So, You Want to Join the Dark Side of Cybersecurity?

Frederick Scholl, Ph.D., Cybersecurity Program Director, Quinnipiac University
Quinnipiac University’s Cybersecurity Program Director, Dr. Frederick Scholl.

No, I don’t mean working for criminal hackers. I’m writing about the security vendor space. There are many opportunities on the security vendor side. Today there are over 2,000 security vendors. Just don’t expect a lot of love from practitioners. You will have to earn it. This blog post will give you an introduction to career opportunities in the cybersecurity vendor space.

Worldwide there are about 365,000 people working at such vendors. This compares with estimates of 2.8 million people in cybersecurity within major economies. Working for a vendor can be rewarding and a good career path into the enterprise space. My interview with Richard Stiennon discusses security careers in more detail. Richard has recently published a detailed analysis of the vendor space. 1

He breaks down the entire vendor space into 16 broad categories:

Vendor Space Categories

Category Description
Network Security The granddaddy of the space, including firewalls, VPN gateways and related tools and services
Data Security Including encryption and Information Rights Management (IRM)
Identity and Access Management Keeping the bad guys out: Active Directory, password managers, biometric devices, etc.
Governance, Risk and Compliance Including tools to assure compliance as well as risk posture
Endpoint Security Started with McAfee anti-virus in 1988; products have grown in sophistication to counter end point threats
Operations Tools to improve efficiency and effectiveness in operations centers including detecting and responding to threats and incidents.
IoT Security The newest category of products focused on securing new Internet connected and managed devices
Managed Security Service Providers (MSSP) Services to manage security of an enterprise and eliminate the need to purchase and manage the other categories of products
Application Security Tools to manage security within the software development lifecycle (SDL)
Security Analytics Tools to support attack and breach detection, including SIEM, IDS, and Breach Detection and Response
Fraud Prevention Fraud can be internal (employee based) or external (customer based). Broad category of defenses including behavior monitoring, user behavior analytics, geolocation, account takeover, etc.
Threat Intelligence Trying to predict attacks before they occur including reputation services, malware analysis, threat actor research and dark web research
Email Security This category includes both endpoint and network protections such as: anti-phishing, anti-spam, encryption, monitoring and auditing, inbound attack prevention, outbound Data Loss Prevention (DLP)
Training Awareness, compliance training, and cyber range practice labs
Deception This takes four forms: honeypots, honey networks, tainted files and deceptive credentials posted on social networks
Testing Automated attack and penetration testing tools

What are the jobs within these types of organization? In a previous interview I discussed security roles with Diedre Diamond, President of CyberSN, a provider of security recruiting services. Their list of 35 security job categories is worth reading . A selection of roles that uniquely applies to the vendor space would include:

  • Account Executive
  • Business Development Representative
  • Security Sales
  • Security Sales Engineer
  • Security Product Manager

These vendors will also have opportunities for roles that are like enterprise roles, such as CISO, Application Security Director, Security Compliance Director, Risk Management Director, etc. The actual job responsibilities at a vendor may be different from the same role in enterprises. Typically, the roles will be more customer focused.

For readers based in Connecticut, I did a survey of security companies based here; these names are taken out of Richard Stiennon’s book. The list is short, but there are some top-notch companies represented here.

Cybersecurity Vendors Located in Connecticut

Name Website Business
Awareness Technologies www.awarenesstechnologies.com Monitoring for home and business
Interguard www.interguardsoftware.com Employee monitoring
Netlib www.netlibsecurity.com Data encryption
Owl Cyber Defense www.owlcyberdefense.com Data diode security products
Polarity www.polarity.io Desktop AR
Protegrity www.protegrity.com Data security
SDG Corporation www.sdgc.com Security services
SecureRF Corporation www.securerf.com IoT Security (now Veridify)
Syferlock www.syferlock.com Authentication solutions
Wymsical www.wymsical.com Authentication solutions
Zorus www.zorustech.com Web site security
Apex Technology www.apextechservices.com Security services and IT services
Kelser Corporation www.kelsercorp.com Managed services and security services

Quinnipiac University’s online MS in Cybersecurity program trains technically proficient security defenders. Learn more about how the MS in Cybersecurity degree can give you the necessary skills to pursue a career in the security vendor space.

References

1Security Yearbook 2020, Richard Stiennon, IT Harvest Press, 2019.

2https://www.cybersn.com/cybersecurity-job-categories

Related Articles