Introduction

October is recognized as cybersecurity awareness month. What exactly are cyber practitioners trying to make people aware of? The basics would be a great place to start!  

• Don’t use the same passwords on multiple accounts
• Don’t write your passwords down where they can be easily found
• Enable two factor authentication on your most important accounts
• Don’t click on random links from people you do not know. 

If these basic cyber hygiene tips were followed, the world would be a much safer place. 

The other critical area to raise awareness of is the crucial shortage of qualified professionals to fill the current openings in cybersecurity, let alone the projected future growth. The New York Times reported there are 3.5 million open cybersecurity jobs in 2021 that organizations can’t find qualified people to fill. (https://startup.info/cybersecurity-career/). The other staggering number to consider is damage from cyber crime is expected to top $6 trillion worldwide. Think how much good could be done in the world if we were able to direct that $6 trillion to other worthy projects. Cybercrime has unfortunately caused the greatest transfer of wealth in history with the theft of information and intellectual property. 

1) What made you decide to go into the field of cybersecurity?

When I first started in this field more than 20 years ago it was known as “information assurance” before evolving into what we know today as cybersecurity. My love for all things technology, how to move data across a network, and my need to never have a typical workday are what attracted me to start a career in information technology. 

2) What do you find rewarding about this job?

Always having a new problem to solve is a constant in the workday of a cyber professional. You get to draw on all your previous experiences, work with a team of people, and learn tremendous amounts of new information. If you like facing a new challenge each and every day, you can look forward to a lifetime of cyber problems that need to be solved.

3) What do you find most challenging about this job?

Just when you think you have it all figured out, a new threat or vulnerability emerges that needs to be dealt with. The constant news stories of organizations that have suffered a cyber-attack or data breach provide all too frequent reminders of the problems that need to be solved.

4) What are the primary responsibilities/duties of your job?

As the Director of Technology for an organization, my responsibilities include keeping all company data secure from both inside and outside threats. 

Yes, our own users can be insider threats that we need to protect against. Threats include everything from a bad link that was accidentally clicked on, to a frustrated employee that intentionally tries to cause harm to systems.  

My responsibilities also include maintaining physical security measures like door locks and access control systems, software, server hardware, and network security. Sometimes security professionals are viewed as the “paid pessimist” in the organization. Part of our job is to think about all of the things that could possibly go wrong and develop a plan to defend against those threats, and how to react if an attack is successful. To protect the organization, we need to think like the adversary. In the world of cybersecurity, the defenders need to be right 100% of the time, whereas the threat actors only need to find one open door to breach a system. 

5) What other details would you want students to consider or know about your field?

Hopefully this sounds like a career path that you may be interested in exploring. If you do not have any experience working in the technology field it may seem overwhelming on where to start. My advice for students entering this field is to approach it from your comfort zone. What do you like?  If you play computer games you are already familiar with networks, IP addresses, and ping times. If you have built a computer or installed an operating system, you know a bit about how computers function. If you have taken a programming class, you know a bit about logic. If you like to solve all kinds of puzzles, problems, and just want to know how things work, you have the natural curiosity to enter the cybersecurity field.

6) How do certifications distinguish a prospective job candidate from those who don’t have them?

Certifications are a great way to learn content and add credibility to your resume. Entry level certifications like CompTIA Network+ and Security+ give you the foundation to build on and seek an entry level position in an organization. Many employers, including government positions, require certifications to be hired. 

7) What are the most important skills to obtain a career in cybersecurity?

Certifications are only a part of how to become a successful cybersecurity professional, but hands-on experience is a must. Build a test lab at home using spare equipment and free tools like VMWare and Linux. Stay current on what is happening in cybersecurity – daily updates from sites like thecyberwire.com are a great way to stay informed. In your lab environment, try out skills like  how to defend against the threats you read about in the news and your certification classes. Being able to demonstrate the skills you have developed during a technical interview will help differentiate you from other candidates during the interview process.

8) What is the typical salary range for this career?

Entry level positions typically have salaries starting in the $40,000 to $50,000 range. Senior level positions can have salaries higher than $150,000.  

9) Never Stop Learning

The best practitioners are tenacious learners who tinker with systems and try things developers may never have thought of.  In that, testing vulnerabilities may be found and new defense strategies formulated. The hope is we inspire more students to become cybersecurity professionals to fill the open positions and make the world safer for all of us. During cybersecurity awareness month this October, perform a self cyber hygiene check using the basics bulleted above and encourage someone you know to consider studying cybersecurity. 

Author/Guest Blogger: 
Stephen Morrill
Director of Information Technology
https://www.linkedin.com/in/steve-morrill-0902615/