The struggle is real! Are you a person who is interested in this subject area, obtained a degree or possibly obtained various credentials? Are you still lost on what path to go down or wondering why these positions are still unfilled? If you answered yes to all these questions, I wanted to convey some key struggles and recommend best practices. Making the transition to the cyber field will have its obstacles, but worth it in the end.
The Term Cybersecurity
First, depending on who you ask in the industry this word has a lot of definitions. In the media, it’s portrayed as a person sitting behind the computer with a hoodie and hacking into a system. As a result, this image sometimes is the only thing people associate with this term. Consider this definition by Dr. Mansur Hasib “Cybersecurity is the mission focused and risk, optimized governance of information, which maximizes confidentiality, integrity, and availability using a balanced mix of people, policy, and technology, while perennially improving over time.” When the term has a focus, people interested in this area will realize the other aspects to know that it’s more than just hacking.
Cyber Career Path
Second, as mentioned in the previous statement with this broad area people are having a difficult time choosing their personal career path. As for this, using resources such as the NICE workforce framework document breaks down specialty areas, work roles, occupations and skills. For instance, my background is in engineering and previous work experience in project management, systems engineering, and information technology.
Agreeing to this document within concurrency with my backdrop is as follows:
Specialty Area: Oversee and Govern this area provides leadership, management, centering to an organization. This area also breaks down the areas such as: cybersecurity management, executive leadership, program/ project management, and training education.
Employment Role: As an example, a Program Manager can expect to lead, organize, communicate and ensure alignment with agencies or enterprise priorities. To succeed in this role below are the abilities and knowledge that someone should bring to this position.
Abilities: In this role someone should be able to employ supply chain risk management, oversee development and update of the life cycle, and ensure security practices are treated through the accomplishment procedure.
Knowledge: Within this role someone should get in with knowledgeable skills in computer networking concepts, risk management process and laws regulations and policies.
Using this resource will help cyber professional understand where they fit in the field.
Navigating the positions within Cybersecurity
Third, once a cyber professional has either obtained a degree or earned numerous certifications the next challenge is finding a position. Throughout my job search I have noticed the disconnect between recruiters, hiring managers, and job descriptions are not aligned correctly.
For instance, below is Junior Cyber Analyst position. Analyzing the education requirements in my opinion are not ideal for an entry level role. As a result, job candidates would probably not apply. In this job description one problem that sticks out the most even though it’s “desired” the CISSP credential.
In my opinion entry level candidates having a senior level certification is looking for a purple unicorn. I highly suggest that job descriptions need to improve, companies should work with colleges, self-taught individuals, hiring managers, recruiters and various workforce roadmaps to change these job descriptions.
Experience Requirements
- 1-5 years of experience in managing IT systems and IT systems support for Navy/DOD customers or directly for Navy/DOD
- Familiar with NIST SP 800-37 RMF and DIACAP C&A, System Security Plans (SSPs), Risk Assessment Reports (RAR) processes.
- Familiar with Secure Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alert (IAVA), DCID 6/3, Federal Information Security Management Act (FISMA) and other tools using industry best practices.
- Familiar with the following network protection devices: Firewalls, intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis
- NAVSEA Program Executive Office (PEO) experience – desired
- Possess strong oral and written communication skills
Educational Requirements
- Bachelor level degree (BA/BS) in Engineering or related field desired
- IAM Level I certified
- DoD 8570.1-M Compliance at IAT Level I or equivalency (e.g., Certified Information Systems Security Professional (CISSP)) certification- desired
Relating Past Experience into cybersecurity roles
Finally, relating your experience into cybersecurity roles. In my former experience, I did not receive all the knowledge. Having a mentor showed me otherwise. Here is one example based off my research on how non- technical professional can relate their past into cybersecurity roles.
Let’s suppose you receive a criminal justice background and a jurisprudence degree. Using the NICE workforce document a person with this expertise could potentially apply for a Cyber Legal Advisor position. This will flow under the oversee and govern category, specialty area of sound advice and advocacy. This role will provide legal advice and recommend best practices to cyber law.
Overall, I hope I passed over the struggles cyber professional face transitioning into cybersecurity. Every struggled I mentioned, I have been in your shoes and I know it’s rough. However, bringing awareness to this topic will help guide on your path.
Good article
Thank you for you feedback.