Tags:
We've all been talking about The Skills Gap for some time now, but what does this mean, what effect does this have on global organizations, and is there anything we can we do about it?
According to the Cyber security Jobs Report, the demand to fill roles within the information security industry is expected to reach 3.5 million unfulfilled positions this year. Furthermore, unemployment in the industry is currently exceptionally low. Research in an annual global survey by the Enterprise Service Group (ESG) found that by 2021, 51% of IT decision-makers said they were struggling to fill open positions. This worrying statistic is exactly why the World Economic Forum (WEF) named cyber-attacks as the fourth most serious global concern, and data breaches the fifth, but also why those with an interest in, or currently employed in an IT role, should consider learning the skills to become a Cyber Security Professional.
We're counting down the 20 Coolest Careers in cybersecurity:
20: Media Exploitation Analyst
If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked or damaged, then this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.
Related SANS courses: FOR500 (GCFE Certification), FOR585 (GASF Certification), FOR518 and FOR498
19: DevSecOps Engineer

As a DevSecOps engineer, you develop automated security capabilities leveraging best of breed tools and processes to inject security into the DevOps pipeline. This includes leadership in key DevSecOps areas such as vulnerability management, monitoring and logging, security operations, security testing, and application security.
Related SANS courses: SEC522 (GWEB Certification), SEC540 (GCSA Certification), SEC510, SEC584
18: ICS/OT Security Assessment Consultant

One foot in the exciting world of offensive operations and the other foot in the critical process control environments essential to life. Discover system vulnerabilities and work with asset owners and operators to mitigate discoveries and prevent exploitation from adversaries.
Related SANS courses: SEC560 GPEN Certification), ICS612, ICS515 (GRID Certification), ICS456 (GCIP Certification) , ICS410 (GICSP Certification)
17: Application Pen Tester

One of the most exciting roles within the cyber security industry, you will be responsible for the penetration testing (or ethical hacking), of applications, a significantly vulnerable point. The objective is to find security weaknesses before a cybercriminal does.
Related SANS courses: DEV522 (GWEB Certification)
16: Vulnerability Researcher & Exploit Developer

In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!
Related SANS courses: SEC660 (GXPN Certification), SEC760
15: Security Awareness Officer

Security Awareness Officers work alongside their security team to identify their organization’s top human risks and the behaviors that manage those risks. They are then responsible for developing and managing a continuous program to effectively train and communicate with the workforce to exhibit those secure behaviors. Highly mature programs not only impact workforce behavior but also create a strong security culture.
Related SANS courses: MGT433 (SSAP Certification), MGT521, MGT514 (GSTRT Certification)
14: Intrusion Detection / (SOC) Analyst

Security Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Related SANS courses: SEC450, SEC511 (GMON Certification), SEC555 (GCDA Certification), SEC503 (GCIA Certification), FOR572 (GNFA Certification)
13: Cloud Analyst

The cloud security analyst is responsible for cloud security and day-to-day operations. This role contributes to the design, integration, and testing of tools for security management, recommends configuration improvements, assesses the overall cloud security posture of the organization, and provides technical expertise for organizational decision-making.
Related SANS courses: SEC488 (GCLD Certification), SEC510, SEC545, SEC541
12: Technical Director

This expert defines the technological strategies in conjunction with development teams, assesses risk, establishes standards and procedures to measure progress, and participates in the creation and development of a strong team.
Related SANS courses: MGT516, SEC566 (GCCC Certification), MGT551
11: OSINT Investigator / Analyst
These resourceful professionals gather requirements from their customers and then, using open sources and mostly resources on the internet, collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets in their work. Their goals are to gather, analyze, and report their objective findings to their clients so that the clients might gain insight on a topic or issue prior to acting.
Related SANS courses: SEC487 (GOSI Certification), SEC537, FOR578 (GCTI Certification)