personnel to the C-Suite in a relatable
manner that speaks to their concerns and areas of responsibility.
Communication skills, both written and oral, come in handy
explaining risks and safe computing practices to non-technical
users, persuading organizational leaders to budget appropriately
for cybersecurity expenses, and providing information to
external parties. The latter may come into play in the event of
a breach, when cybersecurity professionals will be called upon
to communicate with executives, law enforcement and legal
advisors, as well as work with corporate communications to
inform customers, partners and the general public of a situation.
When interviewing for a cybersecurity job, make sure to touch on
experience you have supporting any communication initiatives in
a previous role.
3
The Value of Certification
Employers recognize the value of
certifications, like the (ISC)² SSCP, because it
assures them you have what it takes to better
defend their data. The expertise required
to earn and maintain your certification is
exactly what they are looking for in the
cybersecurity professionals they hire.
3. KNOW THE BUSINESS
Keeping in mind some employers have to evolve their
understanding of cybersecurity threats and defenses, jobseekers
nevertheless must pay attention to employers’ priorities.
When interviewing, ask insightful questions about business
processes and how data is used within the organization.
Demonstrate that you understand how important it is for a
cybersecurity strategy to take business priorities and processes
into account. This is an ideal way to reinforce your value and
knowledge beyond the traditional technical side of cyber
defense. Better yet, if your background isn’t in IT/ICT, leverage
4
your experience approaching cybersecurity from another
perspective to help build your case on the unique value you
would bring to the team.
4. GET TECHNICAL WHEN NEEDED
Security platforms and tools have evolved significantly from the
days of basic endpoint security and simple firewalls. Security now
is a multilayered affair that has grown increasingly complex with
the advent of BYOD, cloud computing and IoT, which creates a
much broader attack surface to manage.
Knowing what technology is available and how to apply it to
various security needs – securing endpoints, implementing and
updating firewalls, monitoring networks for anomalous activity,
collecting and acting upon threat intelligence – is a definite plus
for any cybersecurity job candidate.
As a jobseeker, you must be proficient in current technologies
so you can best partner with IT/ICT teams by understanding the
security architecture and being familiar with their capabilities
and potential vulnerabilities.
5. LOOK BEYOND THE NUMBERS
Employers want well-rounded cybersecurity professionals on
their team. They are looking for professionals who have the skills
to analyze the reams of threat data that scroll through the screens
of cybersecurity teams. Knowledge of how to use security tools
with AI (artificial intelligence) and machine learning capabilities
will also be viewed as an asset by hiring managers.
As a cybersecurity jobseeker, you will benefit from taking the
time to learn about these new solutions, which tools have them,
and how to use the data to develop recommendations to advise
and propose sound decisions to defend against cyberattacks.

In addition, demonstrating your acumen when it comes to assessing
6
other areas of the operation and critical processes, and applying that
to cybersecurity strategy, underscores your ability to be a critical
thinker with analytical capabilities that go beyond what’s on paper.
6. TOUT YOUR CERTIFICATION
Certifications demonstrate proficiency and immediately raise your
credibility with hiring managers. In fact, the right credential is a solid
building block for an enriching career in cybersecurity.
Employers readily recognize the value of vendor-neutral
certifications such as the (ISC)2 SSCP®. It proves you have the depth
and hands-on technical skills to apply the right concepts and tools
7
to secure the enterprise. Remind hiring managers that, as an
(ISC)2-certified member, you’re continually learning and growing
to stay ahead of the latest security trends.
7. TARGET YOUR PITCH
While cyber threats affect organizations across all industries, some
have become more desirable targets. For instance, a lot of phishing
scams now focus on HR and financial professionals in specific
industries. Healthcare, retail and finance have become primary
targets for all types of cyber threats. Heavily regulated industries
face more stringent security requirements, mandates and disclosure
rules. Organizations dealing with individuals in the European Union
must be prepared for the security impact of GDPR.
As a cybersecurity jobseeker, be aware of the threats and risks
8
that specific industries face so you can show you understand their
challenges. This demonstrates to hiring managers that you can add
value in keeping the organization safe from attack and competitive
in the marketplace.
8. COMMIT TO CAREER-LONG LEARNING
With new threats emerging constantly, cybersecurity strategy has
to evolve by necessity. For cybersecurity professionals, this poses
the challenge of having new information to master. But it’s a job
requirement you cannot ignore.
i
2017 Global Information Security Workforce Study – Benchmarking Workforce Capacity and Response to Cyber Risk, (ISC)²
ii
2017 Global Information Security Workforce Study – Benchmarking Workforce Capacity and Response to Cyber Risk, (ISC)²
iii
IT Professionals are a Critically Underutilized Resource for Cybersecurity, (ISC)²
iv
IT Professionals are a Critically Underutilized Resource for Cybersecurity, (ISC)²
v
2017 Global Information Security Workforce Study – Benchmarking Workforce Capacity and Response to Cyber Risk, (ISC)²
vi
2017 Global Information Security Workforce Study – Benchmarking Workforce Capacity and Response to Cyber Risk, (ISC)²
© 2018, (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, ISSAP, ISSEP, ISSMP and CBK are registered marks of (ISC)², Inc.
Your Path to a Cybersecurity Career
Many IT/ICT professionals transitioning to
cybersecurity choose the Systems Security
Certified Professional (SSCP)certification
to fast-track their careers. SSCP validates
your technical skills to implement, monitor
and administer IT infrastructure using
information security policies and procedures.
Learn more at www.isc2.org/sscp.
Make sure employers see that drive for continual education and
professional improvement. Share with them how you keep up
with cybersecurity news, trends and best practices. There’s no way
around it, cybersecurity requires career-long learning.
9. CONNECT WITH PEERS AND MENTORS
Maintaining relationships with other professionals in your field is a
good practice; you can get valuable advice about job-seeking and
share your experiences with others. Make it a habit to attend get-
togethers, seminars and other career-building events to network
with peers, learn new trends about the profession, and get a good
handle on the job market and what employers near you want in a
candidate.
GET STARTED
There has never been a better time to start your cybersecurity
career. Employers are looking for skilled, experienced cybersecurity
professionals, but they often don’t fully understand what they need.
That creates opportunity for you. Prepare yourself for a career in
cybersecurity by getting the education and certification you need
to demonstrate your expertise. The key is understanding what
employers are looking for in a candidate and ensuring you clearly
present those qualities during interviews.
ABOUT (ISC)2
(ISC)2 is an international nonprofit membership association best
known for its award-winning Certified Information Systems Security
Professional (CISSP®) certification, with additional certification
and education programs that holistically address security. Our
membership, 135,000 strong internationally, is made up of sought-
after cyber, information, software and infrastructure security
professionals who are making a difference and helping to advance
this new industry. Our vision to inspire a safe and secure cyber
world reaches the general public through a commitment to social
responsibility via our charitable foundation – The Center for Cyber
Safety and EducationTM.
For more information on (ISC)², visit www.isc2.org, follow us on
Twitter or connect with us on Facebook.