We hear a lot about a skills gap, but quite often qualified candidates are not getting noticed in today’s cybersecurity job market. Mansur Hasib, DSC, program chair, Cybersecurity Technology, University of Maryland Global Campus, shares some practical tips for cutting through the noise. In this video, you’ll learn more about what you can do and the things you should focus on to land a job in cybersecurity.
In a recent interview with Pamela Scott, host of the podcast People Secure Cyber, University of Maryland University College (UMUC) Cybersecurity alumnae and author Keirsten Brager (right), MS, CISSP, discusses her latest book, “Secure the Infosec Bag: Six Figure Career Guide For Women In Security” and shares her advice on some of challenges she faced during her career in a male-dominated profession.
In an in-depth interview, Brager shares her passion for introducing women to cybersecurity and discusses the challenges she faced as a minority woman in cybersecurity. As she notes during the conversation, a lack of role models and mentors to help her navigate the complexities with the discipline resulted in a lack of confidence early on.
What is her strongest piece of advice? “Make sure you get some strong mentors on your side who can relate to your unique challenge,” said Brager. “And you can have more than one mentor. I have what I my ‘circle of excellence,’ people I’ve grown to trust over time,” she added.
About Keirsten Brager
Keirsten Brager ia a security technology lead at a Fortune 500 power utility company and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author of “Secure The InfoSec Bag: Six Figure Career Guide for Women in Security,” a guide to empowering women with the strategies needed maximize their earning potential. Brager holds a MS in Cybersecurity from UMUC and several industry certifications, including the CISSP and CASP.
By Valorie King, Ph.D
Can one live an unplugged life? Not really. If you shop or receive medical care or do any one of a hundred small things each day, information about you is captured, stored, transmitted to places that are not secure and may not even be securable. Your phone, your watch or step tracker and your tablet or computer—all your devices—know where you are and where you’ve been. The apps on your devices capture information about your location and time of day and send that off to people you don’t even know and might not approve of if you did.
Every single modern computer is vulnerable to a new type of attack. Organizations are scrambling to deploy new defenses. Vendors are working furiously to find, fix and patch. The public is trying to understand what this new cyber threat means and decide how worried they should be. And the hackers? Well, they’re looking for the next new vulnerability to exploit and increase their fame and fortune.
I deliberately chose to move into the cybersecurity career field. I deliberately chose a career that has become one of the most stressful career fields to be in. Every day, there are new attacks, new vulnerabilities and new tactics that negatively impact—and steal away—our safety and privacy. The cybersecurity industry just can’t keep up. The hackers, cyber criminals and cyber terrorists are winning.
What was I thinking? I don’t know. Cybersecurity just seemed like the best career choice at the time, especially for someone re-entering the IT workforce after almost a decade as a stay-at-home mom. Many of my students are facing similar choices, and I applaud them for wanting to better their lives and the lives of their families. But, sometimes, I wonder if cybersecurity really is the best choice. Is the stress of dealing with cyber risks and cyberattacks, day in and day out, worth the impact on me personally or on my family?
Here’s my bottom line. As I read the news and watch videos about the changing landscape of cyber risks, I am reminded of the words of Irish statesman and philosopher Edmund Burke: “All it takes for evil to triumph is for good men to do nothing.” So, for the moment, I’ll keep on keeping on. I will try to balance my job of informing people and society about cyber risks with an obligation to refrain from creating fear unnecessarily. And, I will try to manage the stress of living daily with the responsibility to inform, to defend and to protect.
About the Author
Valorie King, Ph.D, is program chair, Cybersecurity Management and Policy at UMUC. King’s professional focus is on developing tomorrow’s cybersecurity workforce. To accomplish this, she leads a world-class faculty of scholar-practitioners who engage in the design, management, and assessment of cybersecurity programs, products, and services in businesses and governments within local, regional, national and international contexts.
The skills you need for a successful career in cybersecurity may not be the ones you think. A common misperception about cybersecurity is that you cannot enter the field without being a STEM major with the technical acumen to code, hack, and write scripts.
When Professor Mansur Hasib talks to aspiring cybersecurity professionals who lament their liberal arts degrees, he reminds them that his bachelor’s degree is in economics and politics and his master’s degree is in political science.
Hasib, who is program chair of the Cybersecurity Technology program in The Graduate School at University of Maryland University College (UMUC), explains that “cybersecurity is a vast field in which anyone can find their passion in some aspect.”
Contrary to what you may read in the news, the majority of cybersecurity failures relate to shortcomings in leadership and governance, not technology. Cybersecurity needs professionals with the leadership skills and experience to manage an organization. Organizational leaders in cybersecurity with experience in management can understand cybersecurity at a business level. They have the ability to understand the holistic and interdisciplinary nature of cybersecurity.
“Without a balanced strategy of technology, policy, and people, your organization will not succeed,” said Hasib. “If you don’t know who to hire, how to engage people, how to develop a strategy based on the brainpower of everyone in the organization, and how to build high-performing teams, your organization will fail.”
A Message to Recruiters: Look for Candidates with Soft Skills
While cyber career aspirants should invest in gaining leadership and management skills, cybersecurity recruiters would be wise to consider a broader background when hiring—notably soft skills such as leadership, communication, and teachability, not just technical aptitude.
Organizations that focus on hiring coders and “tech jockeys” miss the boat. “We have a huge leadership void in the field,” said Hasib. “When you look at all the breaches, it may appear as if it was a technology issue, but it was almost always never the technology. It was leadership and strategy that was lacking.” Recruiters should be looking at what a candidate can learn and whether they have the capacity for perpetual, perennial learning and innovation.
