8 Steps to an international cyber security career
Cyber security is one of the hottest topics in IT and that is of course not for nothing. More and more data is being stored, cyber attacks are dominating the headlines and organizations are going deep into the dust after data breaches come out. The changes in the law and the digital transformation – which is still in progress – make it an absolute requirement to invest in cyber security.
A mismatch between requested and offered knowledge and a large shortage of specialists make open cyber security vacancies difficult to fill.
As a cyber security specialist, the world is at your feet, but pursuing an international career offers many more possibilities. In this report you can read how - and why - you can build an international career, even without experience!
The report looks at:
- Cyber security vs. IT security
- The cyber security market
- why choose an international cyber security career
- Starting as an international cyber security specialist
- Education and certification
- Expanding your skillset
- Starting without experience
- Opportunities in the market
- Popular platforms to build your network
- The importance of international databases
Cyber security is an exciting - and for many people still somewhat futuristic - term. All forms of digital security are often placed under this heading and referred to in the same breath as IT security, a term that appears on more and more job boards and media platforms. However, the terms are not interchangeable. We will briefly explain the most important differences.
What is cyber security?
Cyber security is about protecting IT systems in the online domain and is mainly related to securing online networks against hackers with malicious intent.
It was not until the 1990s that the term was widely adopted, when it was picked up by the defence sector in the early Internet age. The term is still associated with war. Although 'cyber' is used in an infinite number of formations, it often seems to have a connotation with malicious intent. Cyber crime, cyber attacks, cyber war... How often have you heard of IT attacks? Or IT crime?
What is IT security?
IT Security is about protecting all forms of IT systems, both online and offline. This means that IT Security also covers the offline spectrum, something that a term such as cyber security does not do. When people talk about legislation and regulations such as the AVG, for example, they usually talk about the area of IT security.
Although work is increasingly done online and in cloud environments, there are still plenty of offline databases and ERP systems - such as Salesforce - that need to be secured. However, there is almost no computer left that has no connection whatsoever to the worldwideweb. Increasing globalization and the increasing outsourcing of work call for an easy and fast exchange of data. The danger lurking here is that companies think they are working safely in an offline application, while the application is accessible through an online channel. With data alerts as a result.
Mark Warner, one of our IT and Cyber Consultants in London, attributes the following characteristics to IT Security: "Business risk is a term often heard in this context. This ranges from 'educating' employees to block their computer screen when they enter a meeting, to making sure everyone complies with the AVG guidelines. In other words: ensuring that your organization lives an 'IT security lifestyle'."
Cyber security is one of the fastest growing markets of the moment. Research by Gartner showed that investments in 2019 increased by 10.5% compared to 2018 - and the end does not yet seem to be in sight. By December 2019, the global cyber security market was already worth $131.3 billion, according to Fortune Business Insights, but the market is expected to grow further to just $290 billion by 2026; more than doubling.
Cyber security worldwide
North America currently holds the largest market share, approximately one third of the total market size. It is therefore no surprise that the largest players in the market are amply represented here. The market here is and will be mainly driven by the United States and has become large due to the rise of e-commerce, large data leaks - such as the Yahoo leak in 2014, the biggest data leak ever - and the government. The U.S. government is even the largest customer and is driving further growth with increasing investments.
After North America, the second largest market is the Asia Pacific (APAC) region. Japan was one of the first countries to impose uniform standards with regards to cyber security, making the size of the cyber security market one of the largest in Asia. In countries such as China and India, cyber security is growing particularly rapidly due to the increase in the number of internet connections and data leaks. India is in the top five when it comes to cybercrime; research by Mordor Intelligence shows that as many as 37% of all violations related to damaging and stealing data can be traced back to India.
Europe completes the top three. The European Parliament has played a major role in this result by adjusting the laws and regulations relating to online safety, as a result of which cyber security received more attention within the business community. Most of the market is located in a few important geographical clusters in the EU5 countries (Germany, France, Italy, Spain and the United Kingdom). Important areas include North Rhine-Westphalia and Munich in Germany and Lyon in France, where many cyber security organisations can be found for a variety of reasons. In the United Kingdom, there are as many as twenty officially registered cyber security clusters that are supported by the government.
The growth potential
Although the US market is currently the largest, the largest growth is expected in Asia. This is due to the growing number of people connected to the Internet; after the United States, for example, China and India have the most Internet connections. Access to the Internet increases the risk of cyber attacks, which makes the market extremely promising. In South Korea, for example, the number of cyber attacks grew by 14% between 2018 and 2019.
