New to the world of cyber security and don't know where to start? This guide covers the cybersecurity skills you'll need to know to break into this in-demand career.
What is cybersecurity, and why is it important?
Cybersecurity is all about managing the confidentiality, integrity, and availability of information (known as the "CIA Triangle") by protecting digital assets such as networks, applications, and databases against attackers.
Corporations regularly handle all sorts of sensitive data, such as personally identifiable information (PII), financial data, and trade secrets. Cybersecurity professionals are essential for protecting this data from increasingly sophisticated cyber threats. The means used to defend and attack assets are continually evolving. It's up to cybersecurity talent to adapt to new technologies and potential attack vectors as the threat landscape evolves.
Interested in web development?
Learn all about it in our comprehensive (and free) ebook!
Is cybersecurity a viable career?
There is an incredible demand for cyber security skills, and that demand is not going away anytime soon. According to a 2019 report from Burning Glass, there was a 94% growth in the number of cybersecurity job postings since 2013.
To top it off, the US Bureau of Labor Statistics estimates a remarkable 32 percent growth from 2018-2028 for information security analysts - 27 percent greater than the average growth rate for all occupations combined.
Why is cybersecurity so high in demand?
Everyone has sensitive data
Every company interacts with some form of sensitive data in their day-to-day operations. Even non-tech companies need to collect basic human resources information on their employees. This personally identifiable information (PII) carries significant monetary value for identity theft and other harmful acts, making it a hot commodity in the "dark web" of the internet.
Meeting compliance
Companies are required to take proactive cybersecurity measures to meet data privacy compliance requirements. The two major players, Europe's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), require that those with personal data in their custody take reasonable measures to keep that data safe.
Avoiding data breaches
According to research from IBM and the Ponemon Institute, the average total cost of a data breach is $3.92M. These costs include damage to the company's reputation, support for the victims of the data breach, legal fines, and the resources required to investigate the cause of the breach.
There's not only a high demand for cybersecurity professionals, but there's also a significant shortage.
Aside from the zero percent unemployment rate mentioned in the Cybersecurity Ventures report, the 2019 Cybersecurity Workforce Study by (ISC)2 shows that the global cybersecurity workforce needs to grow by 145 percent demand for these skills.
This disproportion in availability and demand has caused cybersecurity salaries to skyrocket; according to The State of Cybersecurity Hiring report from Burning Glass, the average advertised salary for a cybersecurity job is now $93,540.
Now is an excellent time for upcoming talent to get the experience, training, and certification they need to fill the cyber security skills gap.
What cybersecurity skills do you need to get a job?
An essential trait for anyone seeking cybersecurity roles is a profound thirst for knowledge and a strong sense of curiosity. The cyber threat landscape is continuously evolving, so if you are transitioning into this field, you need to be prepared to continually learn, unlearn, and relearn.
Hard skills that'll help you get a job
Coding
Understanding the basic principles of coding/scripting in languages such as HTML and Javascript will help you understand how applications and websites are made, providing you with valuable insights into how they are exploited by cyber attackers. You can also learn how to develop scripts in Bash, Shell, and Python that will be used to automate core processes in potential roles. We cover which programming languages you should learn in more depth later in the article.
Networking
Businesses use all different kinds of networks in their day-to-day operations. Learning the intricacies behind how to set up and maintain local area networks (LAN), wide area networks (WAN), virtual private networks (VPN) will go a long way, even if you're not pursuing a dedicated sysadmin position.
Applications
Computer software and other applications are integral tools for businesses, so you'll definitely come across them. By learning how to run, configure, and maintain common applications such as databases and web servers, you will be better prepared to improve the security of applications by testing vulnerabilities during development and deployment.
Systems
Systems are the bread-and-butter of cybersecurity. Learn everything you can about desktop and mobile systems by studying the unique characteristics of common operating systems and becoming comfortable navigating with command-line interfaces such as Linux's Terminal or Windows' Powershell.
Other skills and experiences to help you get a job
A diverse IT background
It takes more than dedicated cybersecurity training courses to excel in this field. You need to learn as much as you can about IT to get a sense of the systems and processes that form the foundation of the technology you will be securing.
Diverse outside experience
That said, there is incredible value in diverse knowledge outside of technology. Potential cybersecurity roles are so broad that the field benefits from non-tech backgrounds such as psychology, project management, marketing, and public relations. Soft skills are incredibly crucial for advocating for the security needs of the company and understanding the motives of cyber attackers.
Critical thinking
Cybersecurity will require you to analyze and prioritize complex situations. You'll need to be skilled at identifying what could go wrong and determining the company's best course of action based on its available capabilities and resources.
Attention to detail
Security pros are tasked with diving deep into technical issues and examining them. If you take on a security role, you'll need to pay careful attention to minute details to diagnose and assess security vulnerabilities accurately.
Communication
In this field, you will not just be working with your security team, you'll also need to advocate for the security needs of the company by clearly explaining your findings to those that are less tech-savvy. The ability to communicate highly technical concepts to a broad audience is critical for any successful cybersecurity professional. Other soft skills like leadership and public speaking are also essential, so take some online courses to brush up on those skills before your next interview.
Does cybersecurity require programming?
While coding is not essential for many entry-level cybersecurity jobs, programming skills and computer science knowledge will help expand your career options to mid and upper-level roles. Even for entry-level positions, the more knowledge you have of how things work, the better you'll perform.
Becoming familiar with the concepts, languages, and tools of web and application development will help you understand how things are built, which will significantly improve your ability to find vulnerabilities and construct protections.
