Sep 20 2022

What do SOC analysts need to be successful?

Category: Cyber career,InfoSec jobsDISC @ 8:51 am

Gurucul announced the results of a Black Hat USA 2022 security professionals survey with respondents indicating that insider threats were the most difficult type of attack for SOC analysts to detect, and that behavioral analytics was the most common piece of technology they felt was missing and that they planned to add to the SOC in the near future.

The survey also found that a strong majority of respondents feel their SOC programs are improving, but that they needed more training, high-level talent in the SOC, better compensation, and more time off.

“Taken as a whole, these survey results suggest that organizations and security professionals understand that insider threats are a serious security risk and are working to improve their defenses by adding technologies like behavioral analytics and network traffic analysis,” said Saryu NayyarGurucul’s CEO.

Other key findings from the survey include:

  • 27% of respondents identified insider threats as the most difficult attack to detect – the highest percentage across types.
  • More than 36% of respondents chose behavioral analytics as the technology they are currently missing that would most improve their SOC and more than 24% plan to invest budget into behavioral analytics solutions in the next year.
  • More than 17% of respondents plan to invest in Network Traffic Analysis technology in the next year.
  • 82% of security professionals feel their SOC programs are improving. Less than 5% said it was actively getting worse.
  • Tier 3 SOC analysts / threat hunters are the most in-demand role in the SOC (chosen by 31% of respondents), followed by Tier 2 Analysts (20%) and threat content creators (16%).
  • 39% of respondents feel that their organization is investing in enough training for the SOC, but 31% said they are not and 30% were undecided.
  • 35% of analysts need more than two weeks of time off to feel rejuvenated and 28% feel like they deserved a 20% raise.
insider threat

Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career

Tags: SOC analysts

Sep 08 2022

How do I become a cyber security professional?

Category: Cyber career,Information Security,InfoSec jobs,QuoraDISC @ 11:17 pm

Tags: cyber security professional

Aug 23 2022

How Many Cybersecurity Pros do we Really Need?

Category: Cyber career,InfoSec jobsDISC @ 9:56 am

How Many Cybersecurity Pros do we Really Need?

We take it as gospel that we have a skills gap in cybersecurity. In fact, the narrative across most of the industry is that you need tools and you need automation because there aren’t enough people to do the work.

And we believe it. But what if that’s not actually the case?

Let me play devil’s advocate for a bit here. I know of quite a few entry-level security folks that are having trouble getting jobs. Now, these are young folks, so maybe their expectations are a bit wacky in terms of compensation or perks or culture but, all the same, if we had such a severe cybersecurity skills gap, wouldn’t the market normalize the additional salary and perks to hire anyone? Is it about the bodies or getting the right bodies? Are we in a position to be picky?

Maybe that’s it. A lot of the entry-level folks aren’t very good at security. How can they be? Security is hard. You need to know a lot of stuff about a lot of stuff, and it’s not the kind of knowledge you really get in a classroom. To be clear, a cybersecurity curriculum provides a great foundation for security professionals, but you don’t really learn until you are screwing it up for real in a live-fire environment.

What if everyone likes to bitch about how we can’t find enough people because they want to cover their asses regarding the reality that most security teams don’t perform very well? Is the industry just diverting attention away from our abysmal outcomes by blaming it on the lack of people? Is this security’s Wizard of Oz moment?

Let’s talk about the folks that should have the most acute problem: The MSSPs or MDR (managed detection and response) companies. These companies can’t grow without people, and they’ve raised capital at valuations that promise that they’ll be growing quickly for many years. How are they addressing this problem?

MDR companies are growing their staff internally. They invest in automation, threat intelligence and supporting technologies that help entry-level security practitioners to become productive faster. They send these n00bs to training and they put guardrails around them to make sure they don’t screw up (too badly).

Maybe that’s the answer. There are enough practitioners, but they don’t have the right skills. The raw materials are available, but we may not want to make the commitment to develop them into workable security staff. So your choice breaks down to either bitching about not having enough staff or getting to work developing your junior staffers.

