Courses / Security As a Career

Why Should You Consider a Career in Information Security?

Overview of the lesson

In the last decade, Information Security has become an essential part of our lives, whether we realise it or not. Organizations across all sectors struggle to find enough skilled individuals to keep their services and products secure, while the cybercrime is now a $600 billion business. In this lesson, we discuss the main reasons why you should consider an information security career.

What you'll learn

  • Why information security exists.
  • Why systems can't be 100% secure.
  • Why information security is important.
  • The main reasons why you should consider an information security career.

If you read this, you’ve probably already heard about the information security industry, maybe from movies, high-profile data breach news, podcasts, or events. Before discussing why you should consider a career in information security, let’s first find out what information security is.

Prerequisites None.
Objective To understand why information security is important nowadays and what are the main reasons for working in this industry.
  • Information security is a multi-disciplinary field that protects the Internet infrastructure, networks and systems from being unauthorised accessed or damaged.
  • Computers are like legos—they can be used in an infinite number of ways. For this reason, creating 100% secure software is not achieveble.
  • Information security is a versatile working field with many options to consider. Since security is everyone’s problem, you can work in any industry (e.g., tech, healthcare, fashion, telecommunications, logistics).
  • From an employment perspective, cybersecurity is one of the most secure industries to be in.
  • In 2019 security engineer was the highest-paid and most-recruited IT role, with an average salary of $140,000. Even at the entry level, finding a job is easier than in other industries.
  • Ironically, the most important traits to be successful in this industry are actually soft skills (critical thinking, creativity, communication, etc.).
  • While formal education is good to have, it is not mandatory requirement to land a job.

Years ago, the Internet was used only in military or academic institutions, but thanks to the World Wide Web, it quickly became an essential part of our modern life. We use it to keep updated with the news, communicate with friends, manage our finances, and much more. However, this implies that much of our sensitive dataphotos, messages, PII or credit card data is into a place where we have no control over how it is used or shared, and by whom.

In real life, I’m sure you do your best to protect sensitive information and valuable assets. You lock your front door, make sure no one sees your PIN while checking your card at an ATM, and so on. But how do you protect your most valuable assetThat is your data. in the digital space? Well, the truth is you cannot, but someone has to do it, so here it comes information security.

Information security is a multi-disciplinary field that ensures the confidentiality, integrity, and availability of information and resources in the digital space. Simply put, it protects the infrastructure, networks, and systems from unauthorised access or being otherwise damaged or made inaccessible.

Now, you probably ask yourself why this working field exists in the first place, right? Can’t engineers develop a solution to secure all our data?

Unfortunately, this is impossible.

Understanding the problem

In the last decade, the skyrocketing number of connected devices demanded a more complex digital infrastructure, as well as new sophisticated apps to satisfy the users’ needs. However, this growth led to numerous new vulnerabilities that could allow an attacker to access or modify our data.

While the link between codebase complexity and the number of vulnerabilities is uncertain, the reason why these vulnerabilities exist is simple: the human mind is fallible, prone to error. As long as we are responsible for developing technology, security issues will continue to exist.

For instance, let’s consider two types of web vulnerabilities: SQL InjectionAn SQL Injection vulnerability allows an attacker to view, edit or delete information from an application’s database. and Server Side Request ForgerySSRF allows an attacker to abuse the functionality of a web application to read and edit internal files.. Nowadays, the prevalence of SQL Injection vulnerabilities decreased significantly compared to the previous years when there was an epidemy of SQL Injections. Some companies, such as Facebook, even affirmed that they managed to completely eradicate this type of vulnerability from their codebase using automated static analysis tools. However, the Web is not safer. SQL Injections were quickly replaced by other vulnerability types such as SSRF.

Therefore, it is crucial to think about security not as a goal that can be reached, nor as a line that can be crossed, but as a continuous process. A process that is never finished. While significant efforts are made to stop successful attacks, new vulnerabilities are discovered and exploited every day.

Now, let’s discuss the main reasons why you should consider a career in information security.

1. Information security is a versatile field with many options to consider

Information security is, without doubt, one of the most versatile working fields out there. From application security to risk assessments to investigations to security operations to compliance, there are tens of different roles that you can choose from.

