One of Oscar Annaya's first successful hacks, or hacks, was a personal computer that he shared with his older sister when he was an eleven-year-old boy.
"My sister wanted to play a strange game on the computer and she didn't want me to use the device, so she locked it with a password," says Oscar.
Oscar, indifferent, proceeded to turn off the computer and restart it again, which led him to discover the safe mode in the operating system (Windows XP).
It says: "The device allowed me to login and change my password as the PC Administrator".
"When my sister came home, I was baffled and wondered how I could log in."
Skip topics that may interest you and continue reading. Topics that may interest youtopics that may interest you. End
This early hack by Oscar was only the beginning of a winding road to his career as an IT security or cyber security specialist.
The path he took has led him from music producer to security alarm installer to hacker apprentice.
"I always look at things and say to myself: How could someone misuse them?" he says.
"These are the roots from which a hacker starts to figure out how things can work without intent."
As much as Oscar wanted to work in the field of cyber security, he saw it as a dream that would not come true, until he actually started looking for jobs in this field seriously after the insistence of his pregnant wife.
Finally, in 2019, he ended up doing an apprenticeship in cybersecurity at IBM, based in Texas, where he now works full time with Team X - The company's Force Red, as a hardware hacker (designated to intentionally attempt to break into the company's systems and expose vulnerabilities).
Oscar's journey is an example of one of the many diverse paths that could lead to a career in cybersecurity.
It's a high-paying profession, with the average salary for a cybersecurity professional in Europe being around $74,000, according to the US organization that administers the Certified Information Systems Security Professionals (CISSP) exam.
The story of a young man who started his business with less than 500 pounds and makes millions a year
Coronavirus: How do "dark web" thieves and criminals exploit people's fear of the pandemic?
There are still many jobs to fill, although the labor force gap has decreased from four million in 2019 to 3.1 million in 2020, according to the organization.
"The market for this field is massive," says Aida Bird Hill, CEO and founder of Automation Works, a Detroit, Michigan-based reskilling and versatility consulting firm.
"With all the hacking and data breaches and leaks, there is an urgent need for cyber security personnel," she adds.
This sharp demand is beginning to change hiring trends.
"There's been a shift in what employers are looking for," says Claire Russo, CEO of the Information Systems Security Certification Authority International.
"Organizations are facing the reality of the skills gap in cybersecurity, so they are starting to think differently about who they should hire," she adds.
Taboos of Adolescence, hosted by Karima Kouah and prepared by Mais Baqi.
The episodes
The end of the podcast
It starts with a change in mindset that focuses on the idea that technical skills can be taught, but that there are other skills important to cybersecurity professionals that are difficult to teach.
"Things like thinking analytically and critically, solving problems, and being able to work well both as an individual and as a team."
A recent study found that more than half of the individuals entering the cybersecurity profession now come from backgrounds not related to information technology or computer science, says Ross.
Some corporate giants have embraced a shift in their approach to hiring.
"Cybersecurity careers can vary greatly," says Will Rockall, cyber talent leader at Deloitte, a global professional services firm.
Rockal explains that some people have a technical culture and hold certificates, courses and training programs in the field of cybersecurity, but the majority of our employees come from non-technical backgrounds, and we, in turn, focus on developing their talents, as we have a path within the company on how to develop the individual's flexible and technical skills during his professional career.
"It's a broad field, security includes a lot of different things, so there are a lot of different areas where people have transferable skills," he adds.
This sector has changed a lot over the past two decades, says Rockall. "It's not about guys in hats tapping keyboards doing technical work, it's a business job, so you need people with business skills."
Some common career paths from other industries in this sector include people who have previously worked as a penetration tester (ethical hacking), compliance analyst, security consultant, security operations, or threat intelligence analyst.
These paths range in core competencies, from purely technical roles that are a natural fit for someone with an engineering background, to roles that are more operations-focused,” explains Melanie Krueger, vice president of talent for security services provider Red Canary. data and analytics.”
"When considering which path is right for you, I advise you to create a list of the skills you use the most in your current job," she says.
While the cybersecurity labor shortage is not going away anytime soon, experts agree that expanding the pool of candidates to work in this field will be crucial to addressing the shortage.
Paul Farnsworth, chief technology officer of DHI Group, the parent company of high-tech career site Dice, explained: “Now, what that means is pulling people out of other related majors and retraining them or helping colleges improve their training.” To provide better human resources in cyber security.
Companies must be proactive in expanding their talent pool, says Jim Johnson, senior vice president of technology at Robert Half, a national professional staffing firm.
"Companies need to get involved in their communities; with their local schools and networking groups supporting and helping to attract that audience and help create the talent pool."
"Part of that is offering students an internship or a real-world experience, which will help them get more active more quickly."
Heather Ricciotto, Academic and Talent Outreach Officer at IBM Security, says their company realized a few years ago that it could no longer keep looking for employees from the same old traditional sources.
"We couldn't keep trying to hire people with bachelor's and master's degrees from top universities. We knew we had to start looking for talent in non-traditional pools."
"We have hired people with high school or college degrees, boot camp graduates, people with free online training, self-taught without any certification, and people who have taken vocational training programs."
"There are too many vacancies in cybersecurity all over the world, and we can't fill them all with university graduates. There are not enough people who graduate with suitable skills to fill all the vacancies."
Diversity will also play an important role in expanding the group further and bridging the skills gap as well.
"Diversity is very important," Rockall says. "We're not about solving a single problem that has a single answer. We work in a dynamically evolving environment where hackers are trying to find different ways to harm our customers."
"It's really important that we have diverse ideas and a diverse approach to think of new ways to fight this."
