What Should I Know About Pursuing a Career in Cybersecurity?

[Kelvinr72]

I'm am very interested and curious about a career in Cybersecurity. This is a field that I think about every day and I just want to hear from some people who have been in the field to give me some more insight as to what the industry of Cybersecurity is all about. I want to know what are the skills I would need, what type of jobs there are in the field, would it be easy to explore other fields of computer science if I started from this one, and would this be a good industry to start my own company?

 

[Dr. Courtney]

I've been offered a couple jobs in cybersecurity, but I turned them down.

Mostly, it was my programming, problem solving, and math skills that made me a strong candidate.

 

[Vanadium 50]

This covers a huge range from a PhD computer scientist to an assembly-line worker making tokens. I don't think things can be easily captured by the experiences of one or even a few people.

 

[JakeBrodskyPE]

Vanadium's observation is right on target.

I study just a niche of the cyber-security problem: I work on security for industrial control systems. To do this, one must have a strong background in programming including multiple low level languages such as C, Assembly, Forth, and the like. One must also have an intimate knowledge of the networks: how the instrumentation and networks get through the telecommunications network to the computers in the operations center, and then also some systems programming as well to know all the gyrations that need to be brought to bear for the value from the field to be displayed on someone's screen. There is also a need to know interface protocols, and then do not forget the actual instrumentation and controls engineering. Understanding the process, the safety concerns, the various states and contingency plans, along with where the real money is spent is all important.

This is a very broad and deep endeavor. Nobody I know in this field has less than a decade of experience. It takes that long to get up to speed on this subject. The learning curve is very shallow for a very long time.

Likewise, if you're going to analyze financial system security, you need to know what the financial system does. This means you need to know a lot about what the financial transactions are and how they're conveyed.

In other words, this is not cyber-security. It is security that happens to include computing systems. This nuance is hard to comprehend, until you realize that the cyber component is merely a vehicle for the rest of the process and part of the security models which should already be in place (but frequently are not). This is about human factors, policies, procedures, technologies, processes, protocols, and so much more.

It can be exasperating, tragic, silly, stupid, amazing, cool, dynamic, and incredibly fun. It is a very interesting challenge from many aspects.

A bit about my background: My degree was in Electrical Engineering. My PE is in Controls Engineering. I also have been very proficient in systems programming, embedded programming, and even computing hardware. I've also been a ham radio enthusiast for decades, and I have a deep interest in RF. I also know the industrial processes for our company intimately. I programmed the controllers that we use for all sorts of operations on plants. I participate in standards committees. and I publish papers and books.

That's what life is like for me. I got here because there were problems that nobody else was willing to deal with, so I studied them and looked for better ideas. That's what cyber-security (I detest that term) should be like.