Is Cyber Security right for you?
Guest post by Harun Osman.
👋🏾 Salaam, we are Somalis in Tech and welcome to our monthly newsletter. Each month we’ll bring you the latest from the community, tech news, and a community guest feature.
🗞 Hot off the press
This month, the eCommerce company launched Editions, which hosted a collection of 100+ products designed to help merchants connect to their consumers.
Black startups have seen a drop in VC funding ⬇️
According to new data from Crunchbase, VC funding for Black startups has dropped significantly over the past 4 months. Funds have dropped from $1 billion to $324 million. We wonder why…🤨
Airbnb permanently bans parties 🚫🎉
The company appears to be clamping down its pandemic policy, citing that the ban has become “more than a public health measure”. 🤷🏾♀️
Tech Layoffs: Substack and Unity join the party 💼
Is tech the future? The industry appears to have been hit hard by the recent economic shift as companies continue to lay off members of their workforce.
🗓 Save the date
Mark this mysterious date as busy in your calendar folks! We’re hosting our first official meet-up in London on 3rd August 2022. Stay tuned for more exciting details like time, location, topic, theme, dress code, etc…..
Community members will have top priority for tickets, so if you haven’t already - join our Slack!
A Guide to Cyber Security
Guest post by Harun Osman
Hey, I’m Harun and currently, I work as a Security consultant in the UK.
I am going to start off this post by going over some basic information about the cyber security industry, then my main focus is to break down the most common roles you'll find within cyber security and how to get started on your cyber security journey.
My reason for writing this post is to help demystify the cyber security industry, many people, from all walks of life, ask me about cyber security and they seem to think we all sit behind our computers, all day, with just a command-line interface and green coloured code flooding our screens. Or some think that cyber security is this highly complex world that they can never imagine. Cyber security is not as difficult or as simple as it’s portrayed to be and so I have written this post to try to clear up some of these notions.
What is cyber security?
We can break cybersecurity down into tools, techniques, technologies, policies, processes, controls and procedures that help protect or recover internet-connected devices, networks, systems and applications from digital attacks.
These attacks aim to either disrupt, destroy or infiltrate personal or corporate data centres and other computerised systems.
I know, I know… It sounds complicated, but essentially, this industry is all about stopping the bad guys from accessing data and devices they shouldn't.
Why is cyber security important?
We as individuals, as well as, corporate entities, are becoming increasingly more reliant on the internet. As more and more devices become internet-connected and more processes/procedures become digitised, we are slowly getting to a point where it's difficult to imagine how we'd function without the internet or our devices. This raises a concern, what happens if our networks get compromised? Or does our data get breached?
In this day and age, it has become more important than ever to make sure the right steps are taken in order to protect the necessary systems and prevent bad guys from gaining access to sensitive information.
Cybercrime has been on the rise and continues to cause havoc globally, cybersecurity ventures estimate a total of $6 trillion worth of damages has been caused globally, due to cybercrime, throughout 2021. This is expected to rise to $10.5 trillion by 2025, at this point cyber crime "will be more profitable than the global trade of all major illegal drugs combined."
I think it's fair to say that, a cyber security plan/process is extremely critical for all organisations today.
Different roles in cyber security?
In this section, I will be going over the most common security roles found within the industry. General responsibilities, average salaries, qualifications or skills required and more. By no means is this an exhaustive list but this should help paint a picture of what roles are available and where to start looking if a particular role piques your interest.
Security/SOC analyst
General responsibilities include:
Ensuring your company's or client's IT network is protected and their data is safe. You will be doing this by resolving security incidents (there are many types of security incidents). This role is all about understanding different types of incidents or attacks and how to respond to them.
Shift pattern:
You can typically expect 8 to 12-hour days, with a flexible shift pattern, you would probably be working day shifts one week and then night shifts the next week. Most analysts have 4 days off in between their work weeks.
Entry-level average salary:
£39,000+ (UK)
$68,000+ (USA)
Average salary:
£50,000+ (UK)
$95,000+ (USA)
Desired qualifications:
Computer science/cyber security or related bachelor's degree (or higher)
OR
CompTIA Security+ certification
OR
Certified Ethical Hacker certification
Security engineer
General responsibilities include:
Making sure that your company's or client's cyber security systems are up and running effectively. This might include developing, implementing and testing new security features, watching over planned security system upgrades and constantly improving the security platforms your company or client(s) use.
Shift pattern: typically 8 hours, Monday to Friday
Entry-level average salary:
£42,000+ (UK)
$68,000+ (USA)
Average salary:
£55,000+ (UK)
$124,000+ (USA)
Desired qualifications/skills:
Computer science/cyber security or related bachelor's degree (or higher)
Or
CompTIA Security+ certification
Coding experience (Python, JavaScript, Java, Ruby)
Command-line experience and shell scripting
Security consultant
General responsibilities:
The job of a security consultant is to assess an organisation's computer systems, networks and software for vulnerabilities (weaknesses) and then work with that organisation to design and implement the best security solutions required. Often this role includes delivering presentations and conducting meetings, so your organisational and communication skills are important.
Shift pattern: typically 8 hours, Monday to Friday
Average salary:
£60,000+ (UK)
$115,000+ (USA)
Desired qualifications/skills:
Computer science/cyber security or related bachelor's degree (or higher)
Or
CompTIA Security+ certification
If possible, Certified Information Systems Security Professional (CISSP) certification
Typically 2 to 4 years of industry experience
Security architect
General responsibilities:
An architect would usually be tasked with creating and designing end-to-end security systems for an organisation. This includes technical implementation, documentation, identifying best practices, etc. A lot of the work also includes communicating with multiple stakeholders from multiple teams. This is a highly complex role but you are definitely rewarded for your efforts.
