How to land a job in information security
Information security jobs offer professionals an exciting career with great potential for advancement and high earnings. As the threat posed by hackers continues to grow, and the cost of falling victim to a data breach also increases, many businesses will find themselves in need of talented professionals.
If you're looking to enter the sector, there are a few things in your favour. Firstly, there remains a global shortage of cyber security professionals, which means you're more likely to find roles that suit you. Secondly, there are also more ways to enter the industry and opportunities for support than ever as the sector aims to diversify its talent. So what do you need to know to secure a job in information security?
Types of information security jobs
A key factor to understand is that there's no such thing as a 'typical' information security job. The responsibilities of a security engineer will be very different from those of a cyber security analyst, for example. Knowing what these are and which will be best-suited to your individual skills and interests is the first step on the path to a successful career in information security.
How do types of information security jobs differ from one another?
In general, some of the key responsibilities of the most common cyber security jobs fall into a few main categories. These include:
- Security engineer - building secure IT systems
- Security administrator - keeps systems up and running smoothly day-to-day
- Security architect - designs systems to make it harder for hackers to break into organisations
- Penetration tester - attempts to find weaknesses and break into systems
- Incident responder - identifies and protects businesses from incoming threats
- Forensics specialist - reviews incidents to learn what happened and prevent future attacks
Of course, these are only very high-level overviews. The specific roles and responsibilities will vary depending on the company's needs and how they choose to define their job descriptions. No two cyber security professionals are likely to have exactly the same working day, even if they have the same job title, which is part of what makes information security such a vibrant career option.
What kind of information security jobs can you do remotely?
The ability to work remotely has become a major factor for many candidates in the last couple of years, driven largely - but not exclusively - by the changes in working patterns brought about by the pandemic. Indeed, research from YouGov suggests one in five people want to work from home full-time in future, with a further 37 per cent wishing to do this on occasion.
This is something that employers are increasingly recognising. Fortunately, many information security activities can be done remotely at least part of the time - especially in freelance and consultancy roles such as penetration testing.
However, security analyst and engineering roles often have scope for remote working - though in many cases, having a connection to the office will still be highly useful, as - despite what some people may think - cyber security is rarely a solo role and good communications with colleagues and personnel in other departments is an essential part of almost every job.
<What are some good entry-level jobs in information security?
The great thing about information security jobs is that there are a wide range of places you can start out. For entry-level professionals, some of the most common roles you can do with limited experience in the sector include:
- Security analyst
- Security administration
- Security auditor
- Forensics expert
All these roles will help give you a good grounding in what it takes to be an information security professional and offer strong opportunities to advance to more senior roles such as security consultants and, for more experienced professionals executive-level roles such as chief information security officer.
Education or experience needed for a job in information security
There are a range of routes into the information security sector. Some people undertake academic qualifications through undergraduate and postgraduate level that focus on this sector, while others move across from different areas of IT.
However, a growing number of cyber security pros transfer from completely different roles. In many cases, strong technical knowledge is less important when getting started, as this can be learned as you go. Often, what matters is the right attitude and a strong passion for the sector.
What education do you need to be in information security?
There's no one educational path to get started in information security, but broadly, the options available are split into academic studies such as a Master's degree in cyber security, or industry-led professional qualifications. Many entry-level roles will ask you to have at least one of these, with some of the most common industry qualifications for new cyber security roles including:
- CompTIA Security+
- (ISC)2 Systems Security Certified Practitioner)
- CompTIA PenTest+
- OSCP (Offensive Security Certified Professional)
- Certified Ethical Hacker (CEH)
Certifications such as these are often considered essential to starting a cyber security career, as they provide novice cyber pros with a strong overview of all the key concepts and principles they'll use throughout their career.
How long does it take to be trained in information security?
The length of time it takes to become certified in information security will depend on the route you choose to take, but longer, more in-depth courses will usually set you up better for the long-term.
For example, gaining a Master's degree in cyber security is usually a one-year commitment full time, and two to three years if you're studying part-time and fitting it around your existing work. However, this is a highly in-demand qualification that will attract interest from recruiters and employers.
Some intensive industry qualifications can be achieved in as little as five days, or allow you to take the required exam without any guided instruction, allowing you to work through materials at your own pace. However, these usually assume that you have several years of existing IT experience before starting the course.
