Cybersecurity professionals are among the most sought-after workers in the United States, but there is a massive shortage of trained applicants. We spoke with NIST National Initiative for Cybersecurity Education (NICE) Director Rodney Petersen about the rewards of choosing a career in cybersecurity and how to close the skills gap.
How did you get interested in cybersecurity education?
I have been involved in higher education for 30 years. Most recently, my work in higher education has supported chief information officers and chief information security officers to increase privacy and security of data, information systems and networks. That provided a practical perspective about what owners and operators need with respect to a knowledgeable and skilled workforce. In my role as the director of the National Initiative for Cybersecurity Education (NICE), I have pivoted to support the educational ecosystem that is producing the next generation of cybersecurity practitioners.
What's the career outlook for a person considering cybersecurity? Are there particular skills needed to pursue these careers?
According to CyberSeek.org, funded by the National Institute of Standards and Technology (NIST), there are over 301,000 open jobs in cybersecurity in the United States. The ISC2 Global Information Security study projects 1.8 million open jobs in cybersecurity worldwide by 2022. However, the greatest challenge is defining cybersecurity jobs and making sure we are effectively communicating the variety of jobs or work roles that exist in cybersecurity. That is where the NICE Cybersecurity Workforce Framework comes into play. The NICE Framework provides a taxonomy by which to describe cybersecurity work and breaks down the career field into seven broad categories, 33 specialty areas, and 52 work roles. The NICE Framework also describes the knowledge, skills and abilities that are needed to perform certain tasks that are associated with work roles. The most common knowledge areas that cut across all cybersecurity jobs include knowledge of: risk management processes; cyber threats and vulnerabilities; laws, regulations, policies, and ethics; cybersecurity and privacy principles; computer networking concepts and protocols; and specific operational impacts of cybersecurity lapses.
What would a day in the life of a cybersecurity professional look like?
It depends (and I’m not just saying that because of my training as a lawyer!). It depends on which of the variety of jobs that you hold. In fact, one of the cybersecurity work roles in the NICE Framework is legal advisor. Your day may consist of writing or reviewing legal agreements, developing organizational policies, or responding to a security breach of personal information. Or, you might be a software developer (and if you are developing new applications we hope that you will build them “secure by design”). Or, you might be a security architect who is designing and deploying technical and policy architecture that secures the enterprise and your day is spent researching, designing and integrating solutions. The possibilities are varied and the room for creativity is endless.
What are some of the best ways to get into cyber and find a job?
First, PREPARE. Use resources such as CyberSeek.org—the interactive jobs heat map and career pathway portal—to explore cybersecurity career opportunities. Second, NETWORK. Identify people who can describe cybersecurity work and open doors or serve as a mentor to guide you. Third, ACQUIRE SKILLS. Pursue hands-on learning opportunities through education and training that provide the necessary knowledge, skills and abilities identified in the NICE Framework, ideally validated through an academic degree, certificate of study or certification. Finally, GAIN EXPERIENCE. Nothing impresses employers more than real-world experience acquired through participating in cybersecurity competitions, volunteer activities, internships or part-time or full-time employment in a related field.
What question do you wish we had asked?
What is the pay? Just kidding! Even though cybersecurity jobs pay very well and provide a financially rewarding career, the real reward is that cybersecurity jobs provide really exciting and rewarding work. There are new challenges every day. There is an intrinsic reward in solving a problem or developing a solution. There is satisfaction in being part of protecting and advancing an organization’s mission. Cybersecurity is cool, fun and intellectually stimulating.