Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to Land a Job in Cybersecurity

How to Land a Job in Cybersecurity

This presentation was presented to UMBC's Cyber Scholars May 6th 2016.

As Cyber Scholars, some fraction of you are absolutely certain that you not only want a career in cybersecurity, but that you want a specific role in it. If you're in that fraction, awesome--except, this talk isn't designed for you. This talk is for those scholars that have doubts. Doubts about whether cybersecurity is a good place to be long-term. Doubts about what role they want in cybersecurity. Doubts about how to actually get said role in cybersecurity. This talk addresses each of these doubts in detail. While some think it's best to "leave your doubts behind," you don't want to do that for this talk. Bring them, and watch them be systematically dismantled.

nwokedi

May 06, 2016
Tweet

More Decks by nwokedi

Other Decks in How-to & DIY

Transcript

  1. BASIC JOB HUNTER QUESTIONS Is cybersecurity going to be in

    demand in the future? What do I want to do in cybersecurity?
  2. BASIC JOB HUNTER QUESTIONS Is cybersecurity going to be in

    demand in the future? What do I want to do in cybersecurity? How do I get the role I want?
  3. YES

  4. YES How much are Venture Capitalists investing? What’s the size

    (in dollars) of the market? What does the supply and demand look like for opportunities?
  5. HOW MUCH ARE VCS INVESTING VCs spent $3.3B on cybersecurity

    startups1 in 2015, up from $1.9B the previous year2
  6. HOW MUCH ARE VCS INVESTING VCs spent $3.3B on cybersecurity

    startups1 in 2015, up from $1.9B the previous year2 Industry Amount Invested (2015) Cybersecurity $3.3B Commercial Space $1.8B Biotech $1.5B
  7. THE SIZE (IN DOLLARS) OF THE MARKET The cybersecurity market

    was $75B in 20156 The cybersecurity market is forecasted to be $170B by 20205
  8. THE SIZE (IN DOLLARS) OF THE MARKET The cybersecurity market

    was $75B in 20156 The cybersecurity market is forecasted to be $170B by 20205 Company Market Cap Multiple of Cybersecurity Netflix $38B ~0.5 Starbucks $81B ~1 Oracle $165B ~2 Facebook $334B ~4
  9. SUPPLY AND DEMAND OF JOB OPPORTUNITIES We’re not generating enough

    cybersecurity professionals and won’t for a while (if ever)
  10. SUPPLY AND DEMAND OF JOB OPPORTUNITIES We’re not generating enough

    cybersecurity professionals and won’t for a while (if ever) While some differ on projections8,9, they all point to more unfulfilled demand in the future
  11. There were 209K unfilled cybersecurity jobs in 2015 there is

    expected to be 1.5M unfilled cybersecurity jobs by 2019
  12. Q1 RESPONSE SUMMARY VCs can’t get enough of cybersecurity startups

    The size (in dollars) of the cybersecurity market is large and has been growing and is expected to continue growing
  13. Q1 RESPONSE SUMMARY VCs can’t get enough of cybersecurity startups

    The size (in dollars) of the cybersecurity market is large and has been growing and is expected to continue growing The demand for cybersecurity talent is expected to grow
  14. IT DEPENDS The marketplace defines what’s available AND only you

    can determine the intersection of the marketplace demand, your preferences, and your strengths
  15. A REGEX FOR CYBERSECURITY ROLES (Anti-Abuse|Compliance|Cyber(security)?|Forensics| (Anti-)?Fraud|Incident Response|(Anti-)?Malware| Penetration|Risk|Security|Threat|Trust (and

    Safety)?| Vulnerability) .*(Architect|Analyst|Consultant|Officer| Operator|Research (Engineer|Scientist)|Researcher| Solution Engineer|Specialist|Strategist|Tester)?
  16. A REGEX FOR CYBERSECURITY ROLES (Anti-Abuse|Compliance|Cyber(security)?|Forensics| (Anti-)?Fraud|Incident Response|(Anti-)?Malware| Penetration|Risk|Security|Threat|Trust (and

    Safety)?| Vulnerability) .*(Architect|Analyst|Consultant|Officer| Operator|Research (Engineer|Scientist)|Researcher| Solution Engineer|Specialist|Strategist|Tester)? e.g., Chief Risk Officer, Malware Reverse Engineer, Information Security Consultant, Director of Threat Research
  17. INFERENCES There are lots of options Role names are applied

    in a non-standard way (e.g., A vulnerability researcher at one place is a threat researcher at a another), so reading descriptions for patterns is important
  18. INFERENCES There are lots of options Role names are applied

    in a non-standard way (e.g., A vulnerability researcher at one place is a threat researcher at a another), so reading descriptions for patterns is important The regex is great fodder for keyword web searches
  19. IN CASE YOU’RE NOT PARTICULARLY GOOD AT ANYTHING Just because

    you’re not good at something today, doesn’t mean you can’t be significantly better at it through appropriate practice15
  20. IN CASE YOU’RE NOT PARTICULARLY GOOD AT ANYTHING Just because

    you’re not good at something today, doesn’t mean you can’t be significantly better at it through appropriate practice15 Most engage in “naive practice”
  21. IN CASE YOU’RE NOT PARTICULARLY GOOD AT ANYTHING Just because

    you’re not good at something today, doesn’t mean you can’t be significantly better at it through appropriate practice15 Most engage in “naive practice” Purposeful practice gets us closer to mastery (e.g., Steve went from remembering only 7 random digits to remembering 82 random digits over 200 sessions)
  22. Q2 RESPONSE SUMMARY The cybersecurity space has many roles The

    right one requires reading and strengths finding
  23. Q2 RESPONSE SUMMARY The cybersecurity space has many roles The

    right one requires reading and strengths finding If your preference isn’t wrong now, it might be later—so don’t sweat it too much
  24. COMMON KNOWLEDGE/SKILLS SEEN FOR SECURITY ENGINEERING ROLES Applied Cryptography TLS/SSL

