Over the last two decades, organizations have doubled down on cybersecurity investments and it’s no wonder why: From costly data breaches to paralyzing malicious attacks, businesses are racing to keep pace with the evolving complexity and sophistication of cyber threats.
“With every wave of new technology, there’s a new wave of possibilities for adversity,” says Guevara Nobuir, director of Northeastern University’s cybersecurity graduate program. “The scale and sophistication of the cyber attacks we see today are increasing and will only continue to increase.”
A Rise in Cyberattacks
The reasons for the rise in cyberattacks—and the focus on protecting against them—is multifold, Guevara says. One factor is the increase in new technologies and new devices. By 2020, Gartner predicts that nearly 20 billion Internet of Things (IoT) devices will be online and connected. The IoT industry has become a prime target for cybercriminals and has sent device makers scrambling to protect their smart plugs, wearable fitness devices, and baby monitors from attacks.
Monetization is another key factor contributing to the rise in cyber attacks. In the past, Noubir says, it was difficult for cybercriminals to profit from attacks, but that has since changed.
“Cryptocurrencies and the emergence of ransomware have made it easier for someone to commit a crime and get away with it because they can get paid in untraceable ways,” he says. “There’s also [the anonymous communication software] Tor, which makes it easier to anonymize threats.”
And finally, he says, businesses increase the risk of an attack or breach by connecting legacy systems. When IT implements patchwork solutions to resolve operational issues, security vulnerabilities can be created inadvertently.
This rapid evolution of cybersecurity threats means professionals in the field—and those eager to join them—need to be up-to-date on the latest skills, strategies, and job opportunities in order to remain competitive.
Essential Skills for Today’s Cybersecurity Professional
Protecting an organization’s information assets and IT systems from internal and external threats is no easy feat. Cybersecurity professionals must know how to plan and implement security strategies to reduce risk and enhance protection; understand legal and ethical issues associated with information security, privacy, and digital rights; and have core knowledge surrounding computer system security and network practices.
A solid foundation of technical skills and contextual understanding of threats are particularly necessary because attacks that cybersecurity professionals encounter today are the result of exploited systems that were designed years ago, Noubir says.
“That means cybercriminals will be exploiting systems tomorrow that we’re designing today—it might be something very subtle, but someone with a strong foundation will be able to understand the potential of this emerging attack and guide a team to mitigation,” he says. “Without this foundation, you might be able to survive on a daily basis, but there’s no guarantee that you’ll be able to respond to an incident.”
It’s also necessary for professionals to have applicable experience; it’s one thing to read about protecting vulnerabilities and responding to security incidents, but it’s another to have hands-on experience dealing with these scenarios, Noubir says. Northeastern’s Master’s in Cybersecurity program is focused on providing students with these critical, hands-on learning opportunities, which sets it apart from other programs across the country, he says.
“If an attack is possible or if a defense is possible, you should have experience practicing with the tools that will address them,” Noubir says. “You need this practice to understand what tools you need to design and evaluate secure systems.”
Beyond a strong foundation and applicable experience, cybersecurity professionals must also have excellent analytical and communication skills, Noubir adds.
“If you think about other fields, you might excel just by observing what someone does and replicating their actions. In cybersecurity, that’s not the case,” he says. “You might have a human adversary who adjusts [his or her] strategy to achieve something malicious, or even a robotic adversary in the future. You need to have strong analytical skills to model and reason what the adversary would do, think about a set of possibilities, and how they might operate and adjust.”
Communication skills are extremely important, too. If, for example, you needed to develop a policy about managing passwords, you need to understand the best way to communicate these policies, why they’re in place, and why they’re important, Noubir says.
A Bright Future for Cybersecurity Jobs
Because cybersecurity is such an in-demand field, professionals choosing this career path have a bright future. According to the Bureau of Labor Statistics, the cybersecurity industry is expected to grow by 28 percent between 2016 and 2026 compared to the seven percent growth rate across all industries. Moreover, according to some estimates, the global cybersecurity workforce will have more than 3.5 million unfilled positions by 2021.
One reason for this talent shortage is organizational neglect from years ago, Noubir says.
“For many years, companies underestimated the potential of cyber attacks. If you’re trying to design secure systems and defend against attacks but you’re not experiencing any attacks, it sounds like cybersecurity is overhead for the company,” he says. “Because of that there was a buildup of vulnerabilities in the system, and now we’re trying to catch up—but there aren’t enough people.”
The demand for these skilled, experienced professionals means a high earning potential, Noubir says. According to BLS, the median pay for an information security analyst is more than $95,000. Other job titles, such as security directors, information systems security engineers, and chief information security officers, can command more than $200,000, according to staffing data.
As organizations continue to value cybersecurity, and as adversaries continue to challenge the systems and security measures in place to protect them, the cybersecurity industry will continue to need skilled professionals.
“Cybersecurity is an interesting field because it’s challenging. It’s like a game trying to outsmart your adversary,” Noubir says. “Add to that very good compensation, and you have a career that’s fun, intellectually challenging, and financially rewarding.”