Jump start your Security Career

Are you interested in a career as a security professional?

The world is more digital than ever before. A 2018 report from CIRA found that 54% of Canadians owned 5 or more digital devices. With all these connected devices, Canadian citizens and businesses face a greater chance than ever before of having a data breach. As the risk posed by cyber criminals increases, as do the careers and opportunities in Information Security. Currently, there is a forecasted global shortage of 3.5 million cyber security professionals by 2021 and in Canada alone, we are estimated to require 8,000 by 2022. 

A career in cybersecurity is not only an in demand job, it is also one that is rewarding and challenging. As a cybersecurity professional, you get the opportunity to work in a constantly evolving environment, dealing with technologies and systems that go on to serve millions and millions of users. As a professional in this field you may be dealing with technologies that can span from robots, to cars, to websites, the variety is endless. 

Due to the variety of work that security professionals do, their backgrounds are quite diverse. Not every job requires significant technical knowledge.  In Canada, there is no 4 year cybersecurity degree, though there are diplomas and masters programs. Approximately half of security professionals will have a computer science or engineering degree.  Others spend a lot of time on the help desk or other IT roles.  Still others have little or no IT experience.  Careers in security are often not suggested by academic advisors and counsellors because there is no defined path to become a security professional. 

On this page we outline some tips to help you educate yourself and take the next step towards a career as a security professional.

What is a Security Professional?

A strategic thinker able to interpret the changing threat landscape, understand the implications of changing technology, and enable the business to achieve it’s goals.

Steps to jump start your Security Career

1. Read the following Wikipedia articles

2. Find out more about different careers and what security professionals do

3. Decide if you’re still interested

  • What do you want to do? 
  • Why do you want to work in this field?
  • Who do you want to do it for?
  • What are your next 3 jobs?
  • Are you technical or not technical?

4. Sample security career titles include:

  • security administrator/analyst/consultant/specialist
  • security architect/design/build/operations/support/engineer
  • network security, data security, application security, endpoint/device/mobile security
  • investigations, forensics, data recovery
  • security testing, code reviews, vulnerability assessment, penetration testing, red team
  • incident handling, incident response
  • threat intelligence, threat hunter
  • logging, correlation, event management, big data analytics
  • governance, risk, and compliance (GRC)
  • vulnerability management
  • identity and access management
  • encryption, cryptography, certificates
  • security awareness
  • security education, training
  • security communications, marketing
  • auditing, project management
  • vendor management
  • cloud security
  • security policy
  • IOT, ICS, SCADA, hardware
  • security manager/director/CISO
  • security sales

 

1. Talk to security professionals you know and ask more questions

  • Find out what they do, how they do it, why they do it, what they like, what they don’t like, how they got their start
  • You’ll find security professionals more willing to help others get a leg up than any other industry

2. Join a local Meetup group focused on security and ask questions

  • Find out more about the ‘hacker mindset’

3. Join a professional organization like ISACA (Events are great places to volunteer, network, learn, and get involved)

4. Consider finding a mentor

  • Recommend training, courses
  • Identify gaps, development opportunities
  • Expand your network
  • Provide career advice

 

1. Identify required education, experience, certifications, and skills

  • Identify companies with 2 or more full-time security professionals
  • Review job profiles
  • Review job postings
  • Make a list of the requirements
  • Become familiar and gain experience with each skill

2. Consider taking free online courses and learn the language/jargon

3. Take advantage of free materials  

4. Certifications

  • Top certifications in-demand by employers
    • CISSP
    • CISM
    • CISA
  • If focused on penetration testing
    • CEH
    • LPT
    • GPEN
    • OSCP
  • If a beginner:
    • CompTia Security+
    • ISACA CSX

5. Attend relevant conferences:

  • RSA Conference
  • BlackHat, DEF CON, B-Sides
  • CanSecWest, SecTor
  • SANS
  • Gartner Security and Risk Management Summit
  • FIRST Conference
  • IEEE
  • ISF
  • ISACA
  • Privacy & Security Conference (Victoria)

 

1. Further your knowledge by experimenting at home

  • familiarize with basic networking
  • familiarize with firewalls and examine traffic inbound, outbound, and within your network
  • familiarize with operating systems like Linux (Ubuntu, Kali)
  • familiarize with different types of hardware
  • familiarize with other topics based on interest (eg. risk, secure coding)
  • familiarize with cloud (eg. spin up a VM on AWS)

2. Consider taking paid courses online or in classroom

  • Online: Udemy, SANS, Infosec Institute, ISACA
  • Instructor led: SANS, Global Knowledge, EC-Council, ISC2, ISACA
  • Post secondary: Individual Courses, Certificates, Diploma, Masters

3. Consider ways to get work experience

  • Co-op
  • Internship
  • Leadership Development Program
  • Volunteer
  • Mentoring
  • Job shadowing
  • On-loan
  • Temporary Assignment

 

 

This page contains links to information/websites published by others that have been compiled by the Information Security Branch (ISB) from various sources. The intention of the this page is simply to make its recipients aware of information and resources pertaining to a career in security. The views and opinions displayed in these links/websites are strictly those of the writers and editors and are not intended to reflect the views or opinions of the ISB. Readers are expected to conduct their own assessment on the validity and objectivity of each link/website and to apply their own judgment when using or referring to this information. The ISB is not responsible for the manner in which the information presented is used or interpreted by its recipients.