<h3>What are the biggest challenges of gaining necessary experience and education to work in information security?</h3>
If you are looking to gain the necessary cyber security qualifications, one initial task may be to build up the required experience. Each course will have its own individual requirements, but many ask for a minimum of two or more years in a non-cyber security IT role, such as network administration or software development.
However, some can be taken on with no prior experience, so if you're looking to change careers to enter the sector from outside the industry - which is an increasingly popular option for many people - look for entry-level courses with no prerequisites.
Types of companies hiring information security professionals
Every company today needs cyber security expertise. Whether they get this in-house or from outside contractors and consultants, a skilled professional can work almost anywhere that interests them.
What types of companies are hiring information security jobs most often?
According to UK government figures, four out of ten businesses (39 per cent) and a quarter of charities (26 per cent) experienced a data breach in the 12 months to March 2021. Medium and large businesses were more affected (65 per cent and 64 per cent respectively), and so the chances are that these businesses will be most on the lookout for talented cyber security professionals.
However, it's a common misconception that it is only these companies that are under threat. For example, many hackers may choose to target smaller, less well-defended organisations further down the supply chain that can offer a backdoor into large enterprises, or may simply have fewer backup plans and therefore will be more likely to submit to ransomware demands.
Therefore, if you prefer the atmosphere of smaller firms, there may be opportunities here too, perhaps on a consultancy basis or working for an external partner rather than a full-time role.
What do companies expect from information security professionals?
An in-depth knowledge of technical skills such as programming and threat analysis is always useful when applying for a role in the cyber security field, but these attributes are far from the only thighs recruiters will be looking for.
There are a range of other qualities that will be essential for anybody looking to take up a career in cyber security. Some of the most useful include:
- Communication (both verbal and written)
- Attention to detail
These are all skills that employers will value highly among applicants for cyber security jobs, so anything you can do to highlight your experiences in this area on your CV or in an interview will come in very useful.
What industries can information security personnel work in?
Information security professionals are needed across all sectors. Any company that has private data, whether this is on employees or customers, will need protection. However, there are a few parts of the economy where these professionals will be in especially high demand.
These are usually those that are at especially high risk of attack because they deal with large amounts of highly sensitive and confidential data, such as intellectual property information, trade secrets or financial data.
For example, public sector firms are among those at high risk, as well as private firms with government contracts, especially those in the defence, energy or healthcare sectors. These organisations typically deal with highly sensitive information which may even have national security implications, so you may well need to pass a background check and gain security clearance to work in these sectors.
Best ways to find information security job openings
Jobs such as cyber security engineers and analysts are among the most in-demand roles of any sector, but you'll still need to look carefully at individual listings to determine if you'd be well-suited to the role and the company culture of the employer.
What should you look for in an information security job posting?
If you're considering if a certain position is right for you, look carefully at both the technical and non-technical requirements. Some jobs will require a background in IT or computer science or a specific certification. If you lack these, however, you shouldn't necessarily discount the posting.
Employers are looking for people with passion and the right mindset for a job, and technical skills and qualifications can be picked up along the way if you can impress a recruiter with your other qualities.
It's also important to pay close attention to the job description and expected responsibilities. If they seem a little vaguely-defined, make sure you get more information to avoid ending up in a position that isn't what you expected.
Who can help you find information security job openings?
While there are many places you can head to online to hunt for information technology and security jobs, it's a good idea to turn to a service that specialises in the sector - such as CyberSecurityJobsite.com - in order to stand the best chance of success.
Recruiters come to sites like these because they know it will put them in touch with the best quality candidates, and by uploading your CV, you can allow companies to come to you.
Another good way to find openings for cyber security professionals is to sign up for a careers fair focused directly at the sector. This allows you to meet with leading companies and understand what skills and experience they're looking for.
You can also ask any questions you may have about career paths and get expert advice on starting out, as well as networking with influential industry professionals.
Where can you find out about the latest job postings in information security?
As well as uploading your CV to specialist job sites to help make yourself more visible to recruiters, you should set up job alerts for the types of roles and sectors you're interested in.
At CyberSecurityJobsite.com, you can set up email alerts for a range of specific job titles, as well as selecting salary bands, job roles and sectors to ensure you're also receiving only the openings that are most relevant to you.