The CSO Security Career Survival Guide

There is little doubt cybersecurity is a hot career path right now. According to labor analytics firm Burning Glass, cybersecurity job postings grew 74% from 2007 through 2013 a rate of growth that was twice as rapid as all IT jobs combined. And demand for cyber information security positions certainly hasn't let up since.

Enterprise security investments are expected to continue to grow. Interestingly, however pay for security talent isn't always on the rise, as one of our recent State of the CSO Surveys revealed. We found that surprising, considering that the enterprise job demand for skilled IT security professionals continue outstrip supply, in a recent story on the cybersecurity pay gap.

Still, information security is an exciting and rewarding career where one gets to work in ways that help to increase the resiliency of the devices and networks we use every day to access information, do our jobs, and conduct commerce. Cybersecurity careers also provide tremendous diversity in the type of work that can be done, from technical roles such as engineering security into devices and software to CISO management roles to penetration testing.

In fact, the information security jobs marketplace is a field with seemingly countless specialties: network, application, database, cryptography, threat intelligence, threat modeling, identity, auditing, malware analyst, forensics, and so on.

Additionally, most all enterprise security positions increasingly require solid communications skills and business savvy: it's no longer as much about how to secure applications and business-technology systems but more security professionals need to help the business move into new markets, embrace new technologies and geographies in a way that mitigates the business risks. Those who can bridge the language gaps between the business suits and engineers and development teams will do very well in the years ahead.

Also, technology is changing more rapidly than ever. Traditional on-premise systems are moving to cloud-based systems, data has moved from the data center to mobile devices, and the intelligence of the business network is moving from within the data center to employee handheld devices. And the network is now beginning to connect everything in the so-called Internet of Things.

Even how enterprise development and operations teams work together to build and manage infrastructure and applications for the enterprise is changing as continuous integration and continuous deployment, as well as the DevOps movement continues takes hold.

Finally, enterprise information security, when done right, disappears. That means it's incredibly challenging to correlate good information security with the bottom line of the business. Good security is costly, and when looking at the need to produce profits and keep costs low security is often perceived as a cost center rather than a trust enabler by the boardroom.

All of this means that cybersecurity is both an easy profession to find opportunity, but a challenging profession to navigate and get all of the value you need.

Getting started in, and keeping, your career in infosec alive:

How to get a job in computer security

The secret to the security profession is to develop all the computer experience you can before you even begin to think about a career in cybersecurity.

Six entry-level cybersecurity job seeker failings

Here's how many cybersecurity entry-level job seekers fail to make a great first impression.

10 security mistakes that will get you fired

From killing critical business systems to ignoring a critical security event, these colossal slip-ups will get your career in deep water quick

Are You Making a Security Career or Working a Job

In his first column as CSO's Career Catalyst, Michael Santarcangelo outlines three essentials everyone needs to consider to make security work more than just a job.

Tapping into overlooked talent to improve your security career

Success in security is based on your ability to work with others. Improve your career by building a coalition of talent outside security.

The 7 best habits of effective security pros

It's easy for security professionals who are passionate about their careers to get caught up in the technology, but success today requires a lot more than technical savvy. Here are the traits successful security pros say are needed to succeed.

Security careers in the public sector:

The case for taking a government cyber job: 7 recommendations to consider

Cyber jobs are a hot topic right now for most age groups in America. Typical questions include: Which schools, programs and classes offer the best value for money What certifications are needed to get into cybersecurity Are public or private sector jobs best Or, when will this cyber buzz end Getting more personal, should you consider a government cybersecurity job

Career Transition: Public Sector to Private

Moving from the public sector to a private sector security job can be a huge leap. In this book excerpt, David Quilter points out the strengths you'll bring along with the skills you may need to develop.

Women in infosec:

10 tips to attract women to infosec jobs

Women make up only 11 percent of infosec professionals. Here are a few tips to attract and recruit more to your business.

Info sec industry still struggles to attract women

Many barriers still stop women from considering info sec as a profession. But both companies and women would benefit in an increase in the numbers, and many firms are now stepping up efforts to recruit them.

A word on burnout:

RSA Conference 2012: Stress and burnout in infosec careers

IT security professionals are experiencing extreme levels of stress and burnout, but they have few places to turn for help.


George V. Hulme

Zur Startseite