What are the best programming and scripting languages to learn for cybersecurity?
Python
Learning how to write scripts and applications in Python will be incredibly useful for automating tasks and creating tools that can be used to solve problems in the workplace. Python is also incredibly helpful in creating digital forensics tools that you can use to troubleshoot and investigate security vulnerabilities. Here are some other cool things Python can do.
Javascript
Javascript is widely used in web development to add dynamic and interactive elements to websites. By learning this programming language for cybersecurity, you can effectively study the malicious executables used by hackers to exploit web security vulnerabilities.
PHP
Anyone venturing into web security needs to understand PHP. This server-side programming language is used to extract data from a database to create dynamic web pages.
C and C++
You should learn these languages if you will be pursuing application security. Understanding lower-level languages will provide you with more significant insights into the underlying processes that hackers use to exploit applications and programs.
HTML
While HTML is technically a markup language and not a programming language, it pays to know this fundamental building block of the web.
What education do you need to work in cybersecurity?
You do not need a degree to work in cybersecurity. This field highly emphasizes applicable skills, real-life experiences, and genuine interest more than formal education. That said, there are highly valued and recognized.certifications that may be worth pursuing.
These certifications will improve how attractive your resume is to larger companies, and they'll also provide you with the fundamental knowledge you'll need to work in this field.
Core certifications for cybersecurity jobs:
- Offensive Security Certified Professional (OSCP)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
While formal education can help develop core knowledge and build a resume, non-traditional career pathways are incredibly common in the cybersecurity space. Potential candidates need to emphasize developing relevant skills and hobbies that they can demonstrate to experienced IT recruiters.
Non-traditional cybersecurity learning resources:
- Networking: Attend meetings for local cybersecurity groups and participate in events from industry leaders such as The Information Systems Security Association (ISSA).
- Experience: Gain hands-on cybersecurity experience through Vulnhub projects, participating in the National Collegiate Cyber Defense Competition, and contributing code to open source projects through communities such as the Open Web Application Security Project (OWASP).
- Hobbies: Having hobbies relevant to cybersecurity demonstrates a genuine interest to recruiters and helps you get the hands-on experience you need to shine through as a strong candidate. Try building a "lab" at home by configuring multiple virtual operating systems on your computer. Use your lab to practice setting up networks, testing security vulnerabilities, and researching new security tools.
- Training courses: Regular skills development through courses and certifications will be a normal part of pursuing a career in this field. Online resources provide opportunities to build both foundational and specialist cybersecurity knowledge.
Even once you're established in cybersecurity, you'll need to continuously adapt to new technologies and cyber threats as they emerge. This career is best suited for those that have a genuine passion for learning and challenging their skills.
What cybersecurity careers are available?
The cybersecurity field is incredibly diverse, with positions available for a wide variety of skills. Cybersecurity jobs can include identifying the security needs of business networks, analyzing software for security vulnerabilities, balancing the security and accessibility requirements of a database, or helping businesses become aware of their cybersecurity weaknesses.
Note: There is a great deal of overlap between general information technology (IT) roles and cybersecurity roles, but there are distinctions between them. For the most part, cybersecurity roles are focused on protecting electronic data and systems from being compromised. In contrast, general IT roles are more likely to be focused on making sure hardware, software, and network technologies are appropriately configured.
Here are just a few examples of potential roles in this field
- Information Security Analyst: People in this role are responsible for protecting sensitive and critical data against cyber attackers. They analyze software, hardware, and networks for weaknesses and make recommendations for addressing them.
- Automotive Cybersecurity Engineer: Anywhere there's new tech, there's a need for a cybersecurity specialist to help make it secure. The evolution of self-driving cars, cloud-based applications, and other technological advancements in automobiles means that cyber attackers have a potential entry point that will need to be secured by cybersecurity professionals.
- Network and Computer Systems Administrators: Most commonly called sysadmins ("system administrators"), this role is critical for nearly every organization. Sysadmins set up and maintain the networks that are used to access data in day-to-day business operations securely.
Can cybersecurity be a side-gig?
Cybersecurity can be pursued as side-gig. Up-and-coming talent can gain much-needed experience and potentially earn some cash by participating in bounty hunting programs through platforms such as HackerOne.
In a bounty-hunting program, you can attempt to earn small cash payouts by discovering security vulnerabilities in applications, websites, and hardware. Companies voluntarily open bounty hunting programs to test their products and services for potential vulnerabilities, allowing them to improve the security of their offering in exchange for a modest payout.
More experienced cybersecurity professionals will pursue freelance consulting roles where they can offer their expertise to businesses with specific and timely security needs. Freelance cybersecurity workers can perform targeted bounty hunting campaigns (known as penetration testing), or they can advise companies on the best practices they can take to implement new technology and systems in their organization securely.
What's next?
The demand for cybersecurity is incredibly high right now, and there are ample resources to get the experience and skills you need to get started. Even without a formal college or university education, you can pursue a career in cybersecurity through practical projects, networking, and skills development through online training courses.
If you'd like to break into cybersecurity, consider pursuing general IT roles to gain the core skills you'll need to understand how systems, applications, and networks operate. With intimate knowledge of how core IT infrastructure interlinks and transmits data, you will have valuable insights that you can take with you as you learn how to manage security vulnerabilities.
Want to further your skills and advance your career? Sign up for a GoSkills 7 day free trial today to get unlimited access to the full award-winning course library, including coding and soft skills courses to kick off your cybersecurity career.
Level up your skills
Start learning essential coding skills with GoSkills courses today
Start free trial