Now, I may be wrong—t wouldn’t be the first time and it won’t be the last. We may not have enough practitioners to get the work done, but I think we’re focusing too much on what we can’t do and not enough on what we can by making an investment in our people.

Agree? Disagree? Let me know in the comments.

Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career

Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career

Tags: Cyber career, cyber security career, InfoSec jobs

Jun 17 2022

45% of cybersecurity pros are considering quitting the industry due to stress

Category: Cyber career,InfoSec jobsDISC @ 8:32 am

Deep Instinct released the third edition of its annual Voice of SecOps Report, focused on the increasing and unsustainable stress levels among 1,000 C-suite and senior cybersecurity professionals across all industries and roles. The research found that 45% of respondents have considered quitting the industry due to stress, with the primary issues being an unrelenting threat from ransomware and the expectations to always be on call or available.

cybersecurity professionals stress levels

The research reinforced that paying a ransom remains a hotly debated topic. 38% of respondents admitted to paying a ransom, with 46% claiming their data was still exposed by the hackers; and 44% could not restore all their data even after a ransom was paid.

The great cybersecurity resignation

The job of defending against increasingly advanced threats on a daily and hourly basis is causing more problems than ever as 46% of respondents felt their stress had measurably increased over the last 12 months. This was especially the case for those working within critical infrastructure. These increased stress levels have led cybersecurity professionals to consider leaving the industry altogether, joining in the “Great Resignation,” rather than moving to a new cybersecurity role at a new employer.

  • 45% admit to considering quitting the industry on at least one or two occasions
  • 46% know at least one person who left cybersecurity altogether in the past year due to stress

Who’s stressed and why?

Stress is not only felt by SOC teams and others on the cyber frontlines but also among those in the C-Suite who are making the difficult decisions on how to use their available resources more efficiently.

Biggest stress culprit: Ransomware

45% of respondents said that ransomware was the biggest concern of their company’s C-Suite. The survey found that 38% of respondents admitted to paying up in order to receive the encryption key primarily to avoid downtime (61%) or bad publicity (53%). However, paying the ransom did not guarantee a resolution post-attack in many cases.

Of those reporting that a payment was made:

  • 46% claimed to still have their data exposed by the hackers
  • 44% couldn’t restore all their data
  • Only 16% claimed to have no further issues to date

In response to these issues with ransomware payment, 73% of respondents claimed they would not pay a ransom in the future.

Among those who claimed they would still pay a ransomware demand in the future, widespread fear remained that they would be trouble-free in the future.

The fear of paying a ransom in the future included the following:

  • 75% do not expect to have all their data restored
  • 54% fear the criminals will still make the exfiltration of data public knowledge, and
  • 52% fear the attackers will have installed a back door and will return

“Considering that the constant waves of cyber-attacks are likely to become more common and evasive as we move forward, it’s of the utmost importance to ensure that those who dedicate their careers and lives to defending our businesses and country don’t become overly stressed and give up,” said Guy Caspi, CEO of Deep Instinct.

“By adopting and utilizing new defensive techniques, like artificial intelligence and deep learning, we can help the cybersecurity community mitigate one of the most important issues that is often overlooked by many: the people behind the keyboard.”

Fight Fire with Fire: Proactive Cybersecurity Strategies for Today’s Leaders

DISC InfoSec

#InfoSecTools and #InfoSectraining



Tags: cybersecurity pros, Fight Fire with Fire, industry stress

Jun 02 2022

How to support women in cybersecurity

Category: cyber security,Information Security,InfoSec jobsDISC @ 8:48 am

Cybersecurity is required to be a dynamic industry because cybercriminals don’t take days off. Cybersecurity professionals must be innovative, creative, and attentive to keep gaining the upper hand on cybercriminals. Unfortunately, there are millions of unfilled cybersecurity job openings around the globe.

The gender divide

The problem of not enough cybersecurity professionals is exacerbated by a lack of diversity in the sector. There is a disproportionately low ratio of women to men within the entire technology industry. In the science, technology, engineering and math (STEM) industries, women make up only 24% of the workforce, and while this has increased from just 11% in 2017, there is clearly still a sizeable disparity.

