Many paths to a cyber career
You don’t need to code or hack or wear a hoodie for these jobs
You don’t need a hoodie. You don’t need to read green binary numbers zipping across the screen like the Matrix. And you certainly don’t need to type like a rock drummer.
To get a job in the cybersecurity field, there are no prerequisites requiring you have engineering degrees, industry certifications, coding skills or even technical chops. While it doesn’t hurt, there are plenty of cyber jobs that require none of that.
Those interested in cyber jobs should search the National Initiative for Cybersecurity Education website and scan through the different specialty areas and occupations. Here are some of the jobs that you’ll see:
Penetration tester
How can a company really know how effective their network and device security controls are against a skilled attacker? How do they know if they’ve got holes and exploitable vulnerabilities in their system? They hire pen testers.
“We’re not looking to find just one way into a system, which is the objective of a malicious hacker, but we’re looking for every way in, we’re looking for every flaw,” said Mary Kim, a penetration tester at Raytheon Technologies' CODE Center in Dulles, Virginia. “We then provide recommendations and guidelines to harden the system. When we go back for a post consult, they’re so much better. That’s what is gratifying about this work — knowing we found and fixed the juicy flaw before the bad guys did.”
Penetration testers must keep abreast of the latest threats and vulnerabilities to stay ahead of hackers.
“You need to have a desire to continuously learn,” Kim said. “The technology is changing and the techniques, tactics and procedures are ever evolving. Sometimes you think you’re keeping up with technology, but then you come across an environment that you’ve never seen before. Then you have to learn something new.”
Cyber threat hunter
In an old farmhouse in Iowa, Molly Payne, a former cyber threat hunter for Raytheon Technologies, is tracking and snaring hackers.
"Basically, I hunt all day," Payne said. "Logic is my weapon of choice. Every company that has me in their network has different tools and a slightly different flavor of software. I need to know enough about each one of those systems to poke under rocks, set traps and see if I catch anything. And I love when I catch things."
Like penetration testers, cyber threat hunters must keep current on new threats "found in the wild."A lot of the intelligence she receives comes from her teammates, who share what they've found and how they fought it. Payne started her professional life as a middle-school chemistry and science teacher in Alaska and Colorado. She later developed an interest in information security, and earned an associate's degree that gave her the technical knowledge to "jump into the field."
"You don't even need a degree to work in cybersecurity," Payne said. "I work with an 18-year-old who is a rock star. If you like it, have a passion for it and you get good at it, then that's all you need."
Vulnerability researcher
Searching for cyber weaknesses is the job of vulnerability researchers. They must understand standards, conduct dynamic and static analysis, audit source code auditing, reverse engineer systems, modify hardware, script and program, penetration test and document and report details.
"Successful vulnerability research requires a disciplined team of engineers knowledgeable across all industries, are subject-matter experts of legacy technologies, and continually seek to learn emerging technologies and advanced offensive and defensive techniques," said Matt Wilmoth, a Raytheon Technologies vulnerability researcher in Herndon, Virginia.
Wilmoth cited work he did with medical device hardware manufacturers and software developers on implantable devices, which helped ensure patient security, as one of his memorable achievements.
"What makes this cybersecurity job exciting to me are the companies and technologies I have, and continue to, perform research and analysis for," he said. "Challenges, such as developing custom tools to perform vulnerability research against connected vehicles, ensure each day is new and exciting."
Cyber engineer
Cedric Fletcher began his career as a mechanical engineer, but made the transition to a cyber engineer. Formerly, he was the chief cyber engineer for Raytheon Intelligence & Space, a Raytheon Technologies business.
"Being a mechanical engineer by trade allows me to see problems differently," Fletcher said. "It's not just ones and zeroes; there are mechanical aspects to systems, too. If I can see the weak points, then I can point our ethical hackers in the right direction so they can use their skills to protect a system."
Fletcher said that his job requires him to understand the technologies the company and its customers are using and staying up to date on the latest exploits.
"I need to understand our customers' cyber care-abouts and goals, and then make sure their needs are being met," Fletcher said. "I need to understand their environment, what persistent threats that they have and what we can do to enhance their cybersecurity posture. Then I need to find the talent to execute that mission."
Digital forensics & incident responder
Fabian Franco used to spend his days decrypting hard drives that the FBI took from criminals. Then, he became a Raytheon Technologies digital forensics and incident responder based out of Dulles, Virginia.
"When somebody gets hacked, when a website is defaced, when an employee or attacker installs malware, when a phishing email is opened and infects a system or network, or when any crime takes place on a computer system, they call me in to fix things," Franco said. "When a machine gets hit with ransomware, I'm the one who decrypts and recovers the files, and gets everything back to a clean slate."
According to Franco, ransomware is running rampant. He believes it will get worse before it gets better, and urges those who get attacked not to pay the ransom.
"If you hire experts like us, we not only recover your data, but we can tell you how you got infected and secure your network," he said. "We clean up all the badness."