So, You Want to Join the Dark Side of Cybersecurity?
Frederick Scholl, Ph.D., Cybersecurity Program Director, Quinnipiac University
No, I don’t mean working for criminal hackers. I’m writing about the security vendor space. There are many opportunities on the security vendor side. Today there are over 2,000 security vendors. Just don’t expect a lot of love from practitioners. You will have to earn it. This blog post will give you an introduction to career opportunities in the cybersecurity vendor space.
Worldwide there are about 365,000 people working at such vendors. This compares with estimates of 2.8 million people in cybersecurity within major economies. Working for a vendor can be rewarding and a good career path into the enterprise space. My interview with Richard Stiennon discusses security careers in more detail. Richard has recently published a detailed analysis of the vendor space. 1
He breaks down the entire vendor space into 16 broad categories:
Vendor Space Categories
|Network Security||The granddaddy of the space, including firewalls, VPN gateways and related tools and services|
|Data Security||Including encryption and Information Rights Management (IRM)|
|Identity and Access Management||Keeping the bad guys out: Active Directory, password managers, biometric devices, etc.|
|Governance, Risk and Compliance||Including tools to assure compliance as well as risk posture|
|Endpoint Security||Started with McAfee anti-virus in 1988; products have grown in sophistication to counter end point threats|
|Operations||Tools to improve efficiency and effectiveness in operations centers including detecting and responding to threats and incidents.|
|IoT Security||The newest category of products focused on securing new Internet connected and managed devices|
|Managed Security Service Providers (MSSP)||Services to manage security of an enterprise and eliminate the need to purchase and manage the other categories of products|
|Application Security||Tools to manage security within the software development lifecycle (SDL)|
|Security Analytics||Tools to support attack and breach detection, including SIEM, IDS, and Breach Detection and Response|
|Fraud Prevention||Fraud can be internal (employee based) or external (customer based). Broad category of defenses including behavior monitoring, user behavior analytics, geolocation, account takeover, etc.|
|Threat Intelligence||Trying to predict attacks before they occur including reputation services, malware analysis, threat actor research and dark web research|
|Email Security||This category includes both endpoint and network protections such as: anti-phishing, anti-spam, encryption, monitoring and auditing, inbound attack prevention, outbound Data Loss Prevention (DLP)|
|Training||Awareness, compliance training, and cyber range practice labs|
|Deception||This takes four forms: honeypots, honey networks, tainted files and deceptive credentials posted on social networks|
|Testing||Automated attack and penetration testing tools|
What are the jobs within these types of organization? In a previous interview I discussed security roles with Diedre Diamond, President of CyberSN, a provider of security recruiting services. Their list of 35 security job categories is worth reading . A selection of roles that uniquely applies to the vendor space would include:
- Account Executive
- Business Development Representative
- Security Sales
- Security Sales Engineer
- Security Product Manager
These vendors will also have opportunities for roles that are like enterprise roles, such as CISO, Application Security Director, Security Compliance Director, Risk Management Director, etc. The actual job responsibilities at a vendor may be different from the same role in enterprises. Typically, the roles will be more customer focused.
For readers based in Connecticut, I did a survey of security companies based here; these names are taken out of Richard Stiennon’s book. The list is short, but there are some top-notch companies represented here.
Cybersecurity Vendors Located in Connecticut
|Awareness Technologies||www.awarenesstechnologies.com||Monitoring for home and business|
|Owl Cyber Defense||www.owlcyberdefense.com||Data diode security products|
|SDG Corporation||www.sdgc.com||Security services|
|SecureRF Corporation||www.securerf.com||IoT Security (now Veridify)|
|Zorus||www.zorustech.com||Web site security|
|Apex Technology||www.apextechservices.com||Security services and IT services|
|Kelser Corporation||www.kelsercorp.com||Managed services and security services|
Quinnipiac University’s online MS in Cybersecurity program trains technically proficient security defenders. Learn more about how the MS in Cybersecurity degree can give you the necessary skills to pursue a career in the security vendor space.
1Security Yearbook 2020, Richard Stiennon, IT Harvest Press, 2019.