This post explains how you can succeed in cyber security jobs and freelancing. Cyber security jobs are one of the top 3 fastest growing across the world.
Cyber Security – the Fastest Growing Job Category
I will not bore you with data on why cyber security is important since almost everyone has been affected due to cyber-attacks. Either bank customers could not withdraw cash from hacked ATMs or their national identity details have been leaked online. I am not even mentioning why cyber-attacks are a constant headache for corporations and other organizations.
This has given rise to the increasing demand for cyber security specialists. Here are some interesting statistics:
- As per the US Bureau of Labor Statistics, cyber security job growth rate is projected at 37% from 2012 to 2022. This growth is faster than the average for all other careers.
- Cyber security Ventures reported that there will be 3.5 million unfilled cyber security jobs by 2021. This implies that there will be almost no unemployment in cyber security. Sadly, it also points to the lack of trained people to handle cyber security.
- Cyber-crime is predicted to cost the world $6 trillion annually by 2021.
- National Association of Software and Services Companies (NASSCOM) estimated that India alone will need 1 million cyber security professionals by 2020.
- Israel leads employer demand for cyber security talent according to a 2016 report from Indeed, the global job portal. Israel’s appetite is because of the 200+ cyber security ventures founded in the country.
Cyber Security Jobs and Freelancing / Consulting
As expected, banks and financial companies hire the most cyber security talent followed by defense & aerospace and others.
What about small and medium businesses who have limited technological resources and therefore a smaller hiring budget? This is where one can work on contract as a cyber security freelancer. Remember Robert Herjavec from the Shark Tank? He founded the Herjavec Group, a cyber security services company.
A Vice President at Herjavec Group, Melissa Zicopula said that, “Partnership with a 3rd party Security Operations Center (SOC) provider is beneficial to companies that have limited IT resources and lack internal security expertise”.
I know that investing in SOC means a huge amount beyond the reach of freelancers. But, you can offer your cyber security skills for in-demand roles as given below.
Top in-demand Cyber Security Expertise
Vulnerability assessment is the process of identifying, classifying and prioritizing vulnerabilities (weaknesses) in IT infrastructure and applications. Vulnerability assessment report provides information about weaknesses in an organization’s systems. This information will enable the organization to understand the risks and apply the necessary controls to reduce or eliminate the risks. As freelancer, you can do vulnerability assessment using various free and paid tools including automated vulnerability scanners.
Penetration testing is an approved cyber-attack on a system. That is, actual hacking is simulated using tools and techniques that a potential attacker might use. The objective of penetration testing is to assess the security of the system. Freelancers who are skilled in ethical hacking can perform penetration testing using a variety of free and paid tools.
Incident Handling and Response
The aim of incident handling and response is to identify and respond to unexpected disruptive events so as to limit the impact within acceptable levels. These events can be result of cyber-attacks mounted on the network or due to errors, accidents, and system / process failure. Not all organizations have the capability of incident handling and response. As freelancers, you can help the business to understand the impact and how to contain it as also prevent its recurrence.
Audit and Compliance
Organizations have to comply with various regulations for their stakeholders’ safety and security. For example, GDPR compliance is mandatory for anyone having customers in Europe, irrespective of the business’s location. Freelancers can help organizations achieve this compliance and even audit them. Similarly, businesses who want to be reassured go for ISO 27000 and similar certifications. Freelancing consultants can audit or certify such organizations.
Firewall/IDS/IPS/SIEM Administration or Support
Those entities who don’t have the technical resources to help configure various security devices like firewall, IDS, IPS etc, seek help from freelancing consultants. Freelancers need to have hands-on experience on the devices and should partner with security vendors / distributors.
Web Application Security
Using web vulnerability scanner like Acunetix or Nessus or the open source ZAP, one can find vulnerabilities and flaws in a web application. Freelancers can help fix these flaws as per the given recommendations and best practices. You need to know not only the programming language but also some cross-domain knowledge on networking, cryptography etc for this.
Training for Cyber Security Jobs or Freelancing
Okay, first up let me be frank. In the field of cyber security, your hands-on experience and skills matter much more than degrees and certifications. Read that again! College and university degrees in cyber security is yet to be mainstream like the other degrees and diplomas. That being said, if you are say a skilled hacker, getting an OSCP certification puts a stamp on your skills and clears the career path. Therefore, certifications such as CISSP, CISA, CISM, CEH, OSCP, Security+ etc are the benchmark with which to weigh a potential candidate.
Therefore, my suggested learning path for cyber security is:
- Subscribe to the top cyber security e-zines, blogs etc. A few of the good ones are DarkReading, Daniel Miessler, Krebs on Security, Cybrary and many more. Keep yourself updated on events and technologies. Remaining updated is the key to a successful cyber security career.
- Get Certified. I have already made the case for certifications. Go get certified.
- Make Your Own Notes. Try to learn by using Richard Feynman’s technique. It has 4 steps, including making your own notes. That way, you are crystal clear about the technology and it’s application. This helps in quick understanding (waste less time) and also impress interviewers. https://curiosity.com/topics/learn-anything-in-four-steps-with-the-feynman-technique-curiosity/
- Practice the Tools. Just watching and reading about the tools won’t help. You need to be hands-on. Install the free ones at least and keep at them. There are so many resources that help you get better.
- Sign up for Cloud Accounts. You need to know how to secure your client’s infrastructure or application. Learn to harden the stack by building, destroying and re-building these tech stacks. Why pay for such practice environments when you can get them for free (for a few months or even a year). Google Cloud Platform, AWS and MS Azure offer free 1-year accounts. Sign up on them – if you stagger your registration on all three, you can get 3 years of free cloud account! Then setup your VM instance and practice the stack of your choice.
How to Start your Cyber Security Freelance / Consulting Career
Step 1 – Identify your Field
Depending on your knowledge, skills and experience in cyber security, you should have an idea about what you can accomplish. Find out more about potential freelance opportunities by going to online freelance marketplaces like freelancer.com and fiverr.com. Observe what jobs are posted frequently, their earnings and also look at the competition. Write down your observations and compare. This should enable you to decide which niche you want to start with. Note that I wrote “start with”. You can always add / switch to other fields once you get a client base and achieve your target of positive ratings and reviews.
Step 2- Gap analysis
Check for gaps in the level of service you want to provide and capabilities you have. If you fall short of skills or practice, go to portals like Udemy.com, learn and practice.
Step 3 – Register
You should register on online freelance marketplaces like freelancer.com and fiverr.com. Also, depending on local regulations, register your business with the governing authorities. In India, it is advisable to begin as a Proprietorship with GST registration. Consider registering for a PayPal account (for receiving international payments) and other payment gateways in your country.
Step 4 – Marketing
Your marketing campaign should be offline and online. Use offline media like newspaper ads, Yellow Pages etc. Cold-calling potential clients and visiting their offices also works. Setup your Facebook Page and a LinkedIn page.
Step 5 – Get the Deal
Marketing is just the start of your engagement with potential clients. To convert the marketing lead into a sale, convince the clients about the value your service brings to them. Is your service identifying the risks as well as opportunities for the business? Is your penetration testing more thorough and with actionable reporting? Make it about your client’s delight and you will see they will keep coming to you.
I hope you have learnt how to use your cyber security skills for freelancing or consulting career. Perhaps this could be a step towards a bigger business. Or if you are interested in climbing the corporate ladder, you can always build a rocking CV / resume by adding on more cyber security skills and experience as you freelance. Most recruiters will appreciate your entrepreneurial spirit and the growth mindset.