DEV Community: infosec-jobs.com

Can you become an Ethical Hacker without a degree?

infosec-jobs.com — Thu, 23 Nov 2023 17:09:22 +0000

Yes, it is possible to become an Ethical Hacker without a degree. While a degree can provide a solid foundation in cybersecurity and may be beneficial for certain career paths, it is not a strict requirement in the field of Ethical Hacking. In fact, many successful Ethical Hackers have built their careers through self-study, practical experience, and industry certifications.

How to achieve this career goal without a degree:

Self-Study: Start by gaining a strong understanding of computer networks, operating systems, programming languages, and security concepts. There are numerous online resources, books, and tutorials available to help you learn these topics. Some recommended areas of study include networking protocols, web application security, cryptography, and penetration testing techniques.
Hands-on Experience: Practical experience is crucial in the field of Ethical Hacking. Set up a lab environment using virtual machines or dedicated hardware to practice hacking techniques and experiment with different tools. Capture the Flag (CTF) challenges and bug bounty programs can also provide valuable hands-on experience.
Industry Certifications: Earning industry-recognized certifications can help validate your skills and knowledge. Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and Certified Information Systems Security Professional (CISSP) are highly regarded in the industry. These certifications demonstrate your expertise and can enhance your career prospects.
Networking and Community Involvement: Engage with the cybersecurity community by attending conferences, joining online forums, participating in local meetups, and connecting with professionals in the field. Networking can provide opportunities for mentorship, collaboration, and job referrals.

Hacks and Advice:

Build a strong foundation: Focus on understanding the fundamentals of cybersecurity, as this knowledge will serve as the basis for your career growth. Continuously update your skills and stay informed about the latest trends and threats in the industry.
Practice, practice, practice: Ethical Hacking is a hands-on field, so make sure to spend ample time practicing your skills in a controlled environment. This will help you develop critical thinking, problem-solving, and technical abilities.
Contribute to open-source projects: Contributing to open-source projects can showcase your skills to potential employers and help you gain recognition within the cybersecurity community. It also provides an opportunity to collaborate with experienced professionals and learn from their expertise.
Stay ethical and legal: As an Ethical Hacker, it is crucial to adhere to ethical guidelines and legal boundaries. Obtain proper authorization before conducting any security assessments or penetration tests, and always respect the privacy and confidentiality of others.

Potential difficulties and benefits:

One potential difficulty of pursuing a career in Ethical Hacking without a degree is the initial lack of formal credentials. Some employers may prioritize candidates with degrees, especially for entry-level positions. However, this can be overcome by gaining practical experience, earning industry certifications, and showcasing your skills through personal projects and contributions to the cybersecurity community.

The benefits of pursuing a career in Ethical Hacking without a degree include the ability to focus on practical skills and hands-on experience, rather than spending time and money on a formal education. This can lead to a faster entry into the field and the opportunity to specialize in specific areas of interest. Additionally, the field of Ethical Hacking is in high demand, with a shortage of skilled professionals, which can provide ample job opportunities and potential for career growth.

Differences to a conventional or academic path:

Choosing a non-conventional path to become an Ethical Hacker allows you to focus on practical skills and gain real-world experience. While a conventional academic path may provide a broader understanding of cybersecurity concepts, a self-taught approach can offer more specialized knowledge and hands-on expertise.

Additionally, a non-academic path may require more effort in terms of self-study, continuous learning, and networking to establish credibility and build a professional network. However, the flexibility and agility of a non-conventional path can allow you to adapt quickly to the rapidly evolving field of cybersecurity.

Ultimately, whether you choose a conventional or non-conventional path, the key to success in Ethical Hacking lies in continuous learning, practical experience, and a passion for cybersecurity.

This post first appeared on infosec-jobs.com - Can you become an Ethical Hacker without a degree?

Cyber Security Analyst vs. Cyber Security Specialist

infosec-jobs.com — Wed, 22 Nov 2023 20:12:08 +0000

Cybersecurity professionals are in high demand, and two of the most common roles in this field are Cyber Security Analyst and Cyber Security Specialist. While both roles involve protecting organizations from cyber threats, they have distinct differences in terms of responsibilities, required skills, and educational backgrounds. In this article, we will compare and contrast these two roles to help you determine which one is right for you.