Learn more about the skills you need to launch a career in cybersecurity and gain additional insight from UMUC’s Mansur Hasib:
Fellow Roadtripper and current UMUC graduate student Antwan King meets his “cyber” superhero as the group made its way to the Washington, DC area before heading west.
On Friday, December 2, the three participants in Roadtrip Nation’s “Cybersecurity” trip, which kicked off on November 27 in New York City, made their way down to the Washington, D.C. region. During their stop in the D.C. area, a visit that included interviews with cyber leaders and a tour of the National Cryptologic Museum, roadtrippers Mansi Thakar, Emily Cox and UMUC’s own Antwan King rolled into the UMUC Academic Center at Largo to share with family members, supporters, and UMUC faculty and staff their first impressions of the trip, their career aspirations, some life lessons, and what it’s like traveling together in an RV with the cameras rolling. (Roadtrip Nation will produce a documentary about the cross-country journey that will air on public television in spring 2017.)
For UMUC’s King, the visit to DC was especially meaningful because he was able to meet his “cyber superhero,” Michael Echols, CEO of the International Association of Certified ISAOs and former director of the Cyber Joint Programs Management Office at the Department of Homeland Security.
When asked about what this opportunity meant to him, King said, “You wake up every day, you try so hard, and sometimes people tell you “no,” but now I get to talk to the people who can help me define a path and discover what works.”
For the three participants, the trip thus far has been chock full of many unique experiences. However, they all agree that driving the RV stands out as one of the most thrilling. Said Cox, “I’ve never been to any of the cities on the trip, and I’ve never even been in an RV. Now I get to drive it across the country!”
Recruiting is a challenging occupation. We recruiters operate in a competitive environment chasing talent that has many options. Especially challenging is recruiting in the cyber community. Cyber is the buzz word today in technology and recruiting. It is this capability set that gets a lot of attention in recruiting, however, it is the most challenging.
Recruiting in the cyber industry in the Greater Washington, DC Metro Area is a tall order. It is exciting and the work that cyber professionals perform is “cool”; however, as with many technical skill sets there is a shortage of talent in our area. Demand certainly outweighs supply. Cyber is a very broad field. Many firms that specialize in cybersecurity define cyber differently and roll many different skill sets and expertise up under the cyber umbrella. Recruiters are constantly shifting focus as it relates to cyber. One minute we are seeking software developers and the next minute we are looking for a Certified Ethical Hacker (CEH). So what kind of challenges do we as recruiters face while attempting to recruit this specialized talent?
The Greater Baltimore/Washington, DC Metro Area is one of the best yet one of the most competitive geographic areas in the country. We are fortunate to have such a vibrant economy and a rich talent pool. Some of the most highly educated and technical folks in the United States reside in our backyard. With the high volume of job vacancies and the limited talent pool, it becomes a shootout on who can attract and retain the best cyber talent. Mind you, we also typically need candidates who possess the full menu of cyber expertise coupled with a security clearance. Because our region is built around the Nation’s Capital, much of the work supports government clients. In many cases, the workforce must possess a certain type of security clearance. This narrows down the candidate pool even more. It is this small pool of talented individuals that most companies fight over!
In addition to the limited talent pool and security clearances, most opportunities do require some type of cyber certification. It is no longer just enough to have a degree or an advanced degree, most employers also would like you to have cyber certifications to include a CISSP, CEH, Security +, and the list goes on and on. In many cases these certifications are required. Recruiters many times will not look at a candidate or consider them without a particular certification because of this requirement. In other words, if it’s required and we don’t see if on your resume, we simply move on. This is just yet another obstacle in identifying and recruiting cyber talent!
In the government contracting world of the Greater Baltimore/Washington, DC Metro Area we have something called Low Cost Technically Acceptable (LCTA). With government budgets tight sometimes government contractors have to be extremely competitive in the way they bid work. Many acquisitions go to the lowest bidder. With cost constraints and budget constraints, sometimes firms must lower their rates in order to win work. This does have an impact on salaries and pay rates for folks who would work on those programs. With cyber talent in demand, talent does have choices and options. Many times a professional does not always have to entertain a position in the government contracting market. They can always prefer to work in the commercial sector which is not government or government contracting. Cybersecurity skill sets are also in high demand in the non-government contracting world as well. These firms typically have more flexibility in their compensation packages which in many cases is more attractive to the talent pool.
Another challenge recruiting faces with recruiting cyber talent is work environment. In many government contracting environments where a particular security clearance is required, most are closed work areas which means no phones, tablets, etc. With the workforce today so wired and tuned into technology, this environment sometimes turns away bright cyber talent. It is a restriction that we see in our industry. Once again, this does narrow down our talent pool even more. Many commercial companies can offer this type of flexible environment.
The outlook is very good for cybersecurity professionals. Most have many options in this particular geographic area. Whether it be government, government contracting, or commercial there are many opportunities out there for the cyber professional. Recruiting will continue to have challenges as cyber grows, changes, and evolves. One thing is for sure, the competition for cyber talent will always be there. Professionals in the cybersecurity field will continue to see an increase in opportunities as well as career paths.
Mike Bruni possesses over 17 years of experience in Human Resources, Recruiting & Staffing. Mike is heavily experienced within the National Security Industry. Mike joined SAIC (Now Leidos) in January of 2005 after spending 7 years in the staffing industry. Since joining SAIC/Leidos he has taken on many roles leading many initiatives to include Talent Acquisition Management, Sourcing, Capture Staffing, Direct Recruiting, and Veteran Outreach. In July of 2015, Mike joined Booz Allen Hamilton in a Sr. Talent Acquisition Strategy role and is based out of McLean, VA.