There is a lot more to cyber security than just hacking...
So… Everyone wants to be a penetration tester!
Lately I’ve been speaking at events, conducting interviews, mentoring new security professionals and students and every single person when asked how they want their career to progress or what they are interested in doing, like clockwork every single person says, “penetration tester”. Maybe I’m the only one, but this is a huge pet peeve of mine!
Penetration testing is the hot topic due to the popularity of Mr. Robot, Edward Snowden, and TV shows depicting hacking that gives the wrong impression. Even YouTube and video games such as Fortnite has bread this idea of a “hacker” to the younger generation that think it’s cool to do.
Don’t get me wrong, Pentesting is a great skill but there is a lot more to cybersecurity than pentesting… Pentesting is the act of attempting to “hack” into systems as a way of testing security. It can help you get a good understanding of attacks and how they are conducted but there is also boring and monotonous work associated with it like any other job.
So why does this bother me? I mean, it is getting people interested in cybersecurity, right? A good penetration tester can be a major asset, but everyone has this fantasy of hacking into something. For example, see the ever-famous meme of two people hacking while typing on a single keyboard on NCIS. How cool is that?!?! Did my sarcasm come through on this blog post?
There isn’t enough education on all the various skills and jobs available in cybersecurity. One major issue is that most of these positions people post want people with a thousand years of experience with hundreds of certifications and can do everything including fart rainbows… According to ISC2 the job gap has grown to over 3 million jobs; in order to fix this, we need to be spending more time and effort educating. We need to hire professionals with experience and then allow them time to train and educate others. To be a security professional all you need is analytical skills, the ability to think critically, and a desire to learn.
At Datashield along with seasoned security professionals we try to hire both college graduates and IT people with various backgrounds such as desktop engineers, database administrators, network engineers, and system administrators. As the security hire gap increases, we have to think outside of the box and have better training programs. First a good culture fit is important and secondly someone eager and open to learning new skills. We also pride ourselves in having a pretty high percentage of female security professionals. The industry also needs to focus on training younger people, we need to get involved in school programs on training cybersecurity.
No matter the position, you may find that other areas interest you besides hacking the planet! Yes, I know it’s an old reference and a lot of people maybe haven’t seen the 90’s hacker movie… If you’re interested in cybersecurity learn about ethical hacking/red team but also learn about forensic investigations, detection and blue team, application security, network security, risk analysis, auditing, and other subjects. For individuals wanting to get into cybersecurity do your research and understand all of the fascist of cybersecurity and be open minded, there is a place for you to learn and grow your skills out there.