Yes, it is true that there is a rather severe shortage of skilled workers in the Cyber security industry. The particular numbers vary of whom you talk to, but it is more than likely between of between 300,000 – 400,000 workers that are needed, and quickly.
Many institutions and organizations are trying to get teenagers interested in Cyber security as a career, primarily so they do not turn over to the proverbial “Dark Side”.
Many recruiting and news websites make it sound like that all one needs is a college degree (preferably in IT or Computer Science), some experience, a bunch of certs, and one will blaze their way to the glory of financial freedoms.
To a certain degree this is true, but there are other qualitative skills that one needs to have in order to be successful at a career in Cyber security.
These are traits that are hardly mentioned until you actually start working, so I thought I would write more about this to help you decide if Cyber security is for you. Here we go:
*You simply cannot deal with change:
The Cyber threat landscape is changing constantly even on a minute by minute basis. True, it is a trait amongst humans to be resistant to change. Even I get that sometimes myself when it comes to writing. But in the end, if you are to be successful fighting off the Cyber attacker, you constantly have to be on your feet (not literally speaking) and be willing to embrace change not within days, but within hours.
*You don’t like learning:
So now you have all the certs you could ever hope for, and you are probably thinking to yourself: “Whew, no more study guides, no more online training, or instructors. I’m done!!!” Well, the truth of the matter is that even after you get a cert, such as the CISSP, CISA, etc. the institution which granted you these certs [in this case, it would be the ISC (2)] will require to earn what are called “Continuing Educational Credits”. What this means is that in order to keep your cert viable, you have to keep participating in educational activities, and earn a certain amount of credits over a defined time period (which is typically a three-year time frame).
*You like to take your time to do your job tasks:
True, every manager likes to see their employees complete their job tasks without having to them over again. But in the world of Cyber threats, you cannot take your time to react to a Cyber-attack. You and your team have to react as quickly as possible, in order to quickly put out the fires. But of course, this is all assuming that your organization has an Incident Response Plan already in place, and that it already has been tested a few times with success. After all, this is the step by step sequence of events that you will have to follow in order to bring business operations back up quickly. In this regard, you must also act calm when dealing with a Cyber-attack. After all, cooler heads will prevail in the end.
*Being ignored gives you more insecurity:
Let’s face it, as human beings, we all always want attention, and want to be recognized for the work that we have done. It strokes our egos, and gives us more drive to produce more work for our boss. Even I get that way sometimes. For example, if I don’t hear back from somebody, especially when it comes to a writing project, I always wonder “What happened? Why can’t they get back to me?” In the world of Cyber security, being ignored at times is something that will always happen. You may think that your ideas are the best in the world, but keep in mind you are working with other specialists who think the same thing as well. Therefore, if you want to succeed at a career in Cyber security, you have to embrace the idea of working as a team, and that your ideas may not always be accepted or even work in the real world. To this regard, your manager may even say to you repeatedly “Failure Is Not an Option!!”. Well, the truth of the matter is that failure can and will happen, especially when you are dealing with a totally elusive Cyber attacker.
*You cannot deal with the fact that upper management has no clue about Cyber security:
Probably out of all of the things I have written about in the past week, this is one of the hot button topics. A few days ago, I wrote an entire piece as to how C-Level Execs and Board Directors simply cannot fathom the concept of Cyber security, much less even create a strategic direction for their company on this. Organizations are becoming aware of this fact, and this is a trend that will more than likely change over a long period of time. In fact, it this group of people that probably avoid all Security measures that are required – after all, they are the managers and the leaders, so whatever they say goes, right? WRONG!!! This is a harsh reality that they will face eventually. But if you are going to succeed at a career in Cyber security, this is something that you will have to deal with in the here and now. Also, because of this level of ignorance that is portrayed (even by the employees) themselves, more than likely, it is you and your team that will be blamed for anything that goes wrong, even if it is not your fault.
*You don’t like details:
In the world of Cyber security, the proverbial saying of the “Devil is in the details” is so very true. Without detail, how do we know what happened, what has been impacted, and more importantly, where did the Cyber attack originate from? After all, there will be tons log files to examine, and painstaking research on all of the evidence that will need to be conducted in order to answer these questions and even more. It this level of detail that will provide the support for the high-level overview that you will need to provide to upper management. If you like a sleuth combing through evidence, and get an exuberant high in digging into the detail, then Cyber security is a career for you.
Well, there you have them. These are amongst the top six personality traits that you must possess if you are going to succeed in a Cyber security career. Of course, you can’t forget the college degree and the certs either.