The cybersecurity industry is performing only marginally better than STEM, with women making up roughly 24% of cybersecurity jobs globally, according to (ISC)².

There is also a parallel trend here: women have superior qualifications in cybersecurity than their male counterparts. Over half of women – 52% – have postgraduate degrees, compared to just 44% of men. More importantly, 28% of women have cybersecurity-related qualifications, while only 20% of men do. This raises one important point, which is that women feel that they must be more qualified than men to compete for and hold the same cybersecurity roles. The industry is, therefore, losing a significant pool of talent because of this perception. Untapped talent means less innovation and dynamism in the products and services businesses offer.

Unfortunately, the challenges for women do not appear to stop once they enter the cybersecurity workforce. Pay disparity continues to blight the industry. Women reported being on smaller salaries at a higher proportion than men. 17% of women reported earning between $50,000 and $99,000 compared to 29% of men. However, there are signs that this disparity in pay is closing. For those in cybersecurity who earned over $100,000, the difference in percentage between men and women was much closer. This is encouraging and shows that once women are in the industry, they can enjoy as much success as men.

Nevertheless, reaching these higher levels of the cybersecurity industry is far from straightforward for women at present. It is an unavoidable fact that women still struggle to progress as easily compared to male counterparts. A key reason for this is cultural: women are disinclined to shout about their achievements, as such they regularly go unnoticed when promotions and other opportunities come round.

The cybersecurity industry is starting to embrace diversity in the workforce, but there is a long way to go before women are as valued in cybersecurity as men. With the current skills deficit hampering the growth of cybersecurity providers, this is a perfect opportunity for the industry and individual providers to break the bias and turn to women to speed up innovation and improve defense against cybercriminals.

Why women are essential for success


Women Know Cyber: 100 Fascinating Females Fighting Cybercrime

Tags: women in cybersecurity

Mar 17 2022

How to plan for increased security risks resulting from the Great Resignation

Category: Cyber career,InfoSec jobsDISC @ 9:17 pm

The Great Resignation is sweeping the world, and the causes and impacts are still being analyzed. Texas A&M University professor Anthony Klotz coined the term, predicting an unusual rise in voluntary resignations as employees anticipated the global pandemic coming to end and life returning to normal. Many employees stayed longer in roles because they were uncertain of the future during the pandemic, while frontline workers experienced an elevated level of burnout due to increased stress. Workers in all industries are looking for new opportunities and leaving past roles behind.

IT and security staff are resigning too, feeling increased stress from managing more remote employees, a rapid transition to the cloud that didn’t allow time for them to gain cloud expertise before making the leap, and a rise in cyberattacks globally. Finding and retaining security talent is an ongoing challenge, one that exposes organizations to increased risk because there simply aren’t enough security experts available.

Most employees, certainly in technology companies but in other industries as well, are required to undergo security training and sign non-disclosure agreements (NDAs) when they join a company. That’s frequently the last time they consider security training, how they use personal devices for company communications and data, and what data belongs to the company and what data they’re permitted to share externally or take with them when they leave. Much of this information is only communicated in an NDA, a document that’s rarely read carefully or reviewed regularly. This may result in reduced adherence to security rules and practices — and, consequently, data losses. Some disgruntled employees may even be tempted to disclose sensitive information or leave security holes to allow them to access the company’s IT infrastructure after departure.

All employees have access to secrets, whether that’s a product strategy document, internal lists of sales prospects or customers, or other internal communications or presentations that aren’t intended for external consumption. Security and engineering teams have access to many internal systems, passwords, and secrets. When many employees leave an organization in a brief period, risks increase because there are so many things to take care of for so many people at the same time.

How to ensure employees, especially security staff, are off-boarded appropriately


Off-boarding employees can pose challenges for any organization. In the past year, data exfiltration incidents increased due to employees taking data, systems access, or both with them when they exit. This is when organizations can refer to their onboarding plan to create a successful off-boarding plan, one that includes people, process, and technology.

