Hot Topic: Cyber Security Jobs in 2017
Awareness of cyber security and its prevalence across the business world is an all but constant factor in our news cycles, detailing the dangers and consequences of cyber-attacks, particularly in the wake of numerous high profile cases including Canadian dating site Ashley Madison, UK telecom company TalkTalk and even the FBI. Without an effective cyber defence force working across global business, the threat to sensitive data contained within the hundreds of thousands of organisations worldwide continues to be immense.
According to Cisco, there are currently 1 million cyber security jobs unfilled, a number tech giant Symantec predicts will grow by half by 2019 as the global demand for cyber security is expected to reach 6 million in the next two years. Thus the need for skilled cyber security professionals remains a critical issue. As an internal auditor you have some of the fundamental skills required for a career in cyber security because of your ability to assess the effectiveness of an organisation’s internal controls as well as being in the position to educate the powers that be of the potential risks the business could face and the value of security to its infrastructure.
As an Internal Auditor hoping to move into the cyber security space, an initial and helpful step would be to get involved with cyber security projects within your company in order to gain some first-hand exposure to what they do and how they do it. However, there are a range of core skills you will need to add to your résumé if you want to make that move from audit to cyber security. Employers are looking for a balance of technical strength and soft skills that will enable their cyber team to take on network issues and database management equally as competently as communicating with non-IT colleagues and understanding business procedures and processes.
In a recent report, published by ESG/ISSA, 371 cyber security professionals were quizzed on the key areas where organisations they worked for had the most critical skills deficits. The majority of respondents pinpointed the need for security engineers as well as those in possession of security analysis and investigations skills, though this is a long-cultivated skillset with opportunities generally reserved for the more experienced cyber security alumni. Application security skills was the second biggest area for talent shortage, what with the rise of the smart-everything as the world becomes increasingly digitised. Banking Apps is one crucial area that needs individuals skilled in understanding which controls to implement to properly identify their vulnerabilities.
Meanwhile, the move from desktop to public and private cloud infrastructure indicates that opportunities are only set to grow for those with cloud computing and cloud security expertise, and they come with pretty impressive salaries too. Penetration or pen testers too are in demand.
If you are seriously contemplating making the move, particularly into an audit role within cyber security, then you should consider taking a degree or professional qualification in one of the following subjects: Computer Science, Information Systems, Cyber Security or a related technical field. Certainly, the more relevant experience and qualifications your CV boasts, the more impressed the hiring manager will be. The fundamentals of elevated computer science, enhanced by mathematics and followed up by industry standard certifications such as CISSP, CISA or CISM will better prepare you for a career evaluating everything from statistics to fixed mechanisms. Take the time to learn the basics of auditing computer applications and information systems of varying complexity at any and every opportunity. Certain hard skills may also be a prerequisite for some employers who may expect their cyber security auditors to have a strong working knowledge of regulatory and industry data security standards, as well as certain frameworks, operating systems and databases. Programming languages such as Java and C++ and experience with auditing and network defence tools, such as Fidelis, Websense and BlueCoat may also be required.
Cyber security demands continuous self-education, as the nature of technology means its landscape is forever changing. So, above all, anyone planning on working on the all-important first line of defence must be flexible and forward-thinking.