In Europe, the market is growing steadily. While the number of people with an internet connection here has remained virtually the same for a number of years, developments in legislation and regulations have meant that cyber security has come under a magnifying glass. This has given a significant boost to growth; the total size of the market is expected to grow to a value of $65 billion in 2025. New ways of working - in which staff provide their own equipment, for example - and further digitisation contribute to the growth.
Although the market is growing, there is an unprecedented labor shortage here. This report serves as a roadmap for starting and growing in an international cyber security environment.
Cyber security is one of the most discussed areas within IT today. As it does not allow itself to be constrained by physical obstacles such as national borders, cybercrime is considered an ever-increasing threat worldwide. Data breaches and cyber attacks dominate the news and decisions regarding cyber security are becoming bigger and bigger issues in which more and more people are getting involved. We will list three good reasons to delve into cyber security on an international level.
The labour market
The labour market reached a new peak in 2019, with the number of vacancies increasing from 80 to 88 per 100 unemployed in less than half a year. In fact, the IT labour market is struggling and has been for four years in a row, mainly due to the shortage of specialists in areas that are developing rapidly - such as cyber security.
Filling vacancies in the field of cyber security is therefore not an easy task for organisations. For specialists, however, the scarcity is good news. The shortage of specialists translates into relatively high salaries and favourable terms of employment.
As an international cyber security specialist, you're in for a treat; after all, most notorious data leaks extend beyond national borders. In addition, a case that has major consequences in one region can be just as disastrous in other regions. Your knowledge of the case is a scarce resource that many organisations are shy about.
New career opportunities
An international focus not only provides greater financial rewards, but also opens many new doors. Because cybercrime is not limited to regions, an international approach is increasingly being adopted. By joining forces one hopes to prevent attacks more often and to be able to repel them more easily.
The added value of this can be easily explained by means of an example. In 2016, tens of millions of dollars were stolen from the Bangladesh Bank, known as the Bangladesh Bank cyber heist. As more and more details about the attack came out, banks from Vietnam and Ecuador appeared to recognize the tactics of the attack; the identical approach seemed to suggest that it involved the same group of attackers. With the right precautions, the attack on Bangladesh Bank could probably have been prevented.
Collaboration on an international level is therefore becoming increasingly important in the field of cyber security. As a specialist with an international focus, your knowledge is worth its weight in gold!
Globalisation makes you understand cultural differences, be able to deal with language barriers and work with different types of people important skills on your CV.
Working in an international environment certainly enhances your communication skills. You will learn to deal with different cultures and people with different work ethic.
Finding a job in an international cyber security environment; there are easier tasks in the world. Of course, international experience is not something you just have. So, where should you start?
Work for an organisation with offices around the world
Even close to home you can gain international experience. There are plenty of internationally oriented organisations with offices all over the world. These companies offer you the opportunity to gain international experience in your own environment.
By working together with colleagues from a different region and with a different background, you will learn to deal with language barriers and cultural differences and you will have the opportunity to exchange knowledge. In addition, this is of course a great opportunity to expand your international network and build your international career.
Remote work for organisations abroad
When you choose to gain international experience by working for a foreign client, remote working can be a solution. You don't have to move, you don't spend time travelling and you can often arrange your working day flexibly, while you gain international experience and expand your network.
Nowadays, working from home is often part of the benefits packages that companies need to have to convince candidates to choose you. International banks and companies such as Dell, Apple and SAP are good examples of organizations known for attracting staff living abroad.
Go out your comfort zone and move abroad!
Gaining experience in an international environment is of course easiest abroad. As a cyber security specialist, you have numerous skills that clients are eagerly looking for, so take advantage of the possibilities outside the UK or Ireland.
This may mean that you have to leave your comfort zone, but of course you can learn a lot from this as well. Not only do you develop your communication skills, but you also learn to deal with cultural and language differences and your ability to adapt to a new environment.
One of the main reasons for the tightness in the IT labour market is the mismatch between skills demanded and offered. Cyber security is developing at breakneck speed, which means that skills can quickly be declared necessary or, on the contrary, superfluous. If you are looking for a job in cyber security, it's important that you know what work clients or companies are currently looking for. Make sure your knowledge is up to date to increase the chances of an international career!
