At first glance, the teddy bear looked harmless enough. It was a “smart" cuddly thing which connected to the internet and allowed parents and kids to exchange messages.
The problem? The bear's access to the big scary world of the internet wasn't secure. Sure enough, hackers soon had their hands on the information for more than 800,000 customers and a recording of all their messages.
What's worse, Teddy isn't alone. Large retailers and financial services firms are among the many institutions that have admitted to data breaches in the recent past, leaving valuable customer information vulnerable and exposed.
The flip side of all these headline-grabbing incidents is an explosive demand in one of the hottest careers: infosecurity. “There is going to be a Black Friday–like buying frenzy for cybersecurity talent," says a Cisco report.
Just imagine: Major companies stampeding over each other to get to you, a talented infosecurity professional. Wouldn't that be something? And while the Cisco forecast was for 2015, there is plenty of data to show that demand for infosecurity knowhow is only going to increase.
You too can break into this lucrative career. Here's how.
Invest in Yourself
Want a piece of this delicious infosecurity pie, but have no IT creds? The good news is that infosecurity is one of the few disciplines where you don't have to spend a whole lot of money to make money.
Instead, invest your time and energy into training. Take the initiative to sign up for a class, whether it's broad or in a specific niche of the industry.
“There are quite a few tracks online that provide an application security track that you can move through and get a certification in and you'd be in demand," says Michael Meikle, partner at SecureHIM, a security consulting and education company. Platforms like Udemy, Khan Academy, and Veracode, among others, offer certification classes you can take, he says.
In the end, it's all about the education. Make sure you're getting the knowlegde you need out of the program and see the certificate as a great bonus.
If you're already an IT professional, adding security elements to your projects might be a good segue into the field, something you can play up on your resume, Meikle says.
It's okay to be unconventional, says Dr. Shlomo Keskop, Director of Engineering at Allure Security and Senior Security Researcher at University of Pennsylvania. Connect the dots—in reverse. “Take a look at the infosec postings you see on job boards and see what skill sets they require. Then work your way back from that." While this might seem like common sense, it is especially relevant in the field of infosecurity where the work can take many forms, from software to hardware and coding to testing.
Start small. For example, large phone companies have many security solutions deployed, and they're always looking for entry-level people to go over the thousands of reports these generate and find holes, Keskop says. By being where the action is, you can get an inside view and understand how the systems work, which you can then leverage as you move up the ladder.
Meikle suggests volunteering on projects and maybe taking a couple of courses online (if you don't want to do an entire track) to give yourself a boost in the industry.
Remember, It's Not Always CSI
“The basics of information security doesn't require a lot of sexy hardware that makes cool sounds and has blinky lights and you spend millions of dollars on," Meikle says. “It's not like CSI where everybody has a cool blue light on them and they're tip-tapping away at the computer."
This means your break into infosecurity can even come from a penchant for thoroughness. Locking the door to the server room, paying attention to how you're getting rid of old equipment, making sure co-workers know how to respond to phishing emails, even taking ownership of small security aspects where you work can give you a slow leg up.
If IT is really not your cup of tea, don't worry. Infosecurity is a multi-faceted discipline, says infosecurity expert Dr. Jason Hong, a professor at Carnegie Mellon University. “Information security is starting to broaden its view beyond just software and hardware to things like economics, political science, psychology, and so on." As more breaches occur and as the Internet of Things becomes part of our everyday landscape (remember that teddy bear?), there's going to be an increasing need for social engineers who can study human-computer interactions, Hong says. Design and psychology creds might be as useful here as hard technical skills.
And since infosecurity jobs are expected to continue their incredible growth for a while, getting in the action now might be a good idea. Top-level executives at companies sometimes see infosecurity professionals as the Sheldon Copper of an organization (lookin' right at you, Big Bang Theory fans), Meikle says, but that is changing rapidly.