An Overlooked Upside to Cybersecurity Roles – They’re Fun!

Recent surveys and studies have emerged that show interest in cybersecurity as a potential career field at uncomfortable lows. In fact, a recent ProtectWise report showed that only 9 percent of millennials indicate cybersecurity is a career they are interested in pursuing at some point in their lives. This disturbing finding has far-reaching potential consequences in a field that desperately needs a stronger workforce.

To understand these findings, the study posits several factors that could be to blame for the low level of interest, from lack of exposure to cybersecurity in school curricula, to lack of personal connections, such as relatives, in the relatively new field of cybersecurity. However, another element, often hushed, and rarely acknowledged, lurks throughout the field’s perception – lack of fun. Sadly, many people don’t consider cybersecurity as a “fun” field – and that’s a false assumption, as there are multiple elements that make cybersecurity an enjoyable career path. Considering the level of engagement cybersecurity professionals enjoy, the evolving nature of the profession, its constant relevance, growth rate, and pay, cybersecurity can be a fun field, as long as individuals give it a chance.

One of the most enjoyable aspects of cybersecurity is the level of engagement it requires of an individual. Many jobs are comprised of the day-to-day grind of waking up, performing the same task several times, eating lunch, performing the same task, and going home. Little-to-no engagement occurs in these job roles, resulting in a bored and ineffective workforce. However, cybersecurity is quite the opposite. As seen in several reports, including ISACA’s 2018 State of Cybersecurity research, cyber-attacks are constant and growing in frequency. As a result, many incident responders and cyber teams find themselves immersed in their job, engaged in the dissection, analysis, and evaluation of attacks to better protect their organization. Oftentimes, this takes the full attention of these individuals, who lose track of time and realize they’ve been actively engaged in their work all day, resulting in very little boredom.

These growing attacks also are constantly evolving. Many of the day-to-day attacks against an organization vary in shape, size, and composition, and require an engaged workforce to actively combat them. These individuals act as live guardians in a digital world, identifying each potential attacker and assailant by cross-referencing them against previous attacks and exploitation. Oftentimes, this can be the hardest part of the job, as attack mechanisms such as worms and viruses are like hydras, with two different variants appearing once one variant is killed. In fact, one such type of attack, a polymorphic virus, makes slightly different copies of itself each time it infects a system in an effort to throw scanners off of its trail. Hunting these changing malicious codes and actors often brings a smile to the face of cyber professionals, as each time an attack changes and the responder stops it, the responder becomes that much stronger and more experienced.

These constant attacks also contribute to another element that makes cybersecurity fun: its relevance.  Since new attacks and attack vectors are always emerging, cybersecurity professionals must stay up to date on all the potential exploitations that are discovered to meet their responsibilities of protecting the business operations of an organization. This, in turn, makes cybersecurity professionals incredibly relevant to the business and the field overall. Relevance in an organization oftentimes translates to respect and recognition. This is reinforced by the rise of the CISO and CIO roles in Fortune 500 companies. No longer are these individuals relegated to the back row by other executives; instead, they are more commonly brought to board of directors meetings to discuss the organization’s security stance.

While the relevance of the cybersecurity field is important, it does not amount to much if there is nobody to staff the workforce. As seen in the 2018 State of Cybersecurity research, there are not nearly enough cybersecurity professionals in the field to keep up with the explosive growth and need. As a result, cybersecurity professionals are valuable diamonds to be cherished and cultivated within the organization. Thanks to this growth, cybersecurity professionals enjoy the fruits of a seller’s market – and that can be pretty fun.

Finally, something which all millennials should consider as they chart their future careers: pay.  Everybody wants a career that will pay well, and cybersecurity offers that opportunity. The Robert Walters Salary Survey of 2018 indicated that cybersecurity pay will rise by an additional 7 percent around the world in 2018, outpacing all information technology roles, which on average will see about a 2 percent increase. Although having an engaging, evolving, relevant job in a growing field is fun, knowing that it pays well is another cause to smile.

Everyone is different and defines job fulfillment through their own personal lens. However, if finding a job enjoyable, engaging, and fun is a top priority, it’s worth considering cybersecurity as a potential career. On the outside, it may seem bland, but taking a closer look reveals that working in cybersecurity can be much more fun than most people think.

Editor’s note: For more of Frank Downs’ thoughts on the fun side of cybersecurity and relevant industry trends, listen to the recent ISACA Podcast, The State of Cybersecurity.

Frank Downs, Director and SME, ISACA Cyber Security Practice

[ISACA Now Blog]