Workers and clients usually require that you have completed at least a bachelor's degree in a technical field. No less than eighty percent of the vacancies in the security field require a bachelor's degree, while for ten percent only specialists with a completed master's degree are eligible.
Examples of subsequent studies are (Technical) Engineering, Computer Science, Artificial Intelligence, Technical Business Administration and - of course - Cyber Security (& Business Risk).
Certificates are tangible proof of your knowledge and skills, so it never hurts to obtain them - even if you already have (a large part of) the substance. Obtaining certificates is not (always) reimbursed by your new work or client, so it is important to obtain them in advance.
For the most popular roles in cyber security, Cyberseek has set out the most important certificates in a matrix;
Information Systems Certification
When the basics are in place, you can start specializing. There are a lot of skills that together determine how (and if) you can fulfil an international role. It's not just technical skills that are important.
What makes a cyber security specialist a cyber security specialist? There are some personal characteristics that apply to most individuals in this group. They often have problem-solving skills and can get stuck in technical issues, which they can look at from different angles. Their eye for detail means they have great analytical skills.
The ability to build relationships, collaborate and network is also important. As a specialist, you will have to work with many different departments and will have to interact with different levels within the organisation. So good communication is a very important soft skill to have!
Hybrid cyber security roles
The skills that are in demand and that companies/clients are primarily looking for may vary considerably from role to role. This is mainly the difference between pure cyber security roles and so-called 'hybrid' security roles. Hybrid security roles arise because cyber security becomes part of other functions, so that the range of requirements differs somewhat. For hybrid functions, important skills include system administration, customer service and technical support.
Key skills for hybrid cyber security roles
For pure cyber security roles, a number of skills are really essential. For the most popular roles in cyber security, Cyberseek has listed the most requested skills:
Courses, trainee-ships and further training
Nowadays there are many academy's and universities that provide cyber security training and courses. But they are not the only means of gaining more knowledge, by attending trade fairs, meetings or joining networking groups you can also learn a great deal. There are always like-minded professionals here where you can learn a lot from, so we definitely recommend you to take a look at the possibilities and expand your network.
In addition, more and more organizations are offering their own training to ensure that the required skills set can be met. IBM is a good example of this, by using the junior cyber security analyst certificate program to train staff for the future. In these situations, try to opt for organizations that operate internationally if you aspire to an international cyber security role.
As a non-specialist, the world of cyber security can feel like a closed world, where only a select number of specialists with very specific skills are at the centre. However, specialists know that the boundaries are not so black and white at all. Even without experience in security, you can be part of the cyber security environment.
With no experience
Assignments in cyber security are of course linked to the fight against hackers and the prevention and resolution of data leaks. Of course this is part of most assignments, but in cyber security there is much more than that and does not differ much from other teams within IT. Together, you work towards new and reliable solutions and implementations, making it possible for the work or client to grow further.
Cyber security has a lot of common ground with other technical environments and is therefore interesting for a lot of IT professionals from adjacent fields. The large shortage of specialists means that wages in this sector are rising and privacy, infrastructure, data, and cloud specialists are making the switch. After all, these niches border on cyber security, which makes the knowledge and experience very welcome.
Without knowledge of programming
Yes, even without knowledge of programming it is possible to make a name for yourself as a cyber security specialist. In order to be able to go in different directions, experience with and knowledge of issues such as project management and process development are very important for this type of function. For example, you could look to work in one of the areas below:
- Cybersecurity project management
- Cyber threat intelligence
- Risk management
- Security operations
- Security audit
- Security risk assessment
- Vulnerability management
In a labour market as wide as IT, it can be difficult to see the wood for the trees. Especially when you're pursuing an international career, it's not crazy if you're drowning in the sea of opportunities. That's why we've outlined the most important speech and programming languages, the regions with the greatest chance of an international breakthrough and the roles and techniques where the shortage is greatest.
What languages should you speak
English is currently the most important language in cyber security. Especially in Europe and the United States, knowledge of English goes a long way. In almost all other regions, most highly educated specialists are now proficient in this language as well.
Exceptions are Russia - where English is often spoken in moderate to beginner level- and China, where cyber security is gigantic and most specialists speak Mandarin. Mastering Mandarin and Russian are therefore - depending on your ambitions - nice extras on your CV.
What are the most important programming languages?
There are a number of functions within cyber security where programming is not a requirement, but being able to program greatly increases your chances on the international market. The five most important languages at a glance are:
C and C++
These are absolute requirements for being able to work with IT infrastructure as system processes.