Rather than taking a reactive approach to employees leaving the company, embrace a readiness-mindset and prepare for departures in advance. To do that, here are essential steps to take so that you’re ready for employee departures:

  • Nurture the culture in your organization. This isn’t something you start when your employee gives their notice — it’s something they’re part of from the moment they join your team. Having good interpersonal relationships, sharing values, and identifying and handling personnel issues quickly and appropriately will help you keep your employees and turn them into advocates for your company after they leave. They’ll refer candidates to you, become mentors or contributors in another capacity, or even return for another role in the future. Having a positive relationship makes employees far less likely to pose a threat to your security profile.
  • Conduct an exit interview through Human Resources to get honest feedback from your employees. When employees are ready to move on to a new opportunity, take the time to ask them for suggestions, learn about problem areas, and build bridges for future relationships even after departure. Whether they’re leaving for a promotion, more flexibility, or because they’re ready to retire, their input can still influence HR decisions around benefits and culture.
  • Create a knowledge transfer plan. Don’t wait until their last day to find out all the unique knowledge your employees hold. Most of that information probably isn’t in the job description, so documenting it (and having departing employees train your new hires, if possible) will help new employees become productive more quickly.
  • Review the materials signed during onboarding and security training. Many employees have no idea that the data they take with them increases the security risks for their organizations. Make sure that the person reviewing it with them understands these issues and can communicate them effectively.
  • Collect company assets. This includes office keys, key cards, laptops, cell phones, badges, corporate credit cards, and any other physical devices that you want returned. Keep a list and track all company assets that you’ve given employees to make sure you get these assets before they leave the building. If employees are keeping an asset, such as a laptop or cell phone, ensure that the data stored on it meets your requirements for employee data retention. For personal devices, former employees need to delete company apps and accounts.
  • Don’t forget digital access. Whether it’s access to a GitHub repository, Jira, Confluence, the company’s social media accounts, company email and workplace communication platforms, or anything in between, make sure that access ends when employment ends. This helps you make sure that the right people have access even after the employee leaves and reduces the likelihood of you needing to contact them to resolve something when it’s no longer their responsibility. Off-boarding should also include deleting data belonging to former employees and any cloud accounts tied to those employees.
  • Use single sign-on (SSO) and authentication tools. These technologies can help you manage access in as few places as possible, simplifying your tasks as employees leave. For engineering and security employees, make sure your team doesn’t hard code secrets or embed credentials in code. It’s poor security practice at any time and will allow access even after employees have departed and all other access has been disabled.

Successfully off-boarding security staff introduces some added considerations. While the preceding steps are still critical, security staff have increased access and knowledge when it comes to your systems and infrastructure. Once again, people, process, and technology all play a role. Monitor and audit access to sensitive corporate data, particularly noting whether they’re being accessed by computers or IP addresses outside of the corporate network. Former employees also still have relationships with current staff, so flag and investigate unusual activity there as well.

Adopting a zero-trust framework will help you protect resources even when critical security staff members leave the organization. Putting clear and easily repeatable processes in place can also help you reduce security risks due to departing staff, such as turning off email access but automatically forwarding all email and voicemail to a supervisor so that nothing gets missed. Your process should also include rolling any secrets they have access to promptly, rotating access, and removing their accounts from every system.

Automation can help you manage the Great Resignation

Cybersecurity Career Master Plan

Tags: Cyber career, InfoSec jobs

Jan 08 2022

What it takes to Start a Career in InfoSec

Category: Cyber career,Information Security,InfoSec jobsDISC @ 9:55 am

 A useful advice from Cybersecurity Learning Saturday event. 
Cybersecurity Learning Saturday is a free program to help folks to build their professional careers. #cybersecurity #career #InfoSeccareer

Finding Your Cybersecurity Career Path

Proven techniques and effective tips to help you advance in your cybersecurity career

InfoSec Jobs

Tags: #cybersecurity #career, Cybersecurity Career Master Plan, infosec career, InfoSec career path

Nov 29 2021

Big salaries alone are not enough to hire good cybersecurity talent: What else can companies do?