Definitions

A Cyber Security Analyst is responsible for monitoring computer networks for security breaches, investigating security incidents, and installing security measures to protect computer systems and networks. They also analyze security risks and develop strategies to mitigate them.

On the other hand, a Cyber Security Specialist is responsible for designing, implementing, and maintaining security solutions to protect computer systems and networks. They work closely with other IT professionals to ensure that security measures are integrated into every aspect of an organization's technology infrastructure.

Responsibilities

The responsibilities of a Cyber Security Analyst include:

Monitoring computer networks for security breaches
Investigating security incidents and determining the cause of the breach
Installing and configuring security measures, such as Firewalls and Intrusion detection systems
Developing and implementing security policies and procedures
Conducting security Audits and risk assessments
Providing training to employees on security best practices

The responsibilities of a Cyber Security Specialist include:

Designing, implementing, and maintaining security solutions, such as firewalls, intrusion detection systems, and Encryption systems
Conducting vulnerability assessments and penetration testing
Developing security policies and procedures
Providing guidance to other IT professionals on security best practices
Investigating security incidents and determining the cause of the breach
Staying up-to-date with the latest security threats and technologies

Required Skills

The required skills for a Cyber Security Analyst include:

Knowledge of security protocols and standards, such as SSL/TLS, IPsec, and DNSSEC
Familiarity with security tools and software, such as Firewalls, intrusion detection systems, and antivirus software
Strong analytical and problem-solving skills
Excellent communication and interpersonal skills
Ability to work well under pressure and meet deadlines
Strong attention to detail

The required skills for a Cyber Security Specialist include:

Knowledge of security protocols and standards, such as SSL/TLS, IPsec, and DNSSEC
Familiarity with security tools and software, such as firewalls, intrusion detection systems, and Encryption software
Strong analytical and problem-solving skills
Excellent communication and interpersonal skills
Ability to work well in a team environment
Strong attention to detail

Educational Background

A Cyber Security Analyst typically needs a bachelor's degree in Computer Science, information technology, or a related field. Some employers may also require a master's degree in cybersecurity or a related field. In addition, many Cyber Security Analysts hold certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH).

A Cyber Security Specialist typically needs a bachelor's degree in computer science, information technology, or a related field. Some employers may also require a master's degree in cybersecurity or a related field. In addition, many Cyber Security Specialists hold certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM).

Tools and Software Used

Both Cyber Security Analysts and Cyber Security Specialists use a variety of tools and software to protect computer systems and networks. Some of the most common tools and software include:

Firewalls
Intrusion detection Systems
Antivirus and Anti-Malware software
Encryption software
Vulnerability Scanners
Penetration Testing Tools

Common Industries

Cyber Security Analysts and Cyber Security Specialists are needed in a variety of industries, including:

Government
Healthcare
Finance
Retail
Technology
Education

Outlook

The outlook for both Cyber Security Analysts and Cyber Security Specialists is positive, with job growth expected to be much faster than average. According to the Bureau of Labor Statistics, employment of information security analysts is projected to grow 31 percent from 2019 to 2029, much faster than the average for all occupations.

Practical Tips for Getting Started

If you are interested in a career in cybersecurity, here are some practical tips to help you get started:

Obtain a degree in Computer Science, information technology, or a related field
Gain experience through internships or entry-level positions
Obtain certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH)
Stay up-to-date with the latest security threats and technologies by attending conferences and networking with other cybersecurity professionals

In conclusion, both Cyber Security Analysts and Cyber Security Specialists play important roles in protecting organizations from cyber threats. While there are some differences in terms of responsibilities, required skills, and educational backgrounds, both roles require a strong understanding of security protocols and standards, as well as familiarity with security tools and software. By following the practical tips outlined in this article, you can start your career in cybersecurity and help protect organizations from cyber threats.

