How to Get a Job in Cybersecurity
What do Sony, Ashley Madison, the Democratic National Committee and Chipotle all have in common? They’ve all been victims of some pretty big hacking scandals, the likes of which show no signs of stopping. This is bad news if your information is released, but great if you want to get a job in cybersecurity, a.k.a. information security. Protecting data is big business, and there are plenty of jobs.
To find out how to get one of these jobs, we reached out to Dan Bougere, a senior consultant with Securicon in Washington, D.C., and a former analyst with the National Security Agency. His big tip is to start with working on your professionalism. “You’re not selling out putting on a tie or learning to communicate effectively. You can be the greatest hacker in the world on the weekend, but from 9 to 5, if you can walk into a boardroom and be taken seriously, you’ll get, keep and move up in a job.”
Here’s more of Bougere’s advice.
TAKE YOUR CODING TO A DEEPER LEVEL
Obviously technical skills will be important in any IT field, and this includes information security. You’ll need to know the basics, Bougere says, such as programming, networking and the inner workings of computer systems. But you’ll also need extensive knowledge of internal code.
Internal code is the assembly language running on the CPU itself, not high-level code written by programmers, Bougere says. This is important because “most hackers have to manipulate the code on the computer. They will take advantage of misconfiguration or errors in code to exploit a machine. If you understand the deeper, internal code, you can fix these problems more readily,” he says.
Bougere recommends securing this expertise across a wide variety of systems. Most organizations don’t just want a Linux specialist, for example; they want someone with a range of experience across Windows, Linux and Mac systems, he says.
WORK ON YOUR WRITING SKILLS
It’s not enough to do great work, Bougere says — you also need to be able to communicate about it. You have to be able to share your findings through reports, email and presentations to clients, he says. You have to convey technical information to an audience that may not be as technically savvy as you, so learning to write and communicate in a way that will be concise and get the point across is key, he says.
Cybersecurity firms are “full of brilliant, technical people,” he notes. “But if the company has to hire you to do the security work and a separate writer to help you with this aspect of your job, it costs them more money and costs you opportunities,” Bougere says.
LOOK FOR JOBS IN THE RIGHT PLACES
Another place Bougere hears about jobs is at conferences and conventions. He recommends DEF CON, the HOPE (Hackers on Planet Earth) conference, sponsored by quarterly magazine 2600 approximately every other year, and Security BSides, which has several events around the globe.
Professional associations are also a good resource for continued learning and networking. Many are national organizations with local affiliates and may have job boards of their own. A few Bougere likes include IEEE (the Institute of Electrical and Electronics Engineers), ACM (the Association for Computing Machinery) and ISSA (the Information Systems Security Association).
ADD SOME EXTRA CREDIT TO YOUR RESUME
If you want to really add some sizzle to your resume, shoot for jobs that will get you government clearance. “In the private sector, a lot of things can be outsourced to anyone who can do the job. In government this isn’t the case because people need clearance. An undergrad professor told me, ‘If you get government clearance, you’ll never be unemployed,’ and it was one of the best pieces of advice I’ve ever gotten,” he says. A site featuring clearance-level jobs that Bougere recommends is ClearanceJobs.com.
Bougere recommends finding a job that requires “Secret” clearance. There are jobs like this sometimes with firms such as Boeing and Lockheed Martin, he says. If you apply and the company wants to hire you, they will often sponsor you to get your “Secret” clearance. In the meantime you can get “Interim Secret” clearance and begin work while you’re being investigated. You’ll need decent credit and will be asked about illegal drug use, Bougere says. Aiming for a job with “Top Secret” clearance like in the FBI or CIA? They’ll come to you if they’re interested.
Another bit of extra credit for your resume: Certifications and continuing education. Not only will this show that you haven’t rested on your old skill sets, but Bougere says it will help you pass the initial HR scan and make it to the interview round. “The first people reviewing your resume aren’t necessarily technical themselves, but they like seeing certifications for various software or programming suites. List them on your resume in a clear and easily scannable format and you’ll have an advantage.”