Category: Cyber career,InfoSec jobsDISC @ 10:23 am

This is sometimes due to budgets, as many organizations have not placed a high enough priority on cybersecurity, despite the growing number of high-profile attacks. But even those who are paying high salaries are finding that generous compensation is still not enough to hire and retain talent in this field. While 33% of CISOs surveyed by ISSA said that salary was the reason they left one organization for another, that doesn’t explain most departures or job switches.

Meanwhile, despite high salaries, many currently employed cybersecurity professionals are feeling overwhelmed and under intense pressure, both because they are often short on manpower and because the stakes of their jobs are even higher now with the increased number and severity of attacks. The ISSA survey showed that 62% of cybersecurity employees face a heavier workload due to their organizations not being able to hire enough workers, and 38% say they feel burnt out.

If money isn’t enough, what else can companies do to attract and keep cybersecurity talent?

Write job descriptions that show off the skills employees will gain, not just what skills they need to apply. Cybersecurity is a rapidly growing and dynamic field offering many opportunities. But the field, by its very nature, requires that the best professionals are constantly learning on the job to keep up with the latest technologies and the latest types of threats and attacks. By letting candidates know what types of things they will learn on the job and what experiences they will gain, a company can set itself apart and offer the added value of professional growth, giving it an advantage in the recruitment process.

Look beyond academic education. Academic degrees in cybersecurity and related fields are no doubt helpful, but they are not the only way to become qualified for a job in the sector. If someone does not have a degree, it does not mean that they will not be an excellent candidate, especially if they have the relevant experience. This includes those coming from military or government backgrounds. In fact, with the rise in state-backed cyberattacks, any level of cybersecurity experience in government or military organizations is a considerable advantage and may be more valuable than those with academic degrees or years of corporate experience. A number of new programs, including one backed by Microsoft, also promise to offer training without necessarily granting degrees; these are also worthwhile credentials for candidates.

Teach and mentor on the job. Organizations should realize that current employees in their IT and related departments may be able, with the right training, to learn cybersecurity skills. This can be a way to build up a cybersecurity team internally. Those receiving training in-house should also be assigned mentors who can help them along the way. Building a team internally gives employees opportunities to grow, which can also lead to increased job satisfaction and retention.

Integrate cybersecurity into the overall business strategy, and let recruits know this. Companies should involve the cybersecurity team in all steps of their business, from product development to marketing, and not just relegate them to being on call for incident responses, or when something goes wrong.


The Best and Worst States in America for Online Privacy

Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level

Tags: Cybersecurity Career Path, cybersecurity talent

Sep 20 2021

How to retain the best talent in a competitive cybersecurity market

Category: Cyber career,InfoSec jobsDISC @ 11:48 am

hiring and retaining the best talent has quickly become a top priority for most organizations today. In the cybersecurity industry, which faces an immense skills shortage, this is especially true. In fact, according to CompTIA and Cyber Seek, a job-tracking database from the U.S. Commerce Department, there are nearly 500,000 open positions in cybersecurity nationwide as of Q2 2021, which makes hiring the right candidate for a technical role in IT security like finding a needle in a haystack. As a result, it’s never been more important to attract and develop employees in cybersecurity – and here are a few best practices for doing so.

Retention is not a one-size-fits-all initiative

Every employee and organization are different. Even in an industry with a talent deficit, employee/employer culture needs to be symbiotic. What an employee and an employer are looking for must be aligned and when it is, the opportunities are endless.

identity theft

Cybersecurity Career Master Plan

Tags: Cyber career, InfoSec jobs

Aug 20 2021

The warning signs of burnout and how to deal with it

Category: InfoSec jobsDISC @ 9:20 am

The consequences of such an action could prove dire for your business, though, so before you let another day of stress go by, read on to learn some warning signs and tips on how to deal with burnout. The goal is to get your team working at maximum capacity without overworking them.

Signs of burnout

Burnout is the word used to describe acute exhaustion when your work becomes overwhelming and too stressful. It can lead to poor performance, absenteeism, or resignations. It is a real problem in many industries, but it’s hugely prevalent in information security because of the long hours and high pressure.