Cyber Security Analyst vs. Cyber Security Consultant

infosec-jobs.com — Tue, 14 Nov 2023 09:24:44 +0000

Cybersecurity is a rapidly growing field, with an increasing demand for professionals who can protect organizations from cyber threats. Two popular career paths in the cybersecurity industry are the Cybersecurity Analyst and Cybersecurity Consultant roles. While both roles involve protecting organizations from cyber threats, there are significant differences between them. In this article, we will explore the differences between these two roles, including their definitions, responsibilities, required skills, educational backgrounds, tools and software used, common industries, outlooks, and practical tips for getting started in these careers.

Definitions

A Cybersecurity Analyst is responsible for protecting an organization's systems and networks from cyber threats. They analyze security data and monitor network activity to identify potential security threats. They also develop and implement security policies and procedures to protect an organization's systems and networks from cyber-attacks.

A Cybersecurity Consultant, on the other hand, is responsible for providing cybersecurity advice and guidance to organizations. They assess an organization's cybersecurity posture, identify Vulnerabilities and potential risks, and provide recommendations for improving cybersecurity. They also develop and implement cybersecurity strategies and policies to protect an organization's systems and networks from cyber-attacks.

Responsibilities

The responsibilities of a Cybersecurity Analyst include:

Analyzing security data and Monitoring network activity to identify potential security threats
Developing and implementing security policies and procedures to protect an organization's systems and networks from cyber-attacks
Conducting vulnerability assessments and penetration testing to identify security weaknesses
Responding to security incidents and providing Incident response support
Providing training and awareness to employees on cybersecurity best practices

The responsibilities of a Cybersecurity Consultant include:

Assessing an organization's cybersecurity posture and identifying Vulnerabilities and potential risks
Providing recommendations for improving cybersecurity and developing and implementing cybersecurity strategies and policies
Conducting risk assessments and providing Risk management advice
Developing and delivering cybersecurity training and awareness programs
Providing Incident response support and conducting forensic investigations

Required Skills

The skills required for a Cybersecurity Analyst include:

Strong knowledge of cybersecurity principles and practices
Knowledge of security technologies such as Firewalls, Intrusion detection and prevention systems, and antivirus software
Knowledge of networking and Network security
Experience with security information and event management (SIEM) tools
Understanding of Vulnerability management and penetration testing
Strong analytical and problem-solving skills

The skills required for a Cybersecurity Consultant include:

Strong knowledge of cybersecurity principles and practices
Knowledge of security technologies such as Firewalls, intrusion detection and prevention systems, and antivirus software
Knowledge of risk management and Compliance frameworks
Experience with security assessments and Audits
Strong communication and interpersonal skills
Strong analytical and problem-solving skills

Educational Background

The educational background required for a Cybersecurity Analyst typically includes a bachelor's degree in Computer Science, Information Technology, or a related field. A Cybersecurity Analyst may also hold certifications such as Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH).

The educational background required for a Cybersecurity Consultant typically includes a bachelor's degree in Computer Science, Information Technology, or a related field. A Cybersecurity Consultant may also hold certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).

Tools and Software Used

The tools and software used by a Cybersecurity Analyst include:

Security Information and Event Management (SIEM) tools such as Splunk and ArcSight
Network security tools such as firewalls, Intrusion detection and prevention systems, and antivirus software
Vulnerability scanners such as Nessus and Qualys
Penetration testing tools such as Metasploit and Nmap

The tools and software used by a Cybersecurity Consultant include:

Risk management tools such as RSAArcher and OpenFAIR
Compliance frameworks such as ISO 27001 and NIST Cybersecurity Framework
Security assessment tools such as Qualys and Rapid7
Forensic investigation tools such as EnCase and FTK

Common Industries

Both Cybersecurity Analysts and Cybersecurity Consultants work in a variety of industries, including:

Healthcare
Finance
Technology
Government
Retail
Manufacturing

Outlooks

The outlook for both Cybersecurity Analysts and Cybersecurity Consultants is positive, with significant demand for both roles. According to the Bureau of Labor Statistics, employment of information security analysts is projected to grow 31 percent from 2019 to 2029, much faster than the average for all occupations. The demand for Cybersecurity Consultants is also increasing, with a growing number of organizations seeking their services to help protect against cyber threats.

