Tags:
We've all been talking about The Skills Gap for some time now, but what does this mean, what effect does this have on global organizations, and is there anything we can we do about it?
According to the Cyber security Jobs Report, the demand to fill roles within the information security industry is expected to reach 3.5 million unfulfilled positions this year. Furthermore, unemployment in the industry is currently exceptionally low. Research in an annual global survey by the Enterprise Service Group (ESG) found that by 2021, 51% of IT decision-makers said they were struggling to fill open positions. This worrying statistic is exactly why the World Economic Forum (WEF) named cyber-attacks as the fourth most serious global concern, and data breaches the fifth, but also why those with an interest in, or currently employed in an IT role, should consider learning the skills to become a Cyber Security Professional.
We're counting down the 20 Coolest Careers in cybersecurity:
7: Blue Teamer – All Around Defender
This job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.
Related SANS courses: FOR508 (GCFA Certification), SEC599 ( GDAT Certification), SEC699, SEC530 (GDSA Certification), SEC450, SEC503 (GCIA Certification), SEC511 (GMON Certification, SEC505 (GCWN Certification), SEC555 (GCDA Certification) and SEC586
8: Security Architect
Related SANS courses: SEC450, SEC503 (GCIA Certification), SEC511 (GMON Certification), SEC530, (GDSA Certification), FOR572 (GNFA Certification), SEC501 (GCED Certification) and MGT516
Related SANS courses: FOR610 (GREM Certification)
9: Incident Responder
When you're passionate about fighting cyber-crime, being an incident responder will bring a great deal of job satisfaction. Learn to discover the issue, mitigate the damages and investigate the situation from all angles.
Related SANS courses: All FOR classes plus SEC504 (GCIH Certification), SEC501 (GCED Certification), SEC487, FOR509 (Course coming soon) and FOR518
10: Cyber Security Analyst/Engineer
As one of the highest-paid jobs in the field, the skills required to gain footing in this role are advanced. You must be highly competent in threat detection, threat analysis, and protection, broken authentication, cross-site scripting, and cross-site request forgery. This is a vital role in preserving the security and integrity of an organization’s data.
Related SANS courses: SEC401 (GSEC Certification), SEC501 (GCED Certification), MGT516, MGT525 (GCPM Certification), SEC540 (GIAC Certification coming soon), SEC450, SEC511 (GMON Certification), SEC503 (GCIA Certification), SEC530 (GDSA Certification), SEC555 (GCDA Certification), SEC504 (GCIH Certification), SEC555 (GCDA Certification), SEC586 and FOR509 (Course coming soon)
11: OSINT Investigator / Analyst
These resourceful professionals gather requirements from their customers and then, using open sources and mostly resources on the internet, collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets in their work. Their goals are to gather, analyze, and report their objective findings to their clients so that the clients might gain insight on a topic or issue prior to acting.
Related SANS courses: SEC487 (GOSI Certification), SEC537, and FOR578 (GCTI Certification)
12: Technical Director

This expert defines the technological strategies in conjunction with development teams, assesses risk, establishes standards and procedures to measure progress, and participates in the creation and development of a strong team.
Related SANS courses: MGT516, SEC566 (GCCC Certification), MGT551, and SEC557
13: Cloud Analyst

The cloud security analyst is responsible for cloud security and day-to-day operations. This role contributes to the design, integration, and testing of tools for security management, recommends configuration improvements, assesses the overall cloud security posture of the organization, and provides technical expertise for organizational decision-making.
Related SANS courses: SEC488 (GCLD Certification), SEC510, SEC545, SEC541, SEC401 (GSEC Certification), SEC588 (GCPN Certification), and FOR509 (Course coming soon)
14: Intrusion Detection / (SOC) Analyst

Security Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Related SANS courses: SEC450, SEC511 (GMON Certification), SEC555 (GCDA Certification), SEC503 (GCIA Certification), FOR572 (GNFA Certification), and SEC504 (GCIH Certification)
15: Security Awareness Officer

Security Awareness Officers work alongside their security team to identify their organization’s top human risks and the behaviors that manage those risks. They are then responsible for developing and managing a continuous program to effectively train and communicate with the workforce to exhibit those secure behaviors. Highly mature programs not only impact workforce behavior but also create a strong security culture.
Related SANS courses: MGT433 (SSAP Certification), MGT521, and MGT514 (GSTRT Certification)
16: Vulnerability Researcher & Exploit Developer

In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!
Related SANS courses: SEC660 (GXPN Certification), SEC760, and SEC661 (Course coming soon)
17: Application Pen Tester

One of the most exciting roles within the cyber security industry, you will be responsible for the penetration testing (or ethical hacking), of applications, a significantly vulnerable point. The objective is to find security weaknesses before a cybercriminal does.
Related SANS courses: DEV522 (GWEB Certification)
18: ICS/OT Security Assessment Consultant

One foot in the exciting world of offensive operations and the other foot in the critical process control environments essential to life. Discover system vulnerabilities and work with asset owners and operators to mitigate discoveries and prevent exploitation from adversaries.
Related SANS courses: SEC560 GPEN Certification), ICS612, ICS515 (GRID Certification), ICS456 (GCIP Certification), and ICS410 (GICSP Certification)
19: DevSecOps Engineer

As a DevSecOps engineer, you develop automated security capabilities leveraging best of breed tools and processes to inject security into the DevOps pipeline. This includes leadership in key DevSecOps areas such as vulnerability management, monitoring and logging, security operations, security testing, and application security.
Related SANS courses: SEC522 (GWEB Certification), SEC540 (GCSA Certification), SEC510, SEC584, and SEC534
20: Media Exploitation Analyst
If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked or damaged, then this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.
Related SANS courses: FOR500 (GCFE Certification), FOR585 (GASF Certification), FOR518 and FOR498