We've all been talking about The Skills Gap for some time now, but what does this mean, what effect does this have on global organisations, and is there anything we can we do about it?
According to the Cyber security Jobs Report, the demand to fill roles within the information security industry is expected to reach 3.5 million unfulfilled positions by 2021. Furthermore, unemployment in the industry is currently exceptionally low. Research in an annual global survey by the Enterprise Service Group (ESG) found that by 2018, 51% of IT decision-makers said they were struggling to fill open positions. This worrying statistic is exactly why the World Economic Forum (WEF) named cyber-attacks as the fourth most serious global concern, and data breaches the fifth, but also why those with an interest in, or currently employed in an IT role, should consider learning the skills to become a Cyber Security Professional.
Explore these roles, challenge your skills and take the next step in your career so that you become an invaluable investment, with the following cyber security jobs.
1: Threat Hunter
Featured top of the list for good reason, Threat Hunters are one of the most valuable jobs to the IT industry, with skills shown to improve the speed of threat detection and response more than two-fold, in comparison to teams without this dedicated resource. Enjoy job security by offering a 64% improvement in the detection of advanced threats, and a 63% reduction in investigation time according to the 2018 Threat Hunting Report.
2: Penetration Tester
"Penetration testing is the active circumvention of security features in networks, systems, and applications. This is where the penetration tester emulates threats by attempting to access alternative functionality. A penetration tester will also assess data or functionality in a manner not anticipated by the group designing that system. A good penetration tester will need to be highly technical and will also require a level of skill that enables meaningful communication of risk to management. Pen testing is a critical capability that most organisations will require, and it can also be quite fun, if not sometimes tedious. I love what I do, both as a tester and as an instructor for SANS." - Adrien De Beaupre SANS SEC642 Instructor
3: Forensic Computer Analyst
Analyst findings might be used as evidence in a criminal investigation, to resolve a business or legal dispute, to uncover specific targets or to detect suspicious activity.
4: Incident Responder
When you're passionate about fighting cyber-crime, being an incident responder will bring a great deal of job satisfaction. Learn to discover the issue, mitigate the damages and investigate the situation from all angles.
5: Security Architect
Design, build and supervise the implementation of network and computer security. As a Network Security Architect, you will test for vulnerabilities and install firewalls, along with various security policies and procedures.
6: Malware Analyst
For those that like to fight the breach head on, a Malware Analyst will ensure the fast and effective response and containment to a cyber-attack.
Related SANS courses: FOR610 (GREM Certification)
7: CISO/ISO or Director of Security
As a chief information security officer, you will be the balance between the IT department and the boardroom, with an equal understanding of both business and information security. Together with the ability to influence and negotiate, you will also have a thorough knowledge of global markets, policy, and legislation. With the ability to think creatively, the CISO will be a natural problem solver and will find ways to jump into the mind of a cyber criminal, discovering new threats and their solutions.
8: Security Software Developer
As a senior developer, this creative position requires the ability to design secure software using protected programming techniques, that are free from vulnerabilities which could be abused by hackers. You will have the ability to incorporate security analysis, defences and countermeasures in order to ensure strong and reliable software.
9: Media Exploitation Analyst/Law Enforcement Computer Crime Investigator
If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked or damaged, then this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.
10: Software Validation Engineer
As a software validation engineer, you will assess software in order to verify issues and log defects. You will be responsible for developing summary reports for tests performed and will review data with all team members. In summary, to fill this role you will be a qualified engineer responsible for managing, inspecting, testing and modifying the equipment and procedures used to manufacture various products.
11: Security Operations Centre Analyst
SOC Analysts work alongside security engineers and SOC managers, to provide situational awareness through detecting, containing, and resolving IT threats. Working closely with incident response teams, a SOC analyst will address security issues - when detected, quickly and effectively.
12: Vulnerability Researcher/Exploit Developer
As one of the fastest growing careers in the tech industry, this vital role is responsible for research and analysis of new exploits and will hold experience in penetration testing and writing exploit code.
