Tech Career Insights: Spotlight on Cybersecurity

Interested in a career in cybersecurity?

We spoke with Scott Taylor, CISSP, OSCP, Red Team Manager at global cybersecurity leader CrowdStrike, to gain perspective into the world of cybersecurity and its current demand in the marketplace.

With over 17 years of tech industry experience and 5 years’ experience specializing in cybersecurity, Scott explains red teaming and the increasing frequency of cyberattacks, reveals what he’s looking for when reviewing resumes, and shares valuable insights for those interested in transitioning into the exciting, dynamic field of cybersecurity.

Can you tell us about red team services and what that means?

Red teams are the proactive, offensive side of the network security team with expertise in attacking systems and breaking through defenses. You’ll hear terms like penetration testing and red teaming, it’s all the same type of approach; organizations bring in a red team to test their systems and infrastructure from a holistic point of view. The red team is looking for weaknesses and vulnerabilities to find how exploitable they are and what the response would be, and then compiling those findings into a report for executives.

The counterpart to the red team is the blue team – the defensive side of the network security team responsible for maintaining defenses against cyberattacks and threats.

It seems like headlines about cybersecurity breaches are becoming more frequent. Why are we seeing more of them?

Yes, it’s pretty wild and the amount of cybersecurity breaches is off the charts. What’s in the news is only a small sliver. Attackers and adversaries are primarily money-driven and have seen the potential for profit that’s out there. Their skillsets are increasing day by day, and the amount of training programs and information available is increasing at an exponential rate. Take ChatGPT for example, there are ways around its filters to get it to code malware.

For someone in a third world country, one ransomware attack on a target in a first world country can be lucrative to the point of being life changing. But ransomware attacks come from everywhere, from countries that coordinate state sponsored advanced attacks, to groups of cybercriminals that band together, to a lone wolf launching an attack. And no business is immune, whether it’s a small mom and pop shop or a large enterprise, anyone can be a target.

With attackers getting better at their craft every day, how does that impact your ability to do your job?

Ultimately, it’s really a cat and mouse game. New techniques and ways of attacking come out every day, and we have to learn them and try to stay ahead to be able to test for them. We can’t just rely on a single solution and stick with it; we need to be constantly assessing our risk exposure.

That need to be ahead of the curve must impact how you build a team. What defines a strong cybersecurity professional, both individually and at an industry level?

When hiring, we definitely prioritize an aptitude for continuous learning. The rapid pace of change in cybersecurity makes it a constant learning environment, so individuals who are driven, flexible, agile, and resourceful tend to succeed. The ability to be adaptable is paramount, both at an individual and industry level. The tech space evolves so quickly, the job you might have in a few years may not even exist today.

Aptitude for learning is hard to demonstrate on paper. How do you look for that on a resume? What stands out to you?

When I’m looking through resumes, I’m not necessarily looking for what school someone attended or what program they took, but I want to see whether the candidate is layering skills, regularly getting/updating certifications, going to conferences, and just generally continually developing, improving, and keeping informed.

From an organizational standpoint, do you see growth in the cybersecurity space despite the current economic conditions?

Yes, there is growth in the cybersecurity space throughout all organizations. Although we’ve been seeing mass layoffs, economic conditions are temporary, and technology will always be developing. Cyberattacks aren’t going to decrease. The demand for cybersecurity skillsets is going nowhere but up over the next 10 years.

What kinds of skillsets or experience would transfer into cybersecurity for someone looking to enter the field?

People tend to associate cybersecurity with very technical jobs, and of course some certainly are, but not all. Someone can come from a non-technical background and still become very successful. We often see people transfer into cybersecurity from law enforcement, and from structured environments like the army and military. Project management is vital, lots of the softer skills are in-demand; cybersecurity is really a big umbrella that can take people from all different industries. If it’s something you’re interested in there’s almost certainly a way to translate your skills.

It seems a big part of cybersecurity falls to users and the social aspects of how we employ technology, is education an area of growth?

Yes absolutely, there’s a huge opportunity for offering learning and development and educating the culture of organizations around cybersecurity. Cybersecurity is more than just the technology that’s used – it’s people and their behaviour. Being able to communicate and teach is definitely in demand.

 

Are you interested in exploring a career in cybersecurity? If you’d like to learn more about how Millenilink can support your established or transitioning career, get in touch at info@millenilink.ca. We’d love to hear from you even if you’re not quite ready for your next opportunity.