Practical Tips for Getting Started

If you are interested in pursuing a career as a Cybersecurity Analyst or Cybersecurity Consultant, here are some practical tips to get started:

Obtain a bachelor's degree in Computer Science, Information Technology, or a related field.
Obtain relevant certifications such as CISSP, CEH, CISM, or CISA.
Gain experience through internships or entry-level positions in the cybersecurity industry.
Develop strong analytical and problem-solving skills.
Stay up-to-date with the latest cybersecurity trends and technologies.

Conclusion

In conclusion, both Cybersecurity Analysts and Cybersecurity Consultants play critical roles in protecting organizations from cyber threats. While both roles require a strong knowledge of cybersecurity principles and practices, there are significant differences in their responsibilities, required skills, educational backgrounds, tools and software used, and common industries. By understanding the differences between these two roles, you can make an informed decision about which career path is right for you.

How we enhanced our jobseeker user experience on infosec-jobs.com with og:screen

infosec-jobs.com — Sun, 23 Jul 2023 16:01:14 +0000

In the domain of job boards, the user interface and user experience play a crucial role in attracting and retaining job seekers. With the goal of improving these aspects, we decided to integrate og:screen to generate efficient Open Graph screenshots for websites.

Previously, links shared from the site displayed either the company's logo or no image at all. This was not ideal as it did not provide much visual information about the linked resource. To rectify this, we decided to utilize og:screen to create informative and visually appealing preview images for their links.

These where the requirements for implementation:

Create square-ish images for job ads with the main job info shown prominently, to be shared primarily on Twitter and LinkedIn.
Create wide preview images for company pages.
Display essential information in preview/card images instead of just company logos or no images at all.
Utilize the og:screen delete_after setting to delete outdated job ad images and refresh company page images after 60 and 14 days, respectively.

Implementation

As the website is built with the Django framework, the implementation involved changes to the Django views and templates.

Job Ad Images

The first step was to set up og:screen to generate almost square images for the job ads. we used the Filter string value with "/job/" to apply these settings specifically to job ads. To achieve this, we configured the width and height settings on og:screen's platform:

In Django, we created a view that uses Django's build_absolute_uri request method to get the absolute URL of the page. This URL is then encoded into a base64 URL-safe string, which is included in the og:screen image URL.

Here is a simplified example of how we did this:

from django.views import View
import base64

class JobAdView(View):
    def get(self, request, *args, **kwargs):
        job_page_url = request.build_absolute_uri()
        encoded_url = base64.urlsafe_b64encode(job_page_url.encode()).decode()

        context = {'encoded_url': encoded_url}
        return render(request, 'job_ad.html', context)

In the HTML template, we used the encoded_url to create the og:image and twitter:image tags:

<meta property="og:image" content="https://ogscreen.com/img/{{ encoded_url }}.png">
<meta name="twitter:image" content="https://ogscreen.com/img/{{ encoded_url }}.png">

This is an example of what a generated job ad image looks like (getting the responsive mobile view of the site due to the smaller Window width setting):

Company Page Images

The process for the company pages was similar to the job ads. However, the Filter string value used was "/jobs-ad-", and the Window width and Window height settings for the site were adjusted to create wider images:

The Django view and HTML changes were similar to the job ads, replacing job_page_url with company_page_url.

Here is an example of how a generated company page image looks like:

Automatic Deletion of Outdated Images

To ensure that the images were always up-to-date, we utilized og:screen's Delete after setting. We set it to 60 days for job ad images and 14 days for company page images. This meant that outdated images were automatically deleted and refreshed with current information.

Results and Benefits

The integration of og:screen brought significant improvements to the job platform. The preview images now displayed essential information about the job ad or company page, making the shared links more informative and appealing. This led to a higher click-through rate and a better user experience.

While the initial technical integration required some effort, it resulted in a fully automated process for creating and updating the images, saving time and resources.

Overall, the use of og:screen has proven to be a successful move by us, enhancing the visual appeal of their shared links and improving their overall social media presence.

We added a few new job categories

infosec-jobs.com — Sat, 06 Aug 2022 15:25:30 +0000

We’ve added three new job categories to our site by which jobs can be filtered now from the top of the search form. We provide these categories to allow a quick entry to the most popular categories when looking for jobs in the InfoSec/Cybersecurity space on our platform.

