Overview of the lesson
In the last decade, Information Security has become an essential part of our lives, whether we realise it or not. Organizations across all sectors struggle to find enough skilled individuals to keep their services and products secure, while the cybercrime is now a $600 billion business. In this lesson, we discuss the main reasons why you should consider an information security career.
What you'll learn
If you read this, you’ve probably already heard about the information security industry, maybe from movies, high-profile data breach news, podcasts, or events. Before discussing why you should consider a career in information security, let’s first find out what information security is.
Prerequisites | None. |
Objective | To understand why information security is important nowadays and what are the main reasons for working in this industry. |
TL;DR |
|
Years ago, the Internet was used only in military or academic institutions, but thanks to the World Wide Web, it quickly became an essential part of our modern life. We use it to keep updated with the news, communicate with friends, manage our finances, and much more. However, this implies that much of our sensitive dataphotos, messages, PII or credit card data is into a place where we have no control over how it is used or shared, and by whom.
In real life, I’m sure you do your best to protect sensitive information and valuable assets. You lock your front door, make sure no one sees your PIN while checking your card at an ATM, and so on. But how do you protect your most valuable assetThat is your data. in the digital space? Well, the truth is you cannot, but someone has to do it, so here it comes information security.
Information security is a multi-disciplinary field that ensures the confidentiality, integrity, and availability of information and resources in the digital space. Simply put, it protects the infrastructure, networks, and systems from unauthorised access or being otherwise damaged or made inaccessible.
Now, you probably ask yourself why this working field exists in the first place, right? Can’t engineers develop a solution to secure all our data?
Unfortunately, this is impossible.
In the last decade, the skyrocketing number of connected devices demanded a more complex digital infrastructure, as well as new sophisticated apps to satisfy the users’ needs. However, this growth led to numerous new vulnerabilities that could allow an attacker to access or modify our data.
While the link between codebase complexity and the number of vulnerabilities is uncertain, the reason why these vulnerabilities exist is simple: the human mind is fallible, prone to error. As long as we are responsible for developing technology, security issues will continue to exist.
For instance, let’s consider two types of web vulnerabilities: SQL InjectionAn SQL Injection vulnerability allows an attacker to view, edit or delete information from an application’s database. and Server Side Request ForgerySSRF allows an attacker to abuse the functionality of a web application to read and edit internal files.. Nowadays, the prevalence of SQL Injection vulnerabilities decreased significantly compared to the previous years when there was an epidemy of SQL Injections. Some companies, such as Facebook, even affirmed that they managed to completely eradicate this type of vulnerability from their codebase using automated static analysis tools. However, the Web is not safer. SQL Injections were quickly replaced by other vulnerability types such as SSRF.
Therefore, it is crucial to think about security not as a goal that can be reached, nor as a line that can be crossed, but as a continuous process. A process that is never finished. While significant efforts are made to stop successful attacks, new vulnerabilities are discovered and exploited every day.
Now, let’s discuss the main reasons why you should consider a career in information security.
Information security is, without doubt, one of the most versatile working fields out there. From application security to risk assessments to investigations to security operations to compliance, there are tens of different roles that you can choose from.
You can work for a small startup or a large enterprise, a nonprofit organization, a government body, or even for yourself as a freelancer. Moreover, you can work in any field in any industry, including tech, healthcare, fashion, telecommunications, logistics, transportation, infrastructure, manufacturing, legal, eCommerce, entertainment, and even military. Every organization needs security experts, regardless of their size and field.
Therefore, the word “bored” is not something you will hear/use too often in this industry.
Due to an increasing number of high-profile data breaches, this industry is booming. Organizations across all sectors struggle to find enough skilled individuals to keep their services and products secure, while the cybercrime is now a $600 billion business. There are literally tens of thousands of jobs available to skilled security enthusiasts. According to Europe GISWS Report 2017, the global lack of cyber-security experts expected to reach 1.8 million worker shortage by 2022 (please read the following note for clarification).
Over the next decade, the information security industry will become more diverse, as businesses continue to refine their products. Also, new technologies and methodologies that reshape the software development industry will emerge, generating demand for security workers.
According to Top List of Hottest Tech Jobs for 2019 | Scout, in 2019 cybersecurity engineer was the highest-paid and most-recruited IT role, with an average salary of $140,000. By offering competitive pay and attractive compensation packages, organizations try to address the shortage of security expertise. But as estimations show, the competition for highly-skilled individuals will get more intense in the years to come.
Working in information security is indeed rewarding. While high salary and benefits may sound attractive, working as a security professional comes with many other intrinsic benefits.
I mean, just think about it. What would be like to break into buildings, hack drones, ATMs, or even cars, all while doing it legally? Super cool, right? Well, that can be your day-to-day job as a penetration tester/security consultant.
It’s great to have a job that pays the bills but also makes the world a safer place.
Working in information security is not all about technical knowledge, as you may think. Ironically, the most important traits to be successful in this industry are actually soft skills. Creative thinking, critical thinking, problem-solving, team working, communication, and continued learning are just a few of them. These are highly highly-transferrable skills suitable for roles in other industries as well. If you have them, it’s easy to move to other working fields.
Many security experts are self-taught individuals that dropped school.
Since security is eveyone’s problem and companies are struggling to find enough talented people, what would be the logic to limit security roles only for people with degrees in computer science?
The same applies to security certifications, too. While they are good to have, no serious company will reject you for not possessing certifications if you are a skilled person.
Except for the benefits related to your career, being an infosec expert comes with some personal benefits as well.
You know those spam messages telling you that you have won billions from the Prince of Nigeria, or those annoying websites that tell your computer have been infected with some virus? None of these will deceive you because you know what’s going on behind the scenes. It’s like a superpower, right? The superpower of not getting hacked or scammed easily. If this doesn’t convince you, I don’t know what else can. 🤷🏻
Information security might not be for everyone, but if you are already interested in technology, computers, security, the Internet, IoT, or other tech related subjects, you should give it a try. In the next lesson, we explore the first steps into your information security career. So, if you are interested in learning more, check it out.