Fortunately, burnout comes with early warning signs that you can spot and address. These include:

  • Anger at colleagues
  • A constant feeling of exhaustion that could manifest in team members getting lost in daydreams or even nodding off at their desk
  • Expressions of hopelessness or being overwhelmed by their responsibilities or current task
  • The team member isolating themselves from others, i.e., avoiding time out with colleagues or social events
  • Unhappiness in the role
  • An inability to stop and take breaks
  • An increase in working hours (coming in early, staying late, skipping lunch, or frequently emailing during out-of-office hours)

If any of your staff shows some of these symptoms, it’s time to act!

Taking steps to head off burnout

Time Off: A Practical Guide to Building Your Rest Ethic and Finding Success Without the Stress

Tags: infosec burnout, infosec career, Rest Ethic

Jul 26 2021

How to develop a skilled cybersecurity team

Category: cyber security,InfoSec jobsDISC @ 10:19 am

What skills should aspiring information security workers possess and work on? What certifications can come in handy more than others? What strategies should organizations employ to develop a well-staffed cybersecurity team? Where should they look for talent? What advice do those already working in the field have for those who want to enter it?

(ISC)² wanted to know the answer to these and other questions, so they asked 1,024 infosec professionals and 1,010 cybersecurity job pursuers in the U.S. and Canada.

What do the information security professionals say?

Cybersecurity Workforce : Staffing Needs, Skills Requirements and Coding Procedures

Cybersecurity Workforce

Tags: cybersecurity team, cybersecurity workforce shortage

Jun 08 2021

Reformulating the cyber skills gap

Category: cyber security,InfoSec jobsDISC @ 8:45 am

Many thought leaders have approached the skills shortage from a cumulative perspective. They ask “How on Earth can companies afford to keep re-training their teams for the latest cyber-threats?” The challenge, to them, emanates from the impracticalities of entry level training becoming obsolete as new challenges emerge.

Of course, the question of ongoing training is very important, but I believe it has misled us in our evaluation of the growing disparity between the supply and demand of cyber-professionals. What we should be asking is “How can we create a generation of cyber-professionals with improved digital skills and resilience to tackle an enemy that continually mutates?”

Defining the relationship between people and tech is of the utmost importance here. Cybersecurity is not merely a technical problem, it’s a human problem. This is a critical intersection. People are not the weakest link in an effective cybersecurity defense strategy, but the most crucial. However, technology is the apparatus that can properly arm us with the skills to defend against attacks.

The silver bullet

The only thing we can be certain of is that cyberattacks are taking place right now and will continue to take place for the foreseeable future. As a result, cybersecurity will remain one of the most critical elements for maintaining operations in any organization.

There is a growing appetite for reform in cybersecurity training, particularly among higher education institutions (e.g., with the UK’s top universities now offering National Cyber Security Centre (NCSC) certified Bachelor’s and Master’s programs. It is in the interest of the British government that this appetite continues to grow, as the Department for Culture, Media & Sport reported there were nearly 400,000 cybersecurity-related job postings from 2017-2020.

In addition, COVID-19 has been a significant catalyst in increasing uptake and emphasis on cyber skills since the steep rise in the use of digital platforms in both our work and personal lives has expanded the surface area for attacks and created more vulnerability.

Overall, though, young people remain our best hope for tackling the global cyber skills gap, and only by presenting cybersecurity to them as a viable career option can we start to address it. This is the critical starting point. Once we do this, the next important step is to give universities and schools the facilities to offer sophisticated cyber training.

The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! by [Vagner Nunes]

Tags: cyber skills gap

Jan 29 2021

How to Grab A Job In Information Security?

Category: InfoSec jobsDISC @ 1:41 pm

Jan 22 2021

US administration adds “subliminal” ad to White House website

Category: InfoSec jobsDISC @ 11:44 pm

Well, it turns out that the new 2021 White House website added a job ad, too, presumably hoping to get some publicity and to attract job applicants to the US Digital Service (USDS).

The USDS describes itself as a part of the public service that aims to use “design and technology to deliver better services to the American people”, and its goal is to attract at least some of those technophiles that might otherwise be lured to join the fast-paced, dollar-sign world of commercial cloud-based products and services.

After all, today’s technology business juggernauts are in a position to offer eye-watering starting salaries and the promise of fast-paced, ever-changing coding challenges based on the very latest hardware platforms and programming languages.

