Jump start your Security Career
Are you interested in a career as a security professional?
The world is more digital then ever before. A 2018 report from CIRA found that 54% of Canadians owned 5 or more digital devices. With all these connected devices, Canadian citizens and businesses face a greater chance than ever before of having a data breach. As the risk posed by cyber criminals increases, as do the careers and opportunities in Information Security. Currently there is a forecasted global shortage of 3.5 million cyber security professionals by 2021 and in Canada alone we are estimated to require 8,000 by 2022.
A career in cybersecurity is not only an in demand job, it is also one that is rewarding and challenging. As a cybersecurity professional you get the opportunity to work in a constantly evolving environment, dealing with technologies and systems that go on to serve millions and millions of users. As a professional in this field you may be dealing with technologies that can span from robots, to cars, to websites, the variety is endless.
Due to the variety of work that security professionals do, their backgrounds are quite diverse. Not every job requires significant technical knowledge. In Canada there is no 4 year cybersecurity degree, though there are diplomas and masters programs. Approximately half of security professionals will have a computer science or engineering degree. Others spent a lot of time on the help desk or other IT roles. Still others have little or no IT experience. Careers in security are often not suggested by academic advisors and counsellors because there is no defined path to become a security professional.
On this page we outline some tips to help you educate yourself and take the next step towards a career as a security professional.
What is a Security Professional?
A strategic thinker able to interpret the changing threat landscape, understand the implications of changing technology, and enable the business to achieve it’s goals.
Steps to jump start your Security Career
- What do you want to do?
- Why do you want to work in this field?
- Who do you want to do it for?
- What are your next 3 jobs?
- Are you technical or not technical?
- Find out what they do, how they do it, why they do it, what they like, what they don’t like, how they got their start
- You’ll find security professionals more willing to help others get a leg up than any other industry
Find out more about the ‘hacker mindset’
- Recommend training, courses
- Identify gaps, development opportunities
- Expand your network
- Provide career advice
- Identify companies with 2 or more full-time security professionals
- Review job profiles
- Review job postings
- Make a list of the requirements
- Become familiar and gain experience with each skill
- Articles (read something every day security-related and stay up to date on current trends)
- Forums and other security groups
- Check out other sites online
- familiarize with basic networking
- familiarize with firewalls and examine traffic inbound, outbound, and within your network
- familiarize with operating systems like Linux (Ubuntu, Kali)
- familiarize with different types of hardware
- familiarize with other topics based on interest (eg. risk, secure coding)
- familiarize with cloud (eg. spin up a VM on AWS)
- Many good printed books, e-books, whitepapers, and other PDFs available online
- Good deals on sites like HumbleBundle
- Online: Udemy, SANS, Infosec Institute, ISACA
- Instructor led: SANS, Global Knowledge, EC-Council, ISC2, ISACA
- Post secondary: Individual Courses, Certificates, Diploma, Masters
- RSA Conference
- BlackHat, DEF CON, B-Sides
- CanSecWest, SecTor
- Gartner Security and Risk Management Summit
- FIRST Conference
- Privacy & Security Conference (Victoria)
- if you are disciplined or already have experience you may be able to study and challenge the exam
- 5 days or less designed to ensure you are familiar with the exam material
- longer commitments of time
- Top certifications in-demand by employers
- If focused on penetration testing
- If a beginner:
- CompTia Security+
- ISACA CSX
- Leadership Development Program
- Job shadowing
- Temporary Assignment
- security administrator/analyst/consultant/specialist
- security architect/design/build/operations/support/engineer
- network security, data security, application security, endpoint/device/mobile security
- investigations, forensics, data recovery
- security testing, code reviews, vulnerability assessment, penetration testing, red team
- incident handling, incident response
- threat intelligence, threat hunter
- logging, correlation, event management, big data analytics
- governance, risk, and compliance (GRC)
- vulnerability management
- identity and access management
- encryption, cryptography, certificates
- security awareness
- security education, training
- security communications, marketing
- auditing, project management
- vendor management
- cloud security
- security policy
- IOT, ICS, SCADA, hardware
- security manager/director/CISO
- security sales
This page contains links to information/websites published by others that have been compiled by the Information Security Branch (ISB) from various sources. The intention of the this page is simply to make its recipients aware of information and resources pertaining to a career in security. The views and opinions displayed in these links/websites are strictly those of the writers and editors and are not intended to reflect the views or opinions of the ISB. Readers are expected to conduct their own assessment on the validity and objectivity of each link/website and to apply their own judgment when using or referring to this information. The ISB is not responsible for the manner in which the information presented is used or interpreted by its recipients.