Exploring a Career in Cybersecurity? Check out this Q&A with Mike Chapple.

Cybersecurity is in the news daily, and the demand for skilled security professionals has never been greater. According to the 2017 Jobs Report from Cybersecurity Ventures, the unemployment rate is currently at 0%, and cybercrime will more than triple the number of job openings over the next five years.

If you've been thinking about exploring a career in cybersecurity, the time has never been better. But it can be tricky to know where to start. I've invited LinkedIn Learning instructor Mike Chapple to weigh in on some of the questions that I hear most regularly, including his thoughts on the value of certifications and the necessity of having a technical background.

Q: How did you get your start in cybersecurity?

Mike Chapple: It all started when I was an undergraduate studying computer science and had the opportunity to read a book called Practical Unix Security by Gene Spafford and Simson Garfinkel. Cybersecurity was a pretty obscure field back in the early 1990s, but I was hooked. It fascinated me and I went on to study it in graduate school and build a career in the fledgling field. I spent a few years as an information security researcher at the National Security Agency, then worked in private industry for a while, and have been in academia for the past 12 years.

Q: You’ve been in the field for 20 years. What are some of the biggest changes you’ve seen during this time?

MC: The most noticeable change is that our obscure field is now a household term! When I began in the field, "normal people" had no idea that it even existed. Now cybersecurity incidents regularly make headlines and the general public is much more security-conscious than a decade ago. That's a great thing for cybersecurity professionals because our jobs are easier. We no longer have to convince people that cybersecurity is a real business issue. We just need to help them understand how to keep themselves and their organizations safe.

Q: Let’s talk about certifications. How much do they matter in the security field? 

MC: Certifications are important to individuals as they're building their careers for a number of reasons. First, they're often a requirement for many jobs. It's hard to imagine someone hiring a CISO who doesn't have a CISSP certification. It's basically the ticket to entry for senior positions in our field. There are many government positions that also require a series of security certifications. Second, even if they aren't an explicit requirement, certifications send a signal to potential employers that you're serious about your profession and are committed to the world of cybersecurity. It takes commitment and dedication to pursue a certification and you need to learn things that are outside your normal scope of work. Earning a certification shows that you're serious about your career.

Q: Which certifications are most important in security right now? What certs do you anticipate will increase in demand?

MC: There are really two different categories of certification out there. There are broad cybersecurity certifications, such as the Security+ and Certified Information Systems Security Professional (CISSP) certifications that demonstrate a broad knowledge of the field. You can think of them as similar to the CPA credential for accountants. Then there are more specialized, technical certifications, such as the Cybersecurity Analyst+ and Certified Ethical Hacker certifications. Those show technical depth and specialization. I think we'll see both categories continue to increase in demand as our field continues to grow.

Q: As we know, there are many unfilled positions in cybersecurity and this skills gap is anticipated to continue through 2021. What are some ways to address the skills gap?

MC: The skills gap is real.  While most of the country is facing an increasingly tight job market, the United States Bureau of Labor Statistics projects incredible job growth of 18% through 2024 for the information security field. That’s 50% higher than computing jobs in general and more than double the job growth rate across all fields. If we're going to meet this demand, we need to bring many more people into cybersecurity over the next few years. That's going to require significant investments in training and professional development.

Q: We’re seeing people come into cybersecurity with a multi-disciplinary or non-technical background. What are some advantages and disadvantages to this?

MC: Cybersecurity attracts many different kinds of individuals and, in my opinion, those who have a well-rounded background tend to succeed quite often. In particular, individuals with experience in other areas of IT bring a wealth of knowledge that will be critical to their success in security. There's a reason that cybersecurity certifications are so broad in scope. To succeed in our field, you need to understand the entire stack. You need knowledge of networking, web applications, databases, operating systems, cryptography, and many other technologies.

About Mike Chapple:

Mike Chapple is senior director for IT service delivery at the University of Notre Dame.In this role, he oversees the information security, IT architecture, project management, strategic planning, and IT compliance functions for the Office of Information Technologies. Mike also serves as an assistant professor in the university's Computer Applications department, where he teaches an undergraduate course on information security.

Feedback? Plus a free course!

If you'd like to weigh in on these questions, please add your contributions to the comments section. And for more from Mike, check out his course, Insights from a Cybersecurity Professional, on LinkedIn Learning. It's free for the next two weeks.