Jul 07 2020

The Future of Cybersecurity Jobs

Category: cyber security,InfoSec jobsDISC @ 2:07 pm


The Future of Cybersecurity Jobs 

The future of work is online and remote. This has been proven by the recent Covid-19 pandemic, as companies who had been reluctant to embrace the remote-work trend suddenly found themselves running an almost entire remote-based company. As things stand, it is very likely that much of the working world will remain remote-based. 

The new remote-working world means two things. The first is that the world will become increasingly more reliant on technology. The second is that the need for top-notch cybersecurity infrastructure will become more important to protect the private information of companies, employees and customers. Both of these are key indicators that the tech industry, which continues to thrive even during the coronavirus pandemic, will only continue to grow and at a faster rate than ever. If you are considering making a career change, you should absolutely look into the tech industry. More specifically, you should explore careers in cybersecurity.



Cybersecurity professionals are tasked with the programming that powers the systems, methods and policies that safeguard the software and online programs from malicious third-party cyberattacks. Recent cyberattacks on companies like Sony and Capital One made headlines, and for good reason. Millions and millions of private customer information (such as social security numbers) were immediately at risk. Skilled cybersecurity engineers are tasked with finding the ways that hackers break into mainframes at companies, and fix any potential weak spots.

A cybersecurity engineer sometimes serves as a “white hat” hacker, ethically hacking into their own company to find these potential weak spots in the company’s security infrastructure. If any weak spots are found, the cybersecurity engineer immediately fixes the problem.

Cybersecurity engineers earn a decent salary, with most junior engineers making $65,000 a year. More senior roles earn as much as $137,000, according to Payscale.

If you are wondering how to become a cybersecurity engineer, you want to start by learning how to code. You may be tempted to think that doing so will require going back to school to earn a computer science or IT degree, but this is actually becoming a less popular choice among career switchers. Instead, many are opting for the much faster and more economical route of coding bootcamps.


Coding Bootcamps

A coding bootcamp is a short-term means of tech education that is hyper-focused on coding. With most students completing their bootcamp in just two to three months, there is not much room for anything else but teaching what is coding, and how to use it to earn a living. As was mentioned earlier, the working world has switched to remote. Well, so has tech education, and many coding schools also offer online coding bootcamps.

Perhaps the most beneficial feature of a coding bootcamp is the flexible tuition financing that they offer. Coding schools offer what is called an income-sharing agreement (ISA). This is actually a tuition financing option that is opposite from how a student loan works. Instead of students taking on $40,000 or more in debt that is impossible to escape from, even through bankruptcy, an ISA works as a way for a coding school to invest in their students.

ISAs offered by schools like App Academy work by waiving the bootcamp tuition so that the student doesn’t have to pay anything upfront. The student agrees to repay the cost through monthly payments based entirely on their salary after they graduate and land a job. Since the school is making an investment, with its return based on how much money their graduates can earn, it makes sense that many of these programs do their best to ensure that their grads are not only well-prepared in terms of programming skills, but are also marketable to potential employers. 

To do this, most coding schools hold regular job fairs and networking events that give their students a chance to connect with potential employers. These events are also held through online means so that all students can have an opportunity to join. Many coding schools also have partnership programs with local companies that allow them to place their graduates in legitimate, well-paying programming jobs more quickly.


InfoSec Threats, Books and Training Courses

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

May 09 2019

7 Types of Experiences Every Security Pro Should Have

Category: CISO,InfoSec jobsDISC @ 2:25 pm

As the saying goes, experience is the best teacher. It’ll also make you a better and more well-rounded security pro.

Source: 7 Types of Experiences Every Security Pro Should Have

 Subscribe in a reader

Mar 04 2019

RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions | Threatpost

Category: CISSP,cyber security,InfoSec jobsDISC @ 10:14 am

The workforce and skills gap in cybersecurity continues to plague organizations.

Source: RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions | Threatpost

  • InfoSec Jobs
  • InfoSec Certs
  • Enter your email address:

    Delivered by FeedBurner