Cybersecurity has been one of the hottest job roles for many years now. From cyber-attacks to security breaches, ever since the dawn of the millennium, companies across the globe have been continuously targeted. This scenario has given massive opportunities for professionals willing to enter the security domain.
The demand for jobs in cybersecurity growth is unmatched in any other technology domain. According to reports, Asia Pacific has the largest chunk of the volume of opportunities in cybersecurity around the world, and India makes the bulk of the demand for cybersecurity jobs in the APAC region. But, amid constantly rising attacks, companies across India are facing a lack of skilled/experienced cybersecurity personnel.
What Are Companies Looking For When It Comes To Cybersecurity?
Data is the main entity which organisations are trying to protect, whatever may be the industry vertical in which a particular organisation operates. While controls are the same, compliance requirements or security approach may vary from company to company. Ultimately, the goal is to ensure confidentiality, integrity and availability of data, said experts in a recent webinar organised by Analytics India Magazine.
Organisations deploy people, processes and technology in this regard. Cybersecurity professionals develop, configure, and troubleshoot a variety of technologies such as encryption, firewall/IPS, advanced malware protection, network analytics, and processes like identity access management and authentication. There is also the compliance part in the pursuit of protecting data.
An organisation requires process managers and auditors of security controls. Similarly, for compliance processes, you need GRC professionals and legal experts. Incident response, forensic investigator, threat analysts, a lot of opportunities are created out of the requirements of cybersecurity. For technology, you need developers, IT ops and security architects.
Eligibility For A Cybersecurity Career
Apart from a relevant degree in technology, knowledge about basic and/or advanced cybersecurity concepts, extensive cybersecurity work experience, industry certifications, knowledge of regulatory policies is usually required to make a career in cybersecurity.
At the same time, cybersecurity is not tied to any academic qualification, and it may be a career path you can make irrespective of the qualification you have. The rise in cyberattacks is also increasing the opportunities for professionals from all backgrounds who want to make a career in cybersecurity. Even people from humanities background can make a career in cybersecurity.
“You can start a cybersecurity career regardless of the background. More than the background, what matters is the approach people take with cybersecurity, and how they get the job done when it comes to protecting data, analysing threats, and preventing attacks,” spoke Tathagata Datta, Director of Cybersecurity, Praxis Business School during the webinar.
Choosing The Cybersecurity Role
Cybersecurity is a vast field, and there are various roles that one can pursue. When you are initiating a career in cybersecurity, you have to make sure that you analyse the different job roles that the industry offers.
There are many cybersecurity career tracks, including GRC, Auditors, incident responders, SOC analysts, IoT security professionals, security software developers, cloud security experts, cyber forensic experts and cybersecurity trainers. For example, to become an auditor or a Governance, Risk management, and Compliance (GRC) manager, you have to make sure you know each and every component of the security infrastructure.
“GRC is like an orchestra conductor. He or she should have an understanding of all the security components, unlike someone who is a cloud security expert or database security manager. Because all the security components talk to each other. So, there should be a sharing of security intelligence and incidence reports. An auditor or GRC compliance manager should have competence and skills, cutting across all the domains. So, it’s very challenging because you have to learn the technology as well as the compliance process but coming up as a lucrative career,” according to Tathagata Datta.
The majority of the investment in terms of resourcing, planning and training happens to prevent the attack. The large majority of the investment happens in preventive measures against attacks, constituting people, process, and tools.
“The first step is to acquire basic cybersecurity skills, followed by choosing a specific domain based on personal interest and market demand. For this, one needs to get in-depth training, develop skills, and acquire specific certifications in security. A cybersecurity professional can then build up further on niche areas through targeted certifications,” said Koushik Nath, Security Architect, Cisco Systems during the webinar.
Selecting The Right Training Institute/Certification
Aspirants can look for courses which gives them a clear understanding of components at the initial level. It’s important to look at the course content and whether it is future proof. Similarly, getting hands-on training is very important.
Next up, you need to evaluate the faculty members who are industry experts and have vast and diverse experience in cybersecurity. Hands-on training and focus on niche skill training in cybersecurity are one of the most important things.
Read This Article To Know More About Cybersecurity Courses –
Top 10 Cybersecurity Courses In India: Ranking 2020
Apart from courses, certifications are another aspect of the profession that security professionals should seek. According to experts, professionals in cybersecurity should strive to get certifications to gain credibility and prove their worth.
Mr Nath, who manages Security Operations Center (SOC) for Cisco, says, “To become a SOC analyst or professional, what we look for is SANS certification. But, before you acquire SANS certification, you need basic security knowledge. There we look for CISSP certification. The first certificate that people should attempt in the cybersecurity space is CISSP certification.”
According to him, CISSP gives security aspirants a broad knowledge about the entire domain of cybersecurity. After CISSP, professionals should go for specific certifications for niche technology that they are interested in such as database security or cloud security professional, or other. At the same time, he says hands-on training as part of the job is more important than any certification.
“Today’s attacks are very sophisticated, not just in terms of technology but strategy as well. So, until you get the nerve of the attackers, you won’t be able to get the job done,” told Koushik Nath. “The point is we are not looking for someone who can speak good English. Instead, I need a person who can do threat hunting. I need a person who can do forensic analysis, malware reverse engineering. These are the hands-on skills and require a different thought process. And, the skills are lacking severely across the world,” he further said.