    HTTP Penetration testing Code auditing Cross-site scripting/Cross-site Request Forgery Build security-relevant tools
  25. A GREEDY STRATEGY FOR CHOOSING SKILLS FOR ACQUISITION Find the

    intersection of skills across all companies
  26. A GREEDY STRATEGY FOR CHOOSING SKILLS FOR ACQUISITION Find the

    intersection of skills across all companies Sort the skills by the size of their intersection
  27. A GREEDY STRATEGY FOR CHOOSING SKILLS FOR ACQUISITION Find the

    intersection of skills across all companies Sort the skills by the size of their intersection Attain the skills in descending order
  28. PROJECTS No real rules The quicker you can get it

    done the better Some are nominally not timed, but they all are timed
  29. PROJECTS No real rules The quicker you can get it

    done the better Some are nominally not timed, but they all are timed If they say “People usually finish it in a week,” you should finish the project in a week to be considered serious
  30. DIVIDING AND CONQUERING Problem Solution being put on the spot

    understanding the problem recognize what type of problem it is
  31. DIVIDING AND CONQUERING Problem Solution being put on the spot

    understanding the problem recognize what type of problem it is can you state the solution in plain English
  32. DIVIDING AND CONQUERING Problem Solution being put on the spot

    understanding the problem recognize what type of problem it is can you state the solution in plain English can you translate your plain English solution into code quickly and accurately
  33. DIVIDING AND CONQUERING Problem Solution being put on the spot

    understanding the problem recognize what type of problem it is can you state the solution in plain English can you translate your plain English solution into code quickly and accurately can you analyze the complexity of your solution
  34. DIVIDING AND CONQUERING Problem Solution being put on the spot

    understanding the problem recognize what type of problem it is can you state the solution in plain English can you translate your plain English solution into code quickly and accurately can you analyze the complexity of your solution can you critique your solution
  35. THINK, ACT LIKE THE MASTERS Competitive Programming Websites Codewars Topcoder

    Hackerrank Mimicking the editorials > Getting a high rank
  36. TRUE FOR ALL MODELS Having no goal is least ideal

    Having only an outcome goal is better
  37. TRUE FOR ALL MODELS Having no goal is least ideal

    Having only an outcome goal is better Having an outcome goal AND a process goal is best
  38. Q3 RESPONSE SUMMARY Be what the marketplace is looking for

    Figure out what the marketplace is looking for and become that
  39. Q3 RESPONSE SUMMARY Be what the marketplace is looking for

    Figure out what the marketplace is looking for and become that Train for your interviews like a musician, a chess player, and athlete
  40. IN CONCLUSION Cybersecurity is an excellent area to have a

    career in for the foreseeable future
  41. IN CONCLUSION Cybersecurity is an excellent area to have a

    career in for the foreseeable future Finding what role you want will take effort and will likely change over time
  42. IN CONCLUSION Cybersecurity is an excellent area to have a

    career in for the foreseeable future Finding what role you want will take effort and will likely change over time Accumulating desired experiences and training in earnest will get you the job
  43. REFERENCES 1. https://www.technologyreview.com/s/545626/venture-capitalists-chase-rising-cybersecurity-spending/ 2. http://www.csoonline.com/article/2968438/security-industry/investors-pour-billions-in-to-cybersecurity-firms.html 3. http://fortune.com/2016/02/22/vcs-invested-more-in-space-startups-last-year/ 4. http://nvca.org/pressreleases/58-8-billion-in-venture-capital-invested-across-u-s-in-2015-according-to-the-moneytree-report-2/ 5.

    http://www.marketsandmarkets.com/PressReleases/cyber-security.asp 6. http://www.gartner.com/newsroom/id/3135617 7. http://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures-2015-to-2019-indicate-severe-workforce-shortage.html 8. http://peninsulapress.com/2015/03/31/cybersecurity-jobs-growth/ 9. http://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf 10. Blumberg, S., Gilbert, D., Pinel, E., Wilson, T., (1998) “Immune Neglect: A Source of Durability Bias in Affective Forecasting”, Journal of Personality and Social Psychology 75, 617-638 11. https://www.ted.com/talks/dan_gilbert_you_are_always_changing?language=en 12. http://www.apa.org/topics/divorce/ 13. http://nautil.us/issue/35/boundaries/not-all-practice-makes-perfect 14. https://books.google.com/books?id=JV-mMBK8q-0C 15. http://nautil.us/issue/35/boundaries/not-all-practice-makes-perfect 16. http://geoffcolvin.com/books/talent-is-overrated/