In recent years cybersecurity has become an increasingly significant industry, both in South Africa and abroad. The pandemic and subsequent hybrid working environment mean organisations across the business spectrum are taking security more seriously, and the ever-evolving threat landscape means cybersecurity skills need constant refinement.
While these constant changes bring with it concerns, when it comes to job opportunities, there may not be a better time to get involved with this industry. That said it is not easy, as the usual internship or leadership route does not always apply to this sector. Coupled with record unemployment in South Africa, and getting a job in cybersecurity is difficult.
To offer a bit more insight in how best to approach getting a job in cybersecurity locally, we recently spoke with Emmanuel Tzingakis, technical lead for Sub-Saharan Africa at security specialists Trend Micro.
We asked about his own unusual journey into the cybersecurity industry, what qualifications are needed to start down this career path, as well as some institutions where people should consider studying.
Here’s what he had to say.
Hypertext: We were hoping you could share how you got into the cybersecurity industry, because it wasn’t the “traditional” path that people take?
Emmanuel Tzingakis: I started my career off as a policeman. I was a detective in the South African Police Service for eight years. At the time I was not earning a great salary, and the job carried a lot of risk. Being young and wanting to start a family, that job was not conducive to the safety I was looking for, so I started searching for a new job.
I started to study IT, my brother studied it too at Technicon, but I never studied it before, and never knew how a computer worked. I needed a new profession, however, to get out of the police and that was the one I chose.
My brother showed me how a computer worked, and I took to it like a duck to water. I studied at nights while working a job, but my biggest challenge then was experience, which I truly lacked. So I approached IT companies saying that I would work them on evenings and weekends for free. I did not get a salary, my salary was the experience I gained.
That created a few opportunities and doors for me, and that’s how I got my first break in this industry.
Hypertext: That is quite the transition. What does a more traditional career path for a job in cybersecurity look like?
ET: A number of universities offer a computer science degree, and quite a few are starting to integrate into their curriculum. I also know that some universities are developing specialist cybersecurity degrees.
That said, and I’m not saying this deter people from heading to university, but there are other ways to get cyber security savvy.
There are a lot of organisations out there like ISACA and ISC2 that offer qualifications such as CISM (Certified Information Security Manager) and CISSP (Certified Information Systems Security Professional). There are fundamental cybersecurity courses that you can do online at you own pace, or you can join different training organisations’ online courses too.
So if you cannot afford to go to university, or perhaps don’t have the exceptions get into university, these institutions are not the be all and end all of cybersecurity.
I would recommend that even if you are studying at university, you look to get the certifications like CISSP.
Hypertext: Does that mean that a university degree is not more weighted that a certification?
ET: I would not say that a university holds no value, they definitely do, but I think where a lot of people go wrong is in specialisation. Unfortunately cybersecurity can be very specialised, but qualifications like CISSP, CISM, and Security+ give you an understanding of what security is and what the different domains are.
These range from risk management, to business continuity, to development. Those are some of the things that you don’t always learn at university, and courses like that do help.
Hypertext: You’ve mentioned those three qualifications before. What do each teach you about cybersecurity?
ET: So Security+ (Plus) is kind of your entry-level certification, which you can get from places like CompTIA.
ISACA for example offers a whole range of certifications, starting from your fundamentals all the way to cybersecurity management, compliance, risk.
Then CISSP, which is done through ISC2, and they specialise in looking at cybersecurity from a framework perspective as apposed to solution-based. This is important as it looks at implementing cybersecurity from a solutions, processes, and people point of view.
Many people, when they talk about cybersecurity, they talk about it from solutions, because that’s all they know, but that’s only one aspect or experience.
That’s why it’s important to have a broad understanding when you’re looking at cybersecurity. Understand the technology, understand the processes, and understand the people.
Hypertext: Looking at things from the Trend Micro perspective, how does it address hiring or training recent graduates or newcomers?
ET: For more senior roles, Trend Micro usually looks at experience, but we do have an associate/internship program that we run.
In the Africa region we put out the call for applicants, which we then shortlist, interview, and vet as we as a company deal with cybersecurity.
Then up to 20 people are chosen to go through an intensive three-month certification program working on not only Trend Micro products, but the likes of AWS, Azure, and others. They also work in a number of different business units in the company.
From those 20, we pick nine for the different regions we operate, who will then go on to be assigned as associates and experience different niche areas of cybersecurity.
Trend Micro then grooms them based on the area they show most interest in, and once the program is complete, look to hire them full-time or place at one of our partners.
[Image – Photo by Clem Onojeghuo on Unsplash]
