Published: 25th September 2024. Last modified: 25th September 2024.
Written by Tim Moran, Stephen Charlton
Cyber security is an attractive career choice that offers a good salary, career progression and the satisfaction of helping keep people’s data safe. But, how exactly do you get your foot in the door as a cyber security professional? And once you are there, how can you advance your career in the industry?
We spoke to Tim Moran, the Managing Director of Peoplebank Group Australia, about how to get a job in cyber security and what career progression opportunities are available in the field.
Tim has worked in the recruiting and consulting industries for more than two decades, with a specialisation in technology and cyber security.
Degrees for Cyber Security
The most straightforward way to get qualified to work in cyber security is to gain a Bachelor in Cyber Security. For some positions, recruiters may even prefer candidates with a Master of Cyber Security.
Tim commented on the importance of education in the field, saying “It would help to have a bachelor’s degree, and possibly a subsequent master’s, within cyber security because you're going to build more knowledge doing something for three or four years.”
However, you don’t necessarily have to do a degree with cyber security in the name to get a job in the field. Tim said that degrees in computer science, information technology and governance, risk and compliance are relevant to working in cyber security.
“There’s lots of STEM-related and particular technology degrees where you then can make that move across into cyber security,” he said.
Shorter Courses for Cyber Security
While cyber security-related bachelor’s degrees are valued by recruiters, they are not the only way to get into the industry. There are shorter cyber security courses such as diplomas and certificates that can help you gain the core skills relevant to working in the industry.
Examples of such courses for cyber security are an Advanced Diploma, Diploma, Certificate IV, Certificate III and the Cyber Security Governance, Risk and Compliance Certified Professional Course.
Read on to find out how to complement such courses with practical experience.
How to Career Transition into Cyber Security
You may have established yourself in another career but are now interested in making a career change into cyber security. But how is it possible to make the jump into cyber security?
If you don’t have time to commit to a bachelor’s or master’s degree, then shorter courses such as diplomas and certificates are a good way to gain essential skills for working in the field.
Tim suggests that people who want to make a career change complement such courses with technology work experience to help stand out in the job market. This should ideally be done in an organisation with an established cyber security function.
“Pick up some practical technology work experience, for example in help desk support,” Tim said. “Then do a cyber security qualification outside of that will give some complimentary theory and knowledge as well – then try and make a lateral move into a role in the cyber security team.”
How to Gain Experience in Cyber Security
Nowadays it’s common to find even entry level jobs that require experience in many fields. So how do you get over that hump of needing to have experience to get experience?
Tim said that you can gain cyber security experience even in other roles working in technology companies.
“One of the first things that you can do is get involved in projects that the organisation is running that would allow you to pick up cyber security experience,” he said.
Organisations with a cyber security department such as consultancies, government departments and corporate organisations are examples of where you can find this kind of opportunity.
“It's easier to move into something that you don't have direct skills in if you're making an internal move,” Tim said.
“So at least at that point, they all know your work ethic, the fact you fit the culture, they'll know that you demonstrated your abilities in your existing role. You'll have all of those things supporting you as you make that transfer into cyber security, rather than just making a cold application.”
The Importance of Networking
There’s more to finding work in cyber security than just learning the hard skills. Like any field, who you know matters.
“There are lots of cyber security-focused networking bodies and associations that allow people to hear from industry experts and also build their own personal network as well,” Tim said.
“I think they're also really important and a really great way for people to build up that understanding and knowledge of the sector.”
Examples of Australian cyber security industry bodies include the Australian Information Security Association (AISA), AustCyber, AusCert and the Cybersecurity Committee of the Australian Computer Society.
How to Supercharge Your Career in Cyber Security
Once you get that first job in cyber security, then your opportunities for career progression will largely depend on the company you work at.
Tim said that when considering career advancement, it’s important to look for companies that value cyber security and are innovative in the field. “Get into an organisation that has cyber as a key priority and a key risk within their business and they're prepared to invest in it,” he said.
Another important factor in career progression is joining an organisation that has depth in the cyber security team. “Try and join an organisation that's got the size and scale where there's leadership opportunities, and there’s team management opportunities within the structure,” he said.
Career Progression Options in Cyber Security
So what are the possibilities for career progression in cyber security?
Possible career goals in the field include working towards being part of a company’s executive leadership team, a partner in a consulting firm or getting into advisory work. “In a corporate role, you could progress to chief information security officer, where you’re part of that company’s executive leadership team,” Tim said. “You could even get to the point where you move across into chief information officer because security is such an important part of what that organisation does.”
In a consulting firm context, a cyber security professional could gain exposure to work in a wide variety of industries and work up their way in the organisation to become a partner.
Cyber security advisory roles meanwhile are another way to expand the value you offer organisations. “You’re working with organisations and not just giving them technical support but also supporting them in building an overall strategy,” Tim said. “You can also advise on the incident response around cyber breaches, where you’re making sure that companies are well prepared and should a breach occur, that they're able to cope with that and protect themselves and their customers.”