This post was originally published on this site.
Cybersecurity lawyer Imran Ahmad says the increase in cyberattacks has left the field in need of more skilled professionals.Jenna Marie Wakani/Supplied
When the movie Hackers was released in 1995, cybersecurity was practically science fiction. Fast forward 30 years, and the fiction has become reality.
Ransomware attacks are on the rise, state-sponsored cyberattacks are making headlines, and artificial intelligence (AI) has added a new layer of complexity. It’s clear the digital frontier is no longer a plot device. Cyber crime is business, and it’s personal.
The privacy and security industry has grown exponentially over the past decade. As cyber threats escalate, a booming job market is emerging in response, creating roles across every corner of the work force.
There are technical roles, such as analysts working on the front lines in security-operations centres (SOCs), analyzing logs and monitoring network traffic to detect suspicious activity. This category also includes incident responders or security engineers.
“[They are the people who] respond to contain the incident, restore the systems, and then obviously investigate what actually occurred,” explains Imran Ahmad, partner and Canadian co-head of cybersecurity and data privacy at Norton Rose Fulbright Canada LLP.
Mr. Ahmad’s title highlights a career path that is less familiar to most: cybersecurity law. Practitioners often act as “breach coaches,” leveraging their privileged relationships with clients to co-ordinate responses to security breaches. This includes organizing third-party vendors, such as ransomware negotiators and security consultants, in the aftermath of a cyberattack.
None of these roles existed 20 years ago.
Then there are roles we most often connect with cybersecurity, largely thanks to Hollywood. Ethical hackers or “white hats,” who work as threat researchers and bug bounty hunters.
“These are the people going out there trying to discover vulnerabilities in information systems before hackers do,” says Kevin Jensen, a recent graduate of the Master of Science in Cybersecurity program at the University of Denver.
He likens the work to a race against the bad guys to find and fix vulnerabilities before they can be exploited.
With cybersecurity’s relatively recent emergence in the job market, there’s no standardized entry route. While there are many certificate programs, undergraduate and graduate degrees in computer science and cybersecurity, Mr. Jensen highlights a point of friction he has encountered in his job search. Many senior decision makers in cybersecurity started as network administrators, “and then they pivoted into these cyber roles over time as necessity demanded.”
This linear mindset, he says, can conflict with the qualifications of those with advanced degrees.
“There is still a high demand for experience versus education in this field,” he explains. “Not a lot of people consider education a suitable substitute for experience.”
Mr. Ahmad says there’s “a gap of expertise out there,” and not enough people to fill the jobs. This gap will create opportunities for formally educated professionals, and Mr. Ahmad predicts there will be a growing importance for leadership roles, such as chief information security officers (CISOs).
An increase is also expected for SOC analysts, especially as SOC-as-a-service becomes necessary to meet rising security demands. Security awareness trainers are likely to become more integral, ensuring employees understand how to minimize risks.
But there are undoubtedly more titles and careers to be created as the sector continues to emerge, which points to how essential cybersecurity is to the future.
While finance, telecommunications, health care, energy and transportation are often cited as high-risk sectors, attacks on lesser-known areas, such as municipalities, have been increasing (the ransomware attack on the City of Hamilton in February, 2024, is one example). This shift, brought on by the rapid adoption of technology, has transitioned this field from a niche concern to a foundational industry that will underpin working lives.
The rapid adoption of technology has expanded vulnerabilities across sectors, driving unprecedented risks and demand for skilled professionals. As AI and the Internet of Things evolve, so too will the challenges and opportunities, ensuring cybersecurity remains vital to personal and global security.
“Cyber is not like another type of threat,” Mr. Ahmad says. “It is highly dynamic … it changes constantly because the hackers are typically human beings.”