Due to the exponential increase of available data, SQL is becoming more and more important and is regularly misused to destroy or get hold of data.
Not an easy programming language, but a good expansion to your arsenal of skills.
Different markets, different needs
All over the world, there is a shortage of security specialists. The battle for specialists such as SOC analysts and pen testers has broken out in all parts of the world.
Although there is an international shortage of security specialists, there are differences between different regions. This has to do with issues such as level of education, language, the maturity of the market and legislation and regulations - to which cyber security is heavily subject.
There is a shortage of almost all roles within cyber security, positions of leadership roles such as DPOs and CISOs in particular. After all, these roles are essential for good management and - since the introduction of GDPR - sometimes even mandatory. CISSP, CISM and CIPP/E certificates are good additions to the CV for these and other management positions.
In Asia, the scarcity is most noticeable in the supply of offensive security specialists. There is a growing shortage of specialists with knowledge of techniques such as pen testing and rescue teaming, especially within the financial and banking sectors, institutional units and the automotive industry. An OSCP certificate is therefore worth its weight in gold. Within this region, cyber security is by far the most developed in Japan, while considerable catching up is expected in the coming years in neighbouring countries such as China and India.
United States of America
The United States has the largest market share. The size of the market means that people are eagerly looking for specialists: between October 2018 and September 2019, the total size of employees in cyber security-related roles was estimated at one million, while there were as many as 500,000 cyber security vacancies in the same period. Especially specialists with CISSP, CISA or CISM certificates are rare; there are more vacancies for which these certificates are required than there are specialists with these certificates.
Networking is an important part in the search for the right job or assignment. A connection with the right person can mean that he or she can teach you a lot, or your next opportunity arises around the corner. It is therefore important to be active in the cyber security community.
Online forums and platforms
You can find a lot of like-minded specialists online, and there are plenty of forums where people communicate with each other to give opinions and share knowledge. Be active on these platforms to expand your network - and thus your possibilities!
Cyber Security Forum Initiative - CSFI
This LinkedIng group consists of no less than 111,000 specialists. You can come here with questions, comments and other cyber security related updates.
American cyber security expert and blogger. The newsletter is the main attraction; it ends up in more than 30,000 inboxes.
Quora is one of the most famous forums in the world. With so many different users, it should come as no surprise that many cyber security specialists also share their knowledge here.
Blog and news site of ESET. The articles are available in different languages.
Thousands of specialists ask questions here and answer questions from other specialists. At the time of writing, the platform contains over 2.5 million questions, opinions and discussions.
There are thousands of other platforms and forums that could be of interest to you. For almost all topics within cyber security there is a community where people work together to learn more. Therefore, we can only recommend you to be as actively involved as possible in these communities.
Cyber security events
At events you get the chance to network with like-minded professionals and keep your knowledge up-to-date. So make sure you regularly attend an event if you decide to expand your cyber security network!
There are a lot of cyber security events that are organized several times a year in different parts of the world. Well-known examples are Black Hat (organized in 2020 in London, Las Vegas and Singapore), ESET Security Days (worldwide) Cyber Security & Cloud Expo (Amsterdam, London and Silicon Valley), Gartner Security Risk Management and Identity & Access Management Summits (Las Vegas, Tokyo, Sydney, Mumbai and throughout Europe) and Cybertech Security (Israel, Italy, Japan, Panama, Rwanda, Thailand and the USA).
In addition to the major international events, we also know the regional major events (such as Troopers in Europe, Security Days in Japan and DEF CON in the US) and meet-ups. If you have international ambitions, we definitely recommend attending an event in another country - if this is a real option of course. An overview of all cyber security events can be found here.
Getting an offer that meets your requirements is not just a matter of luck. By entering the right circles and being part of an international network, you can greatly increase your chances of making an international breakthrough.
Through an internationally operating organisation
Getting an offer that meets your requirements is not just a matter of luck. By entering the right circles and being part of an international network, you can greatly increase your chances of making an international breakthrough.
Through an internationally operating mediator
You can also choose to work with an internationally operating mediator. The large network will come in handy in the search for a job that meets your needs, skills and expectations.
Computer Futures operates in more than twenty countries, from all over the world. Good cooperation between the various offices ensures that the potential of the network is exploited to the full, which benefits the career opportunities of the specialists.
Are you curious what our cyber security branch can do for you? Then please contact us via the contact form.