We've all been talking about The Skills Gap for some time now, but what does this mean, what effect does this have on global organizations, and is there anything we can we do about it?
According to the Cyber security Jobs Report, the demand to fill roles within the information security industry is expected to reach 3.5 million unfulfilled positions this year. Furthermore, unemployment in the industry is currently exceptionally low. Research in an annual global survey by the Enterprise Service Group (ESG) found that by 2021, 51% of IT decision-makers said they were struggling to fill open positions. This worrying statistic is exactly why the World Economic Forum (WEF) named cyber-attacks as the fourth most serious global concern, and data breaches the fifth, but also why those with an interest in, or currently employed in an IT role, should consider learning the skills to become a Cyber Security Professional.
We're counting down the 20 Coolest Careers in cybersecurity:
20: Media Exploitation Analyst
If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked or damaged, then this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.
19: DevSecOps Engineer
As a DevSecOps engineer, you develop automated security capabilities leveraging best of breed tools and processes to inject security into the DevOps pipeline. This includes leadership in key DevSecOps areas such as vulnerability management, monitoring and logging, security operations, security testing, and application security.
18: ICS/OT Security Assessment Consultant
One foot in the exciting world of offensive operations and the other foot in the critical process control environments essential to life. Discover system vulnerabilities and work with asset owners and operators to mitigate discoveries and prevent exploitation from adversaries.
17: Application Pen Tester
One of the most exciting roles within the cyber security industry, you will be responsible for the penetration testing (or ethical hacking), of applications, a significantly vulnerable point. The objective is to find security weaknesses before a cybercriminal does.
Related SANS courses: DEV522 (GWEB Certification)
16: Vulnerability Researcher & Exploit Developer
In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!
15: Security Awareness Officer
Security Awareness Officers work alongside their security team to identify their organization’s top human risks and the behaviors that manage those risks. They are then responsible for developing and managing a continuous program to effectively train and communicate with the workforce to exhibit those secure behaviors. Highly mature programs not only impact workforce behavior but also create a strong security culture.
14: Intrusion Detection / (SOC) Analyst
Security Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
13: Cloud Analyst
The cloud security analyst is responsible for cloud security and day-to-day operations. This role contributes to the design, integration, and testing of tools for security management, recommends configuration improvements, assesses the overall cloud security posture of the organization, and provides technical expertise for organizational decision-making.
12: Technical Director
This expert defines the technological strategies in conjunction with development teams, assesses risk, establishes standards and procedures to measure progress, and participates in the creation and development of a strong team.
11: OSINT Investigator / Analyst
These resourceful professionals gather requirements from their customers and then, using open sources and mostly resources on the internet, collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets in their work. Their goals are to gather, analyze, and report their objective findings to their clients so that the clients might gain insight on a topic or issue prior to acting.