Until people know just as much about
cybersecurity as they do about looking both ways before they cross the street,
then it's still going to be a problem. Hi and welcome back to Roadtrip
Nation's channel. I'm Jenny, and today we're talking about an awesome career
path for people who love working with computers and solving problems: cybersecurity! We're going
to explore a common career path into cybersecurity and talk through helpful info like
what kind of salary you can expect, what kinds of educational paths you can take, and
how you can get started in the field. This is part of a broader series that explores all kinds of
different industries connected to your interests, so make sure to like and subscribe if you want to
see more videos like this one. Let's get into it. If you're into computers and love the idea of
working in a fast-moving, constantly evolving field, cyber security might be the field for you.
Cyber security is all about protecting computers, networks, programs, and data. The world
is totally reliant on technology, and at a time when all of our info is online, we need
passionate people to protect that information. So this is a field where you can basically be
a superhero, warding off malware threats and keeping data safe. Just FYI the title security
analyst is kind of a catch-all we're going to use for entry-level cyber security and information
security jobs. Information security analyst is actually the job title you'll most commonly see
used on job postings across America right now, but some other similar job titles include
security analyst, cyber security analyst, SOC analyst, IT security analyst, systems analyst,
incident analyst, network security analyst, whew, all kinds of analysts! The huge
variation in job titles is because there are so many different systems and technologies
you can learn and protect from job to job. Take it from Christina Morillo, she's the VP of
technology and information risk at Morgan Stanley. There are so many niche areas, right?
You're going to hear about red team, blue team. You're going to hear about, you
know, incident response. You're going to hear about identity and access management, maybe,
IT security compliance, governance, risk. I'm a subject matter expert in one piece of the
pie but I'm like, 'oh my god,' every time I, you know, I have a lot of friends that are
security researchers and stuff, so every time I learn about another piece of the pie like
encryption, 'okay, yeah, let's go, let's do that.' But no matter which title or path you take there
are similar steps you can take to get a solid foundation in this field, and there are lots of
similarities in your goals and day-to-day work. Here's how a variety of people in information
in cyber security roles describe their jobs. I am an information security
professional here at Microsoft, so what that means is I help secure data
and services in the Microsoft cloud. It's a lot like being detective actually. And
the more, the more detective-like you are, the better. My guys don't physically identify the
malware and make our product, you know, detected. My guys go looking for where do they come from,
who is distributing it, how do we stop them, how do we stop the entire industry
that's, that's going against us? If you were to boil it down to a concept
it's curiosity. It drives the black hat side of things. So, you know, I want to know how to
break into this for my financial benefit so I'm going to research it, I'm going to, you know, get
some testing up, I'm going to try and break it, I'm going to do the, you know, proof of
concept, and then I'm going to execute. Same way, white hat, you know, I want
to know how to protect this stuff, so I got to break into it, figure it out,
and, you know, so we'll set up tests, we'll proof of concept, and then we'll
actually execute from the reverse end. Security research is aligned more with
like, actually investigating and finding new vulnerabilities. The scary part is you're now
hoping that someone else has secured this product properly. I think for the most part we know, you
know, many things are insecure, um, despite who we purchase them from, so I think it's great
to have researchers actually looking for these issues and then being able to tell the companies,
say, 'hey, this is the problem, you can fix this.' For security analysts, the average salary is
$99,730 a year. The cyber security industry is obviously growing really fast and paying well,
and right now there are more jobs than there are people to fill them. Projected job growth over
the next 10 years is higher than average. With so many companies and schools going remote last
year, cyber crime rocketed, and is expected to stay a major threat in the future. That's
why we need more people to get out there and help protect our data. Seriously, listen to
security intelligence response engineer Ben Brown. Our lives are becoming so digitally
connected, and so much more of things that we wouldn't even think would be connected,
our, you know, our clothing, our toaster, uh, you know, everything in our house is now being
brought online and is now a huge attack vector. If you're interested in cyber security how can you
get started in the field? Most security analysts recommend you get a bachelor's degree before you
enter their field of work. Bachelor's degrees in computer science are common but more and more
schools are actually beginning to offer degrees specifically in cyber security or information
security. Another huge thing employers are looking for? Certifications! Labor market analytics firm
EMSI says a C-I-S-S-P or 'CISSP' certification is one of the top things employers are currently
looking for on job postings for security analysts. Some other certifications that are in high demand
include GIAC, CISM, CISA and Security+. If you're considering cybersecurity, but don't want to
commit to a full-on degree or certification yet, there are plenty of online classes where
you can dip your toe into this world. There's lots of communities out there that
will help you learn about malware analysis, and about threats and stuff like that.
