Don't let the headlines about New Corp.'s (NWSA) recent phone follies give you the wrong idea about hacking: Cyber crime is only getting more complex and dangerous, but it is creating new jobs for people who want to fight it. Recent high-profile hacks of government sites, Citigroup (C), and Sony (SNE) have added to the rush for more qualified staff. The Pentagon has committed to spend more on cyber security even as it slashes its overall budget. Increasing threats make cyber analysis a growth area for everyone from banks to startups.
Where the legal hackers are
The good news is that the days of corporations skimping on internal cyber security are almost over. In the past, companies could get away with hiring external consultants for big jobs while simply reassigning IT managers to handle more standard threats. "A Windows administrator would have to do security as well," says Damon Geopfert, McGladrey's top man for security and privacy consulting. "But," he adds, "that has been proven an unsustainable model."
Current outside cyber security firms will stick around and even flourish in the face of so many threats, but internal cyber security teams under development at major companies may provide the best growth opportunity. Businesses are looking for experts at all skill levels, from greenhorns in eight-hour shifts to industry greybeards who can watch the big picture.
The skills you need
Whether you have a prior IT background or are only just entering the work force, ways to get into cyber security are diversifying alongside its skillsets. Six or seven years ago, Geopfert says, the field was dominated by people with "hardcore security experience" in defense, law enforcement, or a major IT department that handled some of its own security.
But now, companies aren't simply looking for veterans with long-term experience. Certifications demonstrate you're serious about the job, but they don't cut it on their own. Differentiate yourself through additional areas of focus, such as a management knowledge, risk assessment, or even psychology to join expanding teams that use interdisciplinary approaches to spot the warning signs of an attack before it happens.
While technical credentials can get you in the door, you'll get nailed if you can't handle the work. Geopfert stresses that the industry has learned how to weed out unqualified opportunists. "You're going to have to sit down with somebody like me that will ask you to talk me through processes in 30 seconds," he says. "Go get the certs, but highlight your depth of knowledge in specific areas -- recruiters will appreciate it."
A strong academic background always helps: AT&T (T) has recently hired a dozen PhDs right out of their dissertations, according to chief of security Edward Amoroso. But Amoroso and other recruiters say they also look for computer scientists with a hacker's mentality. Even if you just have natural aptitude in lieu of an advanced degree, Geopfert says the key is to participate in industry chats and conferences where you can demonstrate maturity and show recruiters you can maintain a conversation. Being able to code in your sleep won't help if people can't stand to work with you.
Not particularly technical? There are an increasing number of "hybrid" jobs if you're all thumbs on a keyboard. The auditing side of cyber security needs candidates who might not be able to write security programs but can understand how to regulate activity.
With salaries from $50,000 to $120,000 dollars a year and companies such as AT&T, Wells Fargo (WFC), Citigroup, Microsoft (MSFT), and Boeing (BA) on the lookout for staff, cyber security is a growing industry -- even if you're a former hacker who wants to play it straight.