Here are the new categories we introduced:

Admin

A shortcut for jobs like “IT security administrator” and anything related to tech-related administrative tasks which require a strong security background.

See new open roles in the InfoSec Admin category here.

Compliance

This category contains all jobs that deal with governance, risk and compliance topics as often defined by regulatory and legal frameworks.

See new open roles in the InfoSec Compliance category here.

DevSecOps

Similar to the admin jobs this one is related to DevOps roles with a focus on Security within the DevOps scope (and sometimes beyond).

See new open roles in the DevSecOps category here.

We hope this helps you getting quicker access to the roles in your domain of expertise and that you’re looking for. Happy job hunting!

InfoSec jobs at remote-first companies

infosec-jobs.com — Mon, 13 Jun 2022 07:26:44 +0000

The ratio of remote jobs on our site during May this year was about 36.3% of all job openings published, compared to 31% during the same month in 2021. That’s quite an increase and a clear sign that remote working is here to stay and becoming quite common for at least one third of applicants that find their new role in the Cyber Security space through our site.

Now there are different kinds of companies out there that hire remotely. For example the ones that have been forced to go remote during the past two years for obvious reasons. Many of them now seem to adapt a hybrid working model with some time remote and some time on-site/in the office. Others already had some staff working remotely before the pandemic, mostly engineers, developers or contractors. And then there are companies that have either been fully remote since their inception or simply canceled their office lease within the last year or two, sent everyone home and never looked back.

The latter is what we commonly refer to as remote-first companies. Many are 100% remote, so they don’t even have a real office anywhere, and all employees are free to chose where to work from, although often within timezone or country restrictions. Some still maintain office space somewhere but consider being physically present optional – hence the term remote-first.

New remote-first attribute for employers

We wanted to take the growing presence of these companies on our plattform into account and added a remote-first label to make it a little easier to spot them. By scanning job descriptions for indicators of a remote-first employer we now have a list of remote-first companies that are hiring in the Cybersecurity space: https://infosec-jobs.com/remote-companies/

This list also includes companies that are partially remote-first with only a division or some teams (e.g. dev teams) being fully remote and the rest maybe not so much. But usually the jobs listed on our platform are part of their fully remote team and embedded in a remote-first environment.

A ‘Remote-first’ badge also appears on a company page for those that promote themselves as a remote-first company or 100% remote team, etc. in their job ads.

We’re also considering adding a search filter for this attribute so looking for jobs at these companies could become a little easier in the future. Until then, stay tuned!

Country search and short URLs for jobs

infosec-jobs.com — Wed, 06 Apr 2022 12:50:26 +0000

Here comes another quick update on some recent changes to our job site. We’re trying to move forward much faster these days and still have tons of features and especially improvememts in the pipeline. Enjoy!

Search by country

Some are looking for Cybersecurity-related jobs in another region or country, others are tied to where they’re are at the moment or the near future. Either way, to make the situation a bit easier for both we implemented a way to go a little more local with the job search. Now it is possible to select a country to search in, and display or filter all listings in the particular country exclusively.

You can find a complete overview of all countries with jobs available via https://infosec-jobs.com/countries/

This feature also translates directly into the settings for job emails. So you can subscribe to job alerts than only get triggered when your criteria where hit for a certain country.

We hope this helps narrow down some job searches a bit and get more precise results quicker.

Short urls for better sharing

We finally introduced a shorter URL version for job ads. The standard URLs generated from the job title can become quite large quickly. Because of this there’s now a way to get a short URL which contains just the ID of the ad, which is enough to get to the same job offer.

This is very practical when sharing the link of an ad or posting it on social media – it frees up quite a lot of characters compared to the full length version.

Check out the ‘Copy & share’ button in the bottom of every job ad. When you push that button a short link to the job listing shown is beeing copied to your local clipboard ready to share it wherever you like.

