Quickstart's IT bootcamps & IT certifications help you get a new or better career. We partner with top technology companies and universities.
In an interview with Jay Schwitzgebel, Chief Information Officer at Modernizing Medicine, we uncovered answers to some of the most enlightening questions around cybersecurity as one of the hottest fields of professions in IT.
Jay is a coveted professional in the field of information security. He started his career with the U.S. Air Force as a software test engineer after graduating from Penn State University. He later completed his master’s degree from the University of Massachusetts Amherst in Engineering Management. After serving for five years in the U.S. Air Force, he moved up the ladder with Cigna, a global health service company. From then onwards, Jay has worked in senior information security positions with Convergys Corp., Ohio Casualty Group, CareSource, HealthPlan Services, and Modernizing Medicine, where he currently serves as Chief Information Security Officer. He is a CISM, CISSP and CISSP-ISSMP qualified professional, with a total of 25+ years of experience as an information security professional, more than 15 of which were in Director, VP, and C-level roles. He specializes in information security and privacy regulations and industry standards, the creation of internal control frameworks, information security and privacy incident response, and security event monitoring. Below we have shared Jay’s invaluable POVs and his undoubted expert opinions upon the overall cybersecurity landscape. He has reflected on the reasons for cybersecurity being a field with rising popularity, how the talent gap in information security can be a great advantage for fresh graduates, and the key career trends in the field.
While discussing the cybersecurity landscape with Jay Schwitzgebel, we shared a few questions for which he generously answered with considerably decent details for readers and learners to take the most advantage of. We found his answers to be well scripted, self-explanatory, and extremely relevant to what was asked, adopting a comprehensive approach to reflect his thoughts and experiences in the field of information security.
The threat landscape is a highly dynamic one and is growing and expanding exponentially. The reasons for this are many and varied, from black-market "capitalism" (there is a rich bug bounty market within which black hat security researchers can sell their zero-day exploits) to increasingly skilled nation-state offensive security programs adding the "cyber" space to their military and/or terrorist attack targets. All of this advancement requires corporations and other organizational entities to respond to this advancing threat landscape with defensive IT and security controls, and skilled cybersecurity professionals who can design, build, monitor, and administer security solutions and processes are in high demand in the market. In short, both the good guys and the bad guys are recruiting and developing employees and cohorts with the specialized cybersecurity skills needed to support their goals and needs.
Enroll in our cybersecurity bootcamps to start with, advance in, or switch to a career in the most in-demand field of cybersecurity.
It can be a huge challenge to identify, recruit, and retain qualified cybersecurity talent and requires more than just cash and benefits. Naturally, because they’re in high demand, the best and brightest can name their own price and terms. The most qualified cybersecurity professionals are typically not on the market (or are snatched up immediately when they do make a move), so recruiting efforts are often focused on professionals who are not seeking a new role. Sometimes, they can be lured away with promises of higher salaries, benefits, training, and/or more flexible work arrangements. Often, too, what these tech-centered workers crave and demand is access to ongoing cybersecurity training, development, certifications, etc. This environment means that companies with skilled cybersecurity professionals already on-staff must work hard to “show them the love” and ensure they are well-supported and shown care and loyalty. Those companies and managers who do not do this are likely to lose their skilled cybersecurity staff to those that will do so.
The most specialized roles, and more senior roles, are typically the most difficult to fill. Entry- and even mid-level roles are easier to fill, because these have fewer and lower experience requirements, so the candidate pool is larger. Specialized roles like Network Security Engineer (especially senior engineers), Information Security Architect, Security Penetration Tester, Data Forensics Engineer, Application Security Engineer, etc. tend to require a multi-discipline base of experience and are more difficult to fill. For example, a Data Forensics Engineer would require some depth of experience with all prominent computer operating systems, firewalls, IDS/IPS, TCP/IP ports and protocols, application architectures, etc. Candidates with that sort of breadth of experience are in limited supply and are mid-to-late career professionals. Eager cybersecurity professionals often collect security certifications to try to represent that breadth of skill, but most hiring managers can see through this veneer when such certifications are not accompanied by relevant experience.
In short, yes. We see this most clearly with the harder to recruit roles and those requiring the broadest or longest experience requirements. At the very top, most executive level, in larger-scale and multi-national organizations, Chief Information Security Officers are even breaking the 7-figure salary threshold, as this role has increased in strategic importance within the C-suite and has earned a seat at deserving high cybersecurity salaries. At the opposite end of the career path, entry-level cybersecurity professionals are commonly earning salaries in line with or only slightly higher than similar technical roles outside of the cybersecurity field. As commercial (and other) industries have increased their appetite and demand for cybersecurity professionals on staff, the hiring market has become more competitive, and that competition is driving up salaries. This is basic supply and demand.
As with most things in society today, we can just follow the money. With the advent and maturation of cryptocurrencies like Bitcoin and others, we saw cybercrime increase, because it could be easily monetized. Before cryptocurrency, ransomware, for instance, existed but was less common. It was difficult to anonymously collect ransom payments, but this became simple with cryptocurrency, so it took off. Initially, ransomware was only able to prevent data owners’ access to their own data. That was (and is) bad if victims did not have offline backups of their data. But an organization might opt not to pay the ransom and just dig deep to rebuild the business with or without data backups. However, a newer trend in ransomware is the exfiltration of sensitive business and customer data. This means that not only can ransomware attackers prevent data owners’ access to their own data, they can also download the data themselves and threaten to expose highly sensitive customer Personally Identifiable Information (PII) if the ransom were not to be paid. This raised the stakes significantly, as organizations are loath to permit exposure of this sensitive data. Such exposure would be a public relations nightmare and could shutter a business, so we’re seeing more organizations pay the ransom despite expert recommendations (and even government prohibitions) against it. As well, we continue to see attackers employ complex Advanced Persistent Threats, which are leveraged through phishing attacks, web drive-by downloads, and other attack vectors to gain an initial foothold on a network, monitor end-user keystrokes to collect key organizational intelligence and login credentials, propagate infections to other machines, escalate privileges, and even fix security vulnerabilities so that other attackers cannot come in behind them to exploit the same vulnerability. The attackers are getting smarter, more clever, and ever more elusive, requiring cybersecurity professionals to increase their skills to meet the challenge to defend against these evolving threats. These and many more reasons point towards the direction that cybersecurity careers are rewarding, in-demand, and highly paid because now we face more advanced threats and better-trained, smart cyber attackers.
Connect with our experts to learn more on how you can become a cybersecurity professional and pick up the pace with hackers getting smarter by the day.
With so much knowledge and experience behind these extraordinary words of wisdom, cybersecurity comes out as an effective, rewarding, and high-demand profession to pursue in 2020 and beyond. QuickStart offers Cybersecurity bootcamps to prepare you for some of the most accepted cybersecurity certifications to help you start a career in the field. You can also start a 30-day free trial with QuickStart to take self-paced courses from a library of 900+ courses, in not only cybersecurity but many other demanding fields of IT. IT has built a lot of our present world of technology and guarantees the potential to pivot the future of innovation and evolution. A career in IT, specifically in cybersecurity is nothing but rewarding.
Will you be able to delineate, with formatting, that this wrap-up paragraph, as well as the lead in bio and introduction, are separate from what you've quoted from my responses?
Sign up for your FREE TRIAL, or explore more for teams and businesses.