There is a tremendous appetite for information security expertise across both the public and private sectors in the US in the wake of recent well-publicised hacks such as Sony, OPM and Ashley Madison. That being said, opportunities in cyber security in the US are not necessarily easy to break into, despite the demand for experts in this field and the overwhelming shortage of those in possession of the required skillset, and this is often down to limited time. Employers must evaluate a candidate’s expertise in a short period of time, and the most effective way a job seeker can remedy that is by coming prepared with a portfolio that showcases their skills.
Providing employers with examples of projects you’ve worked on, weaknesses you’ve detected and the resulting talks you’ve given at major conferences will vastly improve your chances of securing a role within the cyber security industry. Certifications only go so far as to illuminate an individual’s basic understanding of the industry, but a proven grasp of the tools of the trade is what employers are looking for. One of the most essential tools for detecting weaknesses is fuzzing – a software technique that involves bombarding operating systems or networks with random data, called fuzz, in order to make it crash and thus reveal coding errors and security loopholes in software.
For the majority of IT professionals looking to move into cyber security careers, armed with a relatively simple skill like fuzzing, the critical thing is understanding the target, whether that is looking for bugs or figuring out crashes. There’s more to proving one’s worth in information security than just listing software such as the various fuzzers available, IDA, Pro and gdb on your resume, you have to know their inner-workings inside out and demonstrate their use in understanding the flaws found in low-level native code to really showcase your skills and impress employers.
Speaking the language of programmes such as C/C++, PHP and Java, the latter two being the most useful for web applications, will also endear you to employers. Web applications typically present the most common breeding ground for security issues so for professionals looking to move into cyber security or individuals entering the market from university becoming a web app expert could stand you in good stead. With an alarming number of vulnerable websites, more effort needs to be invested in making web application exploits, such as SQLi and XSS harder, the result being that web application security is far easier to get started in than other cyber security jobs in the US. Government jobs also pose a reliable route into cyber security, and though the pay is not as competitive as within the private sector, it can be used as a valid springboard to higher paying jobs.
The ever-evolving nature of information security and its function within industry means that while you must bring to the table a plethora of technical expertise, you must also come with the right attitude and mind-set to be adaptable, forward-thinking and passionate about what you’re doing. Employers looking to fill cyber security roles in the US want individuals who can prove themselves great problem solvers, strong communicators and quick thinkers to successfully and effectively meet the demands of working in information security.