That’s already it for this time. Thanks for stopping by and see you soon again 😉

Recent upgrades to our job site

infosec-jobs.com — Tue, 15 Feb 2022 05:57:51 +0000

We’d like to give a little overview of a few recent changes we introduced to make the hiring and job seeking experience on our cyber security hiring platform more pleasant and efficient. We aim to bring together as many qualified candidates with great companies as possible, all while keeping things simple and without getting in the way too much. We hope with the following added and revised features we’re getting a bit closer to that goal:

Perks display in the job list view

Not so long ago we started parsing job descriptions for the perks and benefits mentioned in them. This we think can be useful to give a preview into what to expect in terms of benefits that come along with the new role. We added the perks and benefits display to the job list view and it’s active by default. You can hide it via the settings below if you don’t need this info right away.

‘Quick apply’ and ‘Apply later’ buttons in the job list view

This comes in handy if you’re already hooked by a job ad from the information in the list view or have seen the description before and came back to apply for it. Here you can click through to the employers ATS/job application page or email address (opens in your email client) to start your application for the role.

One of our goals is also to not intercept the hiring flow and to route applicants to their potential new employers directly. No signup or other kind of obstacles here from our side (compared to many other platforms nowadays).

Salary display in job list view

Now the most interesting part for many, probably. We’re working hard on getting salaries included in most if not all job listings. Quite difficult as many employers still didn’t get the memo that it’s already illegal not to do so in some states and countries as well as it’s actually reducing their talent pool more and more by not being transparent.

So where there’s salary info available for a position we display it in the list view by default. This can also be modified with the settings below. We’re planning on showing a salary range as guidance for listings that don’t have it, but where we know what it should be like thanks to our side project over at salaries.infosec-jobs.com (please take the survey if you haven’t done so yet!).

Revised list display settings

Last but not least, and part of it has already been there for a longer period of time, you can now better influence how job ads appear in the search list. So if you don’t like all the extra info like tags, perks, quick buttons etc. – you can strip it all down and get a compact list with just the essentials for each list item.

Check out the cogs button on the right hand side besides the region filter where you can enable or disable the display of infos or features like the job tags, perks or the direct apply and job marks buttons.

More to come

That’s it for now. But there’s more to come soon as we’re working hard on a bunch of interesting stuff right now, some of it almost finished and ready to be released. So stay tuned!

The post Recent upgrades to our job site appeared first on infosec-jobs.com Insights.

A first update on our salary survey

infosec-jobs.com — Fri, 01 Oct 2021 14:47:41 +0000

🎉 We have a little update on our salary survey which we launched roughly three months ago (check out https://salaries.infosec-jobs.com/ if you haven’t yet) and needless to say we’re still pretty excited about it.

About four weeks after the launch we enabled the download feature on the site so everyone can get the latest dataset in JSON and CSV format. Furthermore there’s now a weekly sync of these results to a dedicated github repo as well.

As initially announced, but not yet implemented during that time, we built our own FX data API to provide free and public currency data (yes, you can use it as well if you like!) for the Forex calculations taking place on the dataset in the salary_in_usd column. This is because we allow people to fill in their annual salary in their home or actually paid out currency and then do the work for you to translate that into its corresponding USD amount (yearly average) for better comparability/reference, with data provided by the Bank for International Settlements (🏦 the bank for the central banks, basically).

Well, it’s always fascinating how much effort can go into something seemingly simple like a salary survey (hint: way more than you anticipated). But still, it looks like it’s worth the effort.

We also put in some more descriptive information on the download page about what each column in the dataset represents or how to interpret it. Should be pretty straight forward by now, and hopefull very easy to work with.

Now the plan is to keep this site up there indefinitely for the future to collect remote work salary information year by year on an ongoing basis. With this in mind it should be a good reason now to share this with your colleagues and friends if you haven’t done so yet. 😉

It’ll be very interesting to see how much data we can gather in the long term, and also keep in mind that all this is in the public domain (though mentioning the data came from us would be nice and also increases the amount of data available to share). Meaning it’s free to use by anyone for anything. 🙂

Last but not least: Many thanks to all of you who filled out the survey form and shared the site with others. That’s pretty awesome! 💪

This post appeared first on https://insights.infosec-jobs.com/a-first-update-on-our-salary-survey/

Share your salary and see what everyone else is making in InfoSec / the Cyber Security space

infosec-jobs.com — Tue, 27 Jul 2021 06:33:03 +0000

We were wondering quite recently what the global salary landscape in the InfoSec world would look like. Searching around for some data provided few results and basically all of them didn’t provide a full dataset for us to play around with and use freely.

