Main image of article Cybersecurity and Back-to-School: Time to Think About Tech Careers

With universities, community colleges and K-12 school districts starting the 2023-2024 academic year in earnest, students have fresh opportunities to think about possible tech careers, including within the cybersecurity industry.

While hiring has slowed over the past several months and layoffs have hit some tech vendors, cybersecurity remains a growing industry with multiple entry-level positions for those wanting to jump-start their careers from the ground up. CyberSeek, a joint initiative of the National Institute of Standards and Technology’s (NIST) Nice program, currently lists more than 660,000 open cybersecurity jobs, adding that the U.S. has enough skilled workers to fill only 69 percent of these positions.

At the same time, the Biden administration is pushing to boost cybersecurity hiring through education. On July 31, the White House released its National Cybersecurity Strategy Implementation Plan, which includes a provision to address “immediate demand for a skilled cyber workforce while also preparing learners to meet the future needs of a dynamic technological environment.”

The Biden administration is looking to bolster cybersecurity education through several initiatives, including:

  • Building and leveraging ecosystems to improve cyber education, from K-12 education, to higher education, community college and technical schools.
  • Expanding competency-based cybersecurity education.
  • Investing in educators and improving cyber education systems.
  • Making cybersecurity education and training more affordable and accessible.

While cybersecurity requirements and job descriptions have evolved over the years, students interested in cybersecurity need to understand that there is no one set course of study to follow. Also, those tech pros who go on to leadership and senior roles tend to come from various academic backgrounds, noted Petri Kuivala, the former CISO for mobile phone giant Nokia and semiconductor firm NXP.

“If you want to be a security architect, it’s good to know how to program. If you want to lead security behavior change training programs, it’s good to know people,” Kuivala, who is now the global CISO advisor to security firm Hoxhunt, told Dice. “But it’s helpful to develop yourself at the intersection of technology and the liberal arts. Advanced cybersecurity degrees and some certifications require a working knowledge of computer systems and basic programming and technical skills.”

Thinking Broadly About What to Study

When Kuivala started at Nokia, he worked his way up from security specialist to global CISO within eight years. Those types of rapid career ascensions remain possible for those who study tech topics and other areas related to the field.

“The talent gap is significant, so you’re likely to find a fulfilling, high-paying job that fits your interests as there are more jobs and candidates,” Kuivala added. “The opportunity landscape is also deep and wide. One can surf between human psychology-driven cybersecurity paths, to hardcore DevSecOps work, and work yourself up from specialist to leadership.”

Other insiders agree that broad areas of study can help students prepare for cybersecurity careers. “I'd recommend that students spend some time broadening their understanding of the cyber landscape through taking modern history, international politics, and economics classes,” Shawn Surber, senior director of technical account management at security firm Tanium, told Dice. “An understanding of the world stage is important in today's environment of cyber events driven by nation-states and global criminal organizations. Better understanding the motivations of those actors can help grow the strategic defense against them.”

Other insiders noted that students need to keep up-to-date on current events within cybersecurity to understand what vulnerabilities and flaws organizations are responding to with their security teams. It’s also a way to understand how threat actors change their techniques.

“Keeping up on evolving threat vectors, attacker tactics, vulnerability trends and notable breaches helps inform why and where certain regulatory bodies, industries and governments are going with their recommended best practices,” Jordan Tunks, product marketing manager for cybersecurity solutions at Pathlock, told Dice.

“For example, a couple of years ago, ransomware became a huge topic in the news … due to the notable Colonial Pipeline breach, SolarWinds hack, Kaseya attack, etc.,” Tunks added. “Being aware of breaches like this can help individuals understand current common weak points organizations struggle with, and how these weak points directly influence improved regulations, best practices and emerging technologies.”

This approach to school and studies also ensures that students understand that there are many types of positions within cybersecurity, said Amy Devers, chief of staff and head of people and culture at JupiterOne.

“Most folks gravitate toward the hot jobs, such as threat hunter, red teamer or pen tester, but don't underestimate the subtle power of being an excellent project manager,” Devers told Dice. “Everything we do has a start, middle and end, and needs a well-organized, disciplined person to support and guide entire teams. Cybersecurity can encompass many different types of roles within an organization from operations to engineering to sales to security. Keep an open mind.”

Find Hands-On Experience and Mentors

While classes and books have their place, some experts add that hands-on experience helps, especially in tech fields such as cybersecurity. For students interested in careers, going to meet-ups and networking is as important as understanding code.

“When it comes to security, it's all about sparking enthusiasm and growing your knowledge by rolling up your sleeves and diving into the wider hacker community,” Michael Skelton, a.k.a. Codingo, the senior director of security operations at Bugcrowd, told Dice. “You can do this by joining all sorts of meetup groups, and you'll find plenty on meetup websites. BSides conferences are literally everywhere, and their prices are usually student-friendly, often under $50. Each BSides event is crafted by the infosec community for the infosec community.”

Pathlock’s Tunks also noted that information available through NIST and other government and non-profit organizations provides additional reading and insights into cybersecurity frameworks and best practices. This can help add to any standard course curriculum.

“NIST provides frameworks and regulations that address cybersecurity from a compliance-centric perspective, with open-source input from industry experts being considered when releasing and updating these frameworks,” Tunks noted. “I think understanding these frameworks and their importance helps set the stage as to why cybersecurity must be tackled through a proactive approach to address the root cause of most security breaches—non-compliance and poor cyber hygiene.”

Another added benefit of looking outside of the classroom for hands-on experience and networking is to find mentors who can help guide a career and provide expert advice, added Joseph Carson, chief security scientist and Advisory CISO at Delinea.

“Cybersecurity is an industry of continuous learning, so you should be prepared to always absorb new things and that it can be difficult to become an expert as technology accelerates and innovates quickly,” Carson told Dice. “Get a mentor to help you with questions and help direct you on the right path. They can always put you in contact with someone from a similar field to share knowledge and experience. Cybersecurity is a community, and it is important to become part of the community as it will certainly help you with your journey.”