Authored by Dipesh Kaura, General Manager, South Asia Kaspersky
According to various estimations, the demand for information security professionals is on the rise, and it won’t decrease in the future. Attacks and data leaks happen every day, forcing more companies to look closely at the benefits of providing high-level information security across their company, and hiring IT specialists accordingly. With this bright career path available to young professionals, cybersecurity is one of the fastest-growing IT industry sectors.
However, such a multifaceted sector can also be confusing for newcomers. In this article, we summarized the Kaspersky recruitment team’s observations and statistics regarding the current state of the informational security job market and the most sought-after professions in this sphere.
Recent cybersecurity profession trends
Over the last three years, Kaspersky has seen an increase in demand for business and information security positions such as presales managers, business development managers, and product managers.
This tendency can be attributed to the introduction of new laws, requirements, and regulations requiring corporates to create products and services that meet the increased demand for information security. The trend has led to a growing need for complex MSSP services, all of which need to be accurately developed, packaged, and positioned for the market.
Speaking of technical roles, our internal recruitment stats confirm that security operations center (SOC), penetration testing and application security specialists, as well as vulnerability researchers, remain among the most sought-after professionals for three years in a row. In addition, since DevSecOps processes have recently been actively implemented in cybersec, there are few relevant specialists in this field. With 70% of organizations lacking an adequate working knowledge of DevSecOps practices, this area of business is also in great demand.
By analyzing applicants, the majority of applications we receive are for the administration of information protection systems, IT compliance (privacy), and management positions. This also means job seekers in these fields face stiff competition for more candidates.
Where do high-demand specialists come from?
One of the most obvious sources for specialists is universities producing cybersecurity professionals. And, as Kaspersky internal statistics show, most of our employees have specialist higher education. However, for us, a diploma from a particular university is never a decisive factor in hiring, especially given that universities are unable to meet the increased demand for these professionals.
Experience is always the main focus, and there are many ways to obtain it even without going to university. For example, we are welcoming people who started their career as an IT generalist, but at some point, handled information security tasks and moved to a related position.
Another good way to move to cybersecurity is to complete an internship. Today there are a huge number of internship programs conducted by commercial companies for students. Our recruiters have observed an increase in correspondence related to a growing demand for IS professions.
A great example of this is our Safeboard program, where we look for and support a new generation of young and perspective cybersecurity professionals. After a successful internship, newcomers join our team or stand a better chance of finding employment with other companies.
Where to start to get the dream job?
For both technical and business roles in information security, IT education is a good way of gaining support and learning because many positions (such as SOC analyst) require a deep knowledge of IT infrastructure.
Online courses are also an option, but, as the practice shows, they must be complemented by high personal motivation and additional self-education activities:
“I used various sources, such as courses or books, which are more likely to help you understand the sequence of studying topics and obtaining a basis for further self-study,” says Konstantin Korobanov, who went from being a food technologist in a factory to a senior developer position at Kaspersky. “As an IT beginner, it is a big advantage to create an account on GitHub (or any similar resource) and solve basic but specific tasks in the first stages of education. These tasks can be easily found on the Internet and after gaining a broad knowledge, you can try to use them in realizing your project or participate in improving open-source projects.”
Kaspersky offers a range of courses suiting different experience levels, which are also helpful for gaining specific skills that help deepen your field expertise. For example, our online cybersecurity training for experts is useful for those already working in cybersecurity who want to advance to the next level in such areas as incident response, threat hunting, malware analysis, and others. To check out your skillset you can take part in relevant competitions, such as CTF (Capture the Flag) or others, where participants solve close-to-life cybersecurity cases.
To gain experience in cybersecurity, crucial for both technical and business-related positions in this field, we suggest students join internship programs, while people already working in IT or related fields can try to get relevant background experience by taking on information security tasks in their workplace. For IT project managers we advise they participate in projects tied to cybersecurity services or product implementation.
Timofey Vorontsov, business process manager at Kaspersky confirms that the relevant background for working in IT security can be gained in positions that superficially don’t have much in common with this sphere: “Working as an aviation design engineer in my previous role, I had to constantly explore various international technical standards, interfaces and requirements including security ones. Every aspect of my work was interesting to me, but I wanted to see the big picture. I constantly took over new tasks, including participation in testing, coding, project management, and others. All this gave me new skills and knowledge allowing me to pursue my career in the interface between business and IT security”.
The path to cybersecurity for IT generalists can begin by handling an IT security function, which usually doesn’t require deep knowledge when it comes to small companies - easier if the company uses a product that goes with the education of IT generalists in the kit.
As you can see, there are many ways to enter the world of cybersecurity. A person with the relevant knowledge and skills, supplemented with interests in the profession and self-motivation has a greater chance of finding their dream job in this field and will build a successful career.