So we decided to set up our own survey, ask the global InfoSec scene what they’re making anually, and then release all the data for free afterwards in the public domain under CC0 license terms. Which literally means global salary data from the public, for the public.

We went on quickly by defining some generalized attributes that would make a really simplistic survey everyone can fill it out in under a minute and don’t have to think too hard while doing it, but would still provide as much valuable information as possible so you can derive real insights from it. All of this in an anonymized fashion, of course. We don’t like touching PII anyways – not really our business 😉.

It took almost two weeks of deliberations about what to ask for – yeah it gets quite difficult when you start thinking about what makes sense and trying not to mess it up completely – and in roughly a weekend our little salaries app (Django + SQLite are your friends, yay) was built and ready to launch.

🎉 Released a few days ago you can check (and fill) it out here: https://salaries.infosec-jobs.com/

As soon as we have a little valid dataset and solved some open issues along the way (noticed we provide a selection of the 30 most used currencies in global trade? Probably some averaged conversion into USD for all non-USD salaries would be nice having added to the data as well 🤔) we’ll release a first dump of the data here.

In the end we think it would be great if we can manage to create a sort of rolling survey throughout the year with a constantly updated dataset that everyone can use as they wish – candidates, recruiters, hr departments, startup founders, data scientists, you name it…

We made everything a select/choice field to avoid free-form input in general, except for the salary value of course. The job titles are the ones that are popular on our InfoSec job board, just to stay real and not list decades old jobs that practially don’t mean anything and aren’t even hired for anymore. We provide an open API for this too (see https://infosec-jobs.com/api/list-job-titles/).

If you like the idea and want to help us to gather a free and open database of InfoSec / Cyber Security salary information, feel free to share this survey with anyone who likes to fill out salary surveys – just kidding – the more data the better obviously 😉

This post appeared first on https://insights.infosec-jobs.com/share-your-salary-and-see-what-everyone-else-is-making-in-infosec-the-cyber-security-space/

The 10 most in-demand roles in the Information Security domain

infosec-jobs.com — Fri, 16 Jul 2021 06:16:46 +0000

We thought it would be interesting to go deeper into the analytics part of running our InfoSec job board – in the most privacy focused way for our users, of course. So here we are now starting to expose some of our aggregated internal job data in a systematic fashion through a simple REST API with a list of generalized job titles that are posted on infosec-jobs.com.

The cool thing with this is that we are able to see what’s popular in terms of the roles employers are hiring for most often in the Cyber Security space.

Our “methodology” here is quite simple: we’re primarily counting the occurence of job titles over the last 12 months, cleaned and adjusted for certain specialties that some companies like to do, e.g. inventing their own stuff that’s not being used by anyone else or adding crazy super-specific details to a vacancy title and so on. We also left out many titles with indicators regarding seniority or other requirements as we already have dedicated attributes for these. More on that probably in a future post.

So here it is, our current (as of June 2021) top list of the ten roles in Information Security with the highest demand from employers on our site:

Security Engineer
Application Security Engineer
DevSecOps Engineer
Cloud Security Architect
Cloud Security Engineer
Information Security Engineer
Cyber Security Analyst
Product Security Engineer
Information Security Manager
Security Analyst

If your interested in the raw JSON data you can find the endpoint here: https://infosec-jobs.com/api/list-job-titles/

The results there are updated every 6 hours, although it won’t really change that much anytime soon. And if it does we’ll maybe write about it 😉

We also use all the job titles from that list for our brand new salaries survey to have a “standardized” selection of positions to choose from and attach salaries to. You can check out the survey – and the resulting dataset being released in the public domain – here: https://salaries.infosec-jobs.com/

This post appeared first on https://insights.infosec-jobs.com/the-10-most-in-demand-roles-in-the-information-security-domain/