There's lots of websites. I mean, right now is the perfect time, because
15 years ago there was nothing. There is a lot you can learn, like
just from checking out the internet. There are options outside of, you
know, just the traditional education. There are like, free resources.
Cybrary, they are doing like, certification as if you were in the classroom,
and they just recorded it, and it's free. Outside of school there are also
tons of extracurriculars you can do to get exposed to cyber security,
like competitions and conferences. A lot of schools will have, uh, white
hat clubs, or white hat researcher clubs, something like that, that do capture the flag
competitions. Capture the flag competitions really run you through the paces of getting used to
the sorts of things you'll see in the wild, and you actually get a feel for the tools
that you're going to have to use in the field. Go find a DEF CON group and get involved.
Find a 2600 group, find an owasp group, go find out what your local communities are doing,
and then go to your local hacking conferences. Go to local security conferences, you know,
and you just got to get involved and network. And even once your foot's in the door,
this is a field where lifelong learning is key. You've got to stay on top of
new technology and new vulnerabilities. The criminals keep evolving and we need to
continue to stay on top. And there’s always something different. Somebody in Japan is
seeing something we’ve never seen before. Or we'll get a new piece of counterfeit coming
out of Germany. Who knows what it might be, but there's... it's, it's bringing those
scenarios to the group and thinking about, 'okay, how do we answer this particular problem?' It's one of, actually, the easiest
fields to get a late start in, because everything that anyone knew three years
ago is, you know, it's constantly evolving. Once you have your foundational knowledge down,
there's some really cool options you can explore, like working as a penetration tester. Pen
testers are basically like ethical hackers. They put digital systems to the test, try to
find everything that can possibly go wrong, and then help get those weaknesses
eliminated before the bad guys exploit them. I was never a creator, I was always
a breaker. We have the opportunity to play with the latest, greatest technology. I
mean, we're not... we're not just testing web applications. We test everything from passenger
aircraft to video games to humans. I mean, you know, sort of our mantra is: if
you can build it, we can break it. Here's another career that could open
up to you even further down the road: chief security officer. Cyber security
has become so important that many companies have added a c-suite level
job to oversee security and privacy. So if you're seriously interested in cyber
security and want to make this your lifelong work, you can aspire to become a chief
security officer like Window Snyder. I'm really proud of the work I did in privacy
at Apple, trying to keep the data in control of the user and out of Apple's reach. The work
I was doing at Apple is very personal. Like, I feel like especially the mobile
devices... they're so personal. So, giving people the tools to be in control
of their privacy, for me it feels worthwhile. As you can see, cyber security is
something that touches our everyday lives, and its importance is only going to grow
over the next several years as we share and store more and more information on devices.
So if you're interested in problem solving and love anything to do with technology,
becoming a security analyst could be your chance to use your skills and interests
to make a serious difference in the world. There's always something new that's
interesting around security. It's not going to stagnate anytime soon. I think that one of the things that has
always sort of invigorated my passion for security testing, penetration testing, and all
of that, is it's a community of people that don't take no for an answer. Just because you're told
something is a certain way, doesn't mean it is. I have a calling, I think, to perfect protect
people. That's why I like working at Microsoft, is, I could do that at a very large scale, and
that means a lot to me on a personal level. If you think you might want to go into cyber
security, hopefully one of these stories got you thinking of all the possibilities for your future.
Let us know by giving this video a thumbs up!