Shift pattern: typically 8 hours, Monday to Friday
Average salary:
£78,000+ (UK)
$150,000+ (USA)
Desired qualifications/skills:
Computer science/cyber security or related bachelor's degree (or higher)
Industry recognised certifications (CISSP, CASP+ )
Typically 6+ years of industry experience
Threat Intelligence Analyst (TIA)
General responsibilities:
A TIA would typically detect and analyse cyber threats that could potentially impact an organisation. They would investigate the level of threat posed and they work with the right teams in order to enable the organisation to make informed cyber security-based business decisions.
Shift pattern: typically 8 hours, Monday to Friday
Entry-level average salary:
£40,000+ (UK)
$95,000+ (USA)
Average salary:
£55,000+ (UK)
$105,000+ (USA)
Desired qualifications:
Computer science/cyber security or related bachelor's degree (or higher)
Penetration tester
General responsibilities:
As a pen tester, you will perform authorised "hacking" tests on an organisation's computer systems and networks in order to expose weaknesses within an organisation's current systems. This is to help the organisations test their current defences and help them understand how cyber criminals would exploit their IT infrastructure.
Shift pattern: typically 8 hours, Monday to Friday
Entry-level average salary:
£30,000+ (UK)
$77,000+ (USA)
Average salary:
£60,000+ (UK)
$120,000+ (USA)
Desired qualifications/skills:
Offensive Security Certified Professional (OSCP) Certification
CREST Certified Infrastructure Tester (CIT)
Offensive Security Web Expert (OSWE)
Other industry-recognised certifications
Note: penetration testing contracts can be very lucrative. So the real money comes when you become a contractor.
Cloud security consultant
General responsibilities include:
Similar to a standard security consultant but more focused on securing and maintaining the integrity and security of cloud based computing systems.
Shift pattern: typically 8 hours, Monday to Friday
Entry-level average salary:
£45,000+ (UK)
$108,000+ (USA)
Average salary:
£60,000+ (UK)
$125,000+ (USA)
Desired qualifications/skills:
Certified/experienced in either AWS, Azure, or GCP
Industry experience
OR
Computer science/cyber security or related bachelor's degree (or higher)
Industry demands:
According to cybersecurity ventures, in 2021, there were 3.5 million job openings globally, up 1 million from 2014. The demand for security professionals is higher than ever but as the industry continues to push and try to fill these roles, the demand will slowly start levelling off, cybersecurity ventures estimates by 2025 there will still be 3.5 million job openings available globally, suggesting that the demand should start to flatten out a bit. But this does not take into consideration the increase in cyber security regulations and the constantly changing technological landscape that we live in today.
A report from Hired, released in early 2022, mentioned that out of all software engineering roles, security engineers enjoyed the highest average salary, that is in the US anyways but I am sure the same could be said for outside the US as well. Security professionals are highly sorted after and often receive favourable compensation for their work.
How to get into cyber security?
Yes, I know… I saved the best for last. How to get into cyber security? There are many paths into the world of security, but I will just go over the main two: University degree(s) and industry-recognised certifications.
Many universities now offer you the ability to study cyber security, computer science, computer forensics, etc. If you are studying these courses or are looking to study, I would personally suggest learning some coding and shell scripting as well, especially if you want to become a security engineer. During summer break, whilst at Uni, you should strive to get as many summer internships as possible, the best possible opportunity is to become a security analyst for the summer (In my opinion), analysts deal with security tickets, learning the different types of incidents that occur and how to deal with each incident is an extremely valuable experience that will help a ton in your cyber security career, especially if you chose to become an engineer, consultant, architect, etc. But IT helpdesk jobs are still really valuable when applying for jobs after university.
If you think university is the answer for you, there are a few questions I would suggest asking yourself. Are you in the right financial position? Are you in the right mental and physical condition to start university? Are you willing to study for 3-5 years? You're the only one with the answers to these questions, so think about them carefully.
Industry-standard certifications, I have mentioned most of the popular certifications above and which role(s) they aligned best with, these certifications are really useful especially if you don't want to go to university. They can be pricey but nowhere near as expensive as going to university in the UK or the US. With most of these certifications, you have the freedom to learn however you want, the material is available online, whether it is video, books or instructor-led classes. Some of these certifications are known to be rather difficult, so learning can take some time and effort but they are not impossible and inshallah (God willing) you should get a great return on your investment in the future.
To conclude:
In essence, the cyber security industry can be very lucrative if you play your cards right, there are many different roles and the ones mentioned are but a few of the most common roles. There are forensics roles, cyber security tech sales, project management, business analyst and more that I haven't mentioned. This industry is constantly changing, and for individuals who enjoy solving big problems, constantly learning new skills and working in fast-paced environments, then this is the industry for you.
Thank you for reading this edition of the SiT monthly post. If you have questions, or simply want to connect, ping me on LinkedIn.
🔥 Featured job opportunities
Here we share some of the best opportunities shared by our community in Slack. Before you apply for any of the below roles, why not pop over to Slack and DM the person who posted the role for the insider insight?
Clearscore: Variety of roles (London, UK)
Off2Class: Customer Success Associate (Toronto, Canada)
Atomic media: Head of Design (Nottingham, UK)
🐪 Maah-Maah
Waari mayside war hakaa hadho
— You won’t last forever so leave something to be remembered by - via Mohamed Noor
Mahadsanid 👋🏾