13: Security Audit and Risk Management Specialist
As the role responsible for identifying and assessing a company's potential risks to safety, reputation and financial prosperity, the security audit and risk management specialist will have strong problem solving and analytical skills together with an ability to negotiate and be diplomatic while working under pressure.
14: Cyber Security Analyst/Engineer
As one of the highest-paid jobs in the field, the skills required to gain footing in this role are advanced. You must be highly competent in threat detection, threat analysis, and protection, broken authentication, cross-site scripting and cross-site request forgery. This is a vital role in preserving the security and integrity of an organisation's data.
Related SANS courses: SEC401 (GSEC Certification), SEC501 (GCED Certification), MGT516, MGT525 (GCPM Certification), SEC540 (GIAC Certification coming soon), SEC450, SEC511 (GMON Certification), SEC503 (GCIA Certification), SEC530 (GDSA Certification) and SEC555 (GCDA Certification)
15: Mobile Security Manager
Taking care of an organisation's mobile device safety, as a Mobile Security Manager you are responsible for monitoring and securing all of a companies' Smartphones, laptops, smartwatches, and other connected devices. Managing the collective tools, technologies, and processes that enable the securing of a mobile device or mobile computing environment, you will be part of a broader information security management policy that focusses mainly on mobile IT assets.
16: Application Penetration Tester
One of the most exciting roles within the cyber security industry, you will be responsible for the penetration testing (or ethical hacking), of applications; a significantly vulnerable point. The objective is to find security weaknesses before a cyber criminal does.
Related SANS courses: DEV522 (GWEB Certification)
17: Disaster Recovery/Business Continuity Analyst/Manager
Level up your skills and earn your place as a disaster recovery manager, where you will be responsible for managing the design, implementation, and communication of organisations continuance and disaster recovery plans. Your processes will ensure the safeguarding of business data, technology, information systems, and databases.
18: Technical Director and Deputy CISO
Would you like to train and develop future leaders in the cyber security department? You will be responsible for deciding on the costs needed to develop senior roles, on executing the security strategy consistently throughout the department and identifying and managing the skills and weaknesses of associates.
19: Intrusion Analyst
"I've come to realise that network monitoring, intrusion detection, and packet analysis represent some of the very best data sources within our enterprise. These can be used to very rapidly confirm whether or not an incident has occurred, and allow an experienced analyst to determine, often in seconds or minutes, what the extent of a compromise might be. In a very real sense, I have found this to be the most important course that SANS has to offer. Not only will it cause you to think about your network in a very different way as a defender, but it is incredibly relevant for penetration testers who are looking to "fly under the radar." The concepts that you will learn in this course apply to every single role in an information security organisation!" - David Hoelzer — SANS SEC503 Instructor
20: IoT/Critical Infrastructure Security Director
A crucial role within today's world where cyber attacks to our critical infrastructure are increasing in risk. In an age where almost every devise or piece of machinery can be connected to the internet, they too are at risk of being hacked. The Internet of Things (IoT) has evolved so quickly that managing its security has become a minefield. When we look broadly into the matter, Critical Infrastructure is at risk to foul play. Power grids, chemical plants, and transportation systems are being attacked by hackers. In a report by Business Insider, 'A new front in cybersecurity', investigations found that companies operating critical infrastructure reported 295 cyber attacks in 2015. While technology is consistently evolving, so too will attacks to this industry.
The role of security director to IoT and Critical Infrastructure is invaluable - some might say indispensable.
In our economy of increasing need for cyber security professionals, training in this profession puts you at an advantage in comparison to other industries. Safe in the knowledge that unemployment in this sector is so low, the investment of time and money to improve your cyber security skills is a wise move.
You can Level Up your skills with SANS, the global leader in cyber security training and certifications. Whether you're looking to give your career a boost, keep up to date with current cyber threats, or maybe you're joining the world of information security, SANS will offer you training and certification which you will be able to use in your career, the moment you complete the course.
To find out which course may suit your knowledge level, take the Level Up test which covers: Information Security Fundamentals, Pen-testing & Ethical Hacking, Cyber Defense, or Digital Forensics. When you've completed your test, Level Up will provide a list of suggested course options catered to your skillset. You can also use the SANS Roadmap to plan out the training path to your ideal goal.