The CSO Security Career Survival Guide

There is little doubt cybersecurity is a hot career path right now. According to labor analytics firm Burning Glass, cybersecurity job postings grew 74% from 2007 through 2013 a rate of growth that was twice as rapid as all IT jobs combined. And demand for cyber information security positions certainly hasn't let up since.

Enterprise security investments are expected to continue to grow. Interestingly, however pay for security talent isn't always on the rise, as one of our recent State of the CSO Surveys revealed. We found that surprising, considering that the enterprise job demand for skilled IT security professionals continue outstrip supply, in a recent story on the cybersecurity pay gap.

Still, information security is an exciting and rewarding career where one gets to work in ways that help to increase the resiliency of the devices and networks we use every day to access information, do our jobs, and conduct commerce. Cybersecurity careers also provide tremendous diversity in the type of work that can be done, from technical roles such as engineering security into devices and software to CISO management roles to penetration testing.

In fact, the information security jobs marketplace is a field with seemingly countless specialties: network, application, database, cryptography, threat intelligence, threat modeling, identity, auditing, malware analyst, forensics, and so on.

Additionally, most all enterprise security positions increasingly require solid communications skills and business savvy: it's no longer as much about how to secure applications and business-technology systems but more security professionals need to help the business move into new markets, embrace new technologies and geographies in a way that mitigates the business risks. Those who can bridge the language gaps between the business suits and engineers and development teams will do very well in the years ahead.

Also, technology is changing more rapidly than ever. Traditional on-premise systems are moving to cloud-based systems, data has moved from the data center to mobile devices, and the intelligence of the business network is moving from within the data center to employee handheld devices. And the network is now beginning to connect everything in the so-called Internet of Things.

Even how enterprise development and operations teams work together to build and manage infrastructure and applications for the enterprise is changing as continuous integration and continuous deployment, as well as the DevOps movement continues takes hold.

Finally, enterprise information security, when done right, disappears. That means it's incredibly challenging to correlate good information security with the bottom line of the business. Good security is costly, and when looking at the need to produce profits and keep costs low security is often perceived as a cost center rather than a trust enabler by the boardroom.

All of this means that cybersecurity is both an easy profession to find opportunity, but a challenging profession to navigate and get all of the value you need.

Getting started in, and keeping, your career in infosec alive:

How to get a job in computer security

The secret to the security profession is to develop all the computer experience you can before you even begin to think about a career in cybersecurity.

Six entry-level cybersecurity job seeker failings

Here's how many cybersecurity entry-level job seekers fail to make a great first impression.

10 security mistakes that will get you fired

From killing critical business systems to ignoring a critical security event, these colossal slip-ups will get your career in deep water quick

Are You Making a Security Career or Working a Job?

In his first column as CSO's Career Catalyst, Michael Santarcangelo outlines three essentials everyone needs to consider to make security work more than just a job.

Tapping into overlooked talent to improve your security career

Success in security is based on your ability to work with others. Improve your career by building a coalition of talent outside security.

The 7 best habits of effective security pros

It's easy for security professionals who are passionate about their careers to get caught up in the technology, but success today requires a lot more than technical savvy. Here are the traits successful security pros say are needed to succeed.

Security careers in the public sector:

The case for taking a government cyber job: 7 recommendations to consider

Cyber jobs are a hot topic right now for most age groups in America. Typical questions include: Which schools, programs and classes offer the best value for money? What certifications are needed to get into cybersecurity? Are public or private sector jobs best? Or, when will this cyber buzz end? Getting more personal, should you consider a government cybersecurity job?

Career Transition: Public Sector to Private

Moving from the public sector to a private sector security job can be a huge leap. In this book excerpt, David Quilter points out the strengths you'll bring along with the skills you may need to develop.

Women in infosec:

10 tips to attract women to infosec jobs

Women make up only 11 percent of infosec professionals. Here are a few tips to attract and recruit more to your business.

Info sec industry still struggles to attract women

Many barriers still stop women from considering info sec as a profession. But both companies and women would benefit in an increase in the numbers, and many firms are now stepping up efforts to recruit them.

A word on burnout:

RSA Conference 2012: Stress and burnout in infosec careers

IT security professionals are experiencing extreme levels of stress and burnout, but they have few places to turn for help.

Join the CSO newsletter!

Error: Please check your email address.

Tags infosec careerssecurityCSO

More about CSORSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place