You can work for a small startup or a large enterprise, a nonprofit organization, a government body, or even for yourself as a freelancer. Moreover, you can work in any field in any industry, including tech, healthcare, fashion, telecommunications, logistics, transportation, infrastructure, manufacturing, legal, eCommerce, entertainment, and even military. Every organization needs security experts, regardless of their size and field.

Therefore, the word “bored” is not something you will hear/use too often in this industry.

2. Zero percent unemployment Low unemployment rate

Due to an increasing number of high-profile data breaches, this industry is booming. Organizations across all sectors struggle to find enough skilled individuals to keep their services and products secure, while the cybercrime is now a $600 billion business. There are literally tens of thousands of jobs available to skilled security enthusiasts. According to Europe GISWS Report 2017, the global lack of cyber-security experts expected to reach 1.8 million worker shortage by 2022 (please read the following note for clarification).

Personal note:
We think some statementsmillion workers shortage, zero percent unemployment, etc. highly used by press are misleading. Saying that there is a 1.8 milion workers shortage or zero percent unemployment sounds like anyone who watched MrRobot and knows how to open the command-line can get a job in information security — when the reality is a quite different. It is easy to find people willing to become an ethical hacker, but really hard to find the highly skilled ethical hackers. That’s where the real shortage is.

Over the next decade, the information security industry will become more diverse, as businesses continue to refine their products. Also, new technologies and methodologies that reshape the software development industry will emerge, generating demand for security workers.

Fun fact:
From an employment perspective, this is one of the most secure industries to be in.

3. Atractive salary and benefits

According to Top List of Hottest Tech Jobs for 2019 | Scout, in 2019 cybersecurity engineer was the highest-paid and most-recruited IT role, with an average salary of $140,000. By offering competitive pay and attractive compensation packages, organizations try to address the shortage of security expertise. But as estimations show, the competition for highly-skilled individuals will get more intense in the years to come.

4. Great sense of job satisfaction

Working in information security is indeed rewarding. While high salary and benefits may sound attractive, working as a security professional comes with many other intrinsic benefits.

I mean, just think about it. What would be like to break into buildings, hack drones, ATMs, or even cars, all while doing it legally? Super cool, right? Well, that can be your day-to-day job as a penetration tester/security consultant.

It’s great to have a job that pays the bills but also makes the world a safer place.

5. You’ll learn transferrable skills

Working in information security is not all about technical knowledge, as you may think. Ironically, the most important traits to be successful in this industry are actually soft skills. Creative thinking, critical thinking, problem-solving, team working, communication, and continued learning are just a few of them. These are highly highly-transferrable skills suitable for roles in other industries as well. If you have them, it’s easy to move to other working fields.

6. Formal education good to have, but not mandatory

Many security experts are self-taught individuals that dropped school.

Since security is eveyone’s problem and companies are struggling to find enough talented people, what would be the logic to limit security roles only for people with degrees in computer science?

The same applies to security certifications, too. While they are good to have, no serious company will reject you for not possessing certifications if you are a skilled person.

7. You’ll know how to keep your own data safe

Except for the benefits related to your career, being an infosec expert comes with some personal benefits as well.

You know those spam messages telling you that you have won billions from the Prince of Nigeria, or those annoying websites that tell your computer have been infected with some virus? None of these will deceive you because you know what’s going on behind the scenes. It’s like a superpower, right? The superpower of not getting hacked or scammed easily. If this doesn’t convince you, I don’t know what else can. 🤷🏻

The next steps

Information security might not be for everyone, but if you are already interested in technology, computers, security, the Internet, IoT, or other tech related subjects, you should give it a try. In the next lesson, we explore the first steps into your information security career. So, if you are interested in learning more, check it out.

Next lessons View all
Security As a Career

How to Start Your Career in Information Security

Is hacking like in the movies? How do I start? What do I need to know? What skills should I have? These are questions that each of us had when we started...

Read now
Security As a Career

Career Paths: Bug Bounty

For years, hackers were convicted for their activities and cataloged as criminals. Nowadays, they can legally hack some of the largest companies and get rewarded.

Read now
Demistifying the Web

What Are Web Applications?

Web applications are an important part of our lives. Just like cars, most of us use them without really understanding what’s going on behind the scenes...

Read now