Breaking Down Barriers in Cybersecurity: Why Diverse Perspectives Like Yours Can Be an Advantage
Candlefox
Think you don’t fit the mould for cybersecurity? Barriers to entry are lower than you think — and the industry desperately needs diverse perspectives like yours.
Cybersecurity is a field shrouded in mystery. From Hollywood depictions of hooded figures to secretive government operations, it’s not always clear what cybersecurity really entails. The truth is, this depiction of cybersecurity is lightyears away from reality.
If you’re considering it as a potential career path but you’re not sure if you’re the ‘right kind of person’, you might actually be the perfect fit. Don’t let stereotypes discourage you. Whether you’re a seasoned coder or an interested newbie, this field needs the fresh perspectives and experiences that people from different backgrounds can bring.
So what’s the reality of working in cybersecurity? We chat with a cybersecurity professional who made the move from the world of performing arts to digital forensics.
What cybersecurity looks like in New Zealand
Cybersecurity is a rapidly growing field. Much of this recent growth can be attributed to cyber threats posed by COVID-19 and the shift towards remote working. In line with these trends, job growth is also predicted to be very strong, with cybersecurity specialists earning a salary of between $92K-$137K per year.
The types of jobs within cybersecurity differ significantly. An ethical hacker, for example, tries to infiltrate security systems to expose vulnerabilities. In contrast, a security software developer integrates security into software to minimise the chance of attack in the first place. As cybersecurity threats evolve, so do the needs of governments, organisations and companies.
Meet Josh
We chatted with Josh Lemon, a Digital Forensics and Incident Response Specialist, to get an insight into his career journey. Josh is a certified instructor at the SANS Institute, where he teaches advanced forensics and advanced networks forensics classes. When he’s not teaching or working for SANS, he works as the managing director at Ankura, an IT consultancy, looking after digital forensics and incident response practice for the Asia Pacific region.
“I work on digital forensics and incident response as part of my normal day job, and I also get the advantage of educating people on the techniques I use.”
Dismantling the hooded hacker archetype
If you’ve ever thought, “you’re not the kind of person” who could work in cybersecurity, you’ll be pleased to know you’re very wrong! Contrary to stereotypes, this field thrives on diversity and change.
“It’s not supposed to be a male-dominated industry. Our industry needs people from diverse backgrounds doing investigation work because you’re able to tell stories in different ways as well as understand language and cultural context.”
Josh has personally worked with a digital forensics expert who originally trained as a chef and another who worked as a mechanic.
An unexpected start
Because cybersecurity is an up-and-coming field, it’s still possible to enter the industry on your terms. From being self-taught to a 180-degree career changer, there are opportunities for people of all backgrounds. For example, Josh’s experience was in the performing arts industry.
“After quite a while of working in the entertainment industry, I realised I didn’t like living out of a suitcase and travelling for ten months of the year. I started looking at the other passion I had: computers and IT.”
Following this realisation, Josh moved into an information technology role where he ran large networks and infrastructure. But Josh was more detail-oriented, while this role was big-picture focused. He wanted something that better matched his strengths.
“I always had a keen interest in investigating things, understanding how things work, and detective type work. But I never realised you could do that type of work inside information technology.”
That’s when Josh came across a class on incident response and investigation. Realising you could blend the worlds of investigation and IT (and even do this as a full-time job!), his trajectory changed.
Skills over degrees
Higher education is often a great idea, but according to Josh, “degrees aren’t a hard requirement – you just need a passion for computers.”
“You can slowly build your knowledge in the industry, practice out in the field, then go and take intensive classes in a specific area and take that back into the field.”
For Josh, short courses in digital forensics and incident response helped him get his foot in the door.
- 16.2% of cybersecurity professionals today have a diploma
- 9.5% have a certificate
- 13.8% only have their year 12 certificate
Combined, this figure is on par with the percentage of professionals with a bachelor’s degree (38%), revealing that a university education isn’t the only way to get started.
The curious world of digital forensics
Digital forensics is a niche field within cybersecurity, demonstrating just how nuanced the industry is. Josh is tasked with catching criminals who have broken into computer systems, networks or organisations.
“What we do is look at the evidence on the network or the computer system to determine what that criminal group or organisation was doing once they broke in. This includes how long they were there for, how they broke in, and potentially anything they may have stolen.”
The day-to-day
So, now we know cybersecurity professionals don’t just sit in shadowy rooms, cloaked in a hoodie. But then what do they actually do, day-to-day?
Josh tells us it’s all about storytelling. “A lot of the time, you’re trying to piece together a story that you don’t have a full picture of. You spend a lot of time looking at digital artefacts as well as talking to organisations and individuals who have been impacted.”
With cybersecurity threats constantly evolving and software systems always updating themselves, learning and upskilling are also key priorities for people like Josh.
“You’re in this continuous learning mode to understand where to find artefacts and how to interpret them.”
There’s also plenty of learning to be done on the job, as every incident is unique. “Even if the type of case you’re looking at is the same, i.e. a ransomware attack, the challenges will be different.”
“There are different challenges with trying to help the organisation recover, and with the technology they have or don’t have, so you’re always in the mode of trying to problem-solve.”
Finally, Josh encourages new-starters to be aware of the omnipresent nature of cybersecurity threats. “You could get a call for help at a moment’s notice. Unfortunately, criminals don’t wait for business hours!”
Luckily, digital forensics is something where you’ll often work as a team, meaning there will be plenty of people to share this responsibility with.
Taking the next step
Moving into your dream cybersecurity career is more achievable than you think.
“Don’t be too concerned about your background, age or what your current knowledge is in the area. If you have a strong interest in cybersecurity, IT or investigation, you should do everything you can to get into the field.”
“Think about what areas of cybersecurity interest you, whether that’s defensive penetration testing, investigation work, or defence work. Then try to figure out what type of courses you could take or what skills you should develop to get into it!”
Cybersecurity not only suits people of all backgrounds, but it needs diverse skill sets, viewpoints and personalities to overcome increasingly complex threats.
Want to read more?
Why settle for just being the office coffee runner when you can be the one calling the shots?
