Career Overview: With all that is going on in the world today, Cybersecurity is one of the hottest career fields in DoD contracting. Likewise there are a variety of career areas within the cybersecurity field to include but limited to; cyber threat intelligence analysis, cyber incident monitoring and response, cyber threat modeling, cyber risk analysis, secure system architecture design, cybersecurity auditing, defensive cybersecurity operations, offensive cybersecurity operations, Cyber intrusion detection, and Cybersecurity certification and accreditation to name a few.
Skill sets called for include but are not limited to; Security information and event management (SIEM) practices and tools knowledge, Computer Network Defense (CND) practices and tools knowledge, Computer System Vulnerability Management tools and processes, Cyber Threat Modeling, Cyber Risk Analysis, Cyber Auditing, Cyber incident response, Computer networking experience (OSI model, TCP/IP, ports and protocols, traffic analysis), scripting and programming experience, penetration testing experience, and systems administration (Windows or Unix/Linux) to name a few.
Career Path: The traditional career path for cyber security professionals is being an IT help desk person, system administrator, network administrator, software engineer, hardware engineer, technical writer or process analyst. Likewise for military personnel the career path includes being assigned to a cybersecurity or computer or technology related career field.
If you do not have a technical civilian or military background, but are still interested in the Cybersecurity career field I recommend researching and pursuing advanced studies for either a Bachelors or Masters Degree in Cybersecurity.
Salaries: Salaries range for cyber security analysts from ~$55k for entry level to over $100k for senior positions.
Professional Organizations: To help you network and meet with people in the cybersecurity career field I strongly recommend finding and joining a Cybersecurity Professional Association. When signing up for a Cybersecurity professional associations look for ones in your area and plan on attending a few meetings to see which organization is a good fit for you. Most members will want to help you learn more about the cybersecurity career field as assist you in your career journey if they can.
Training & Certifications: DoD 8570.01 specifies the required training and certifications all DoD Cyber professionals must attain to work in the career field. The certifications are primarily categorized into a technical and management path. For most professionals breaking into the career field obtaining a Security+ certification is the first step.
DoD Directive 8570.01, Information Assurance Training, Certification, and Workforce Management. The DISA IASE website provides a summary table of the required certifications.
The Federal Virtual Training Environment (FedVTE) provides free online Cybersecurity training to U.S. government employees, Federal contractors, and veterans. The National Cybersecurity Center (NCC) provides collaborative cybersecurity response services with comprehensive knowledge and capabilities through training, education, and research.
The National Security Agency (NSA) and the Department of Homeland Security (DHS) jointly sponsor the National Centers of Academic Excellence in Cyber Defense (CAE-CD) program. The goal of the program is to reduce vulnerability in our national information infrastructure by promoting higher education and research in cyber defense and producing professionals with cyber defense expertise for the Nation. A listing of current NSA/DHS CAE institutions can be found here.
Cyber Security Policy: The current Department of Defense Cybersecurity Policy Framework is called the Risk Management Framework (RMF) and Department of Defense Instruction (DoDI) 8510.01, provides an overview of this new, risk-based approach to cybersecurity.
Other pertinent DoD and NIST Cybersecurity Policy documents include the following:
Education: Most cyber security jobs require a college degree in a Science, Technology, Engineering or Math (STEM) discipline or equivalent years of industry experience.
Volunteer Opportunities: In addition to advanced learning in cybersecurity, I recommend those interested in this career field look for volunteer opportunities to obtain IT and Cybersecurity experience. If you are a parent look to see if you can volunteer at your child’s school to help in the IT area. If you are a college graduate look to see if you can volunteer to help in your college computer lab. If you are still on active duty I recommend checking with your unit IT section to see if you can assist or shadow current Cybersecurity personnel to learn more about the career field
Also the Air Force Association (AFA) sponsors a National Youth Cyber Education Program for High School students called Cyber Patriot. Participating High Schools are always looking for volunteers to help and this is a great way for Veterans to learn about Cybersecurity and help the next generation of Cyber Professionals.
Professional Reading: I recommend the following two books as professional Reading for Cybersecurity.
Dark Territory – The secret history of Cyber WAR by Fred Kaplin
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
Job Search: To get a feel for what cybersecurity jobs DoD contractors are actively hiring for I recommend selecting a few of the DoD contractors profiled on this site and searching for jobs with the titles “Cybersecurity Analyst” or “IA Analyst” and explore the jobs that come up.