In a BostInno article late last year, Glasswing Ventures co-founder and managing partner Rick Grinnell predicted the Boston area would continue to thrive as a cybersecurity hub. It has, and will continue to do so in 2018 and beyond.
The region’s status as a security innovation hotbed is certainly no new phenomenon. Drive through Boston and Cambridge, then up and down Interstate 93 and Route 128, and you’ll see close to a dozen such companies. My company, Sophos, has an office on the Burlington stretch of 128.
The reason is simple: Boston is home to such revered institutions as MIT and Harvard, and companies are eager to tap into those talent pools. Boston’s status as a center of gravity will continue to accelerate as more successful cyber companies call Boston home in the next five years.
For those preparing to graduate college and enter the workforce, the security industry is an exciting draw. It’s all the more so when there are so many local companies to choose from.
But proximity doesn’t ensure success. Those clamoring for a career in security must be prepared to compete with legions of other applicants. To that end, here’s some advice:
Know the company
Review the history and current status of the companies you’re applying to. Research the problems the company is designed to solve and who its competitors are. Is the company developing a feature or a business? Is it global or Boston-based only? Is the company acquiring others, or setting itself up to be sold? The more you know, the better you can position yourself as a future employee there.
Show how you stand out
It’s not enough to show a basic understanding of security software, attack techniques and trends in the threat landscape. You need to articulate what you bring to the table. The company you’ve applied to knows the basics. Hiring managers want to know how you can help them develop solutions. How can you push the company forward to its next level of technical innovation?
Understand when to be reactive vs. proactive
There are two types of security professional: those who are great at reacting fast to unfolding attacks and those who excel at strategy, mapping out what’s coming and developing the solutions to meet the challenges. Both types have their uses, though most companies these days are in need of the forward thinkers. It used to be that a security professional would learn and apply lessons after a data breach. Now, the most important quality is one’s ability to keep the breach from happening in the first place.
Demonstrate an ability to keep learning
The security industry is full of people who have experienced a lot and reach a point where they stop trying to learn. If you emerge from the halls of MIT or Harvard thinking you know it all, hiring managers will be less likely to hire you. They want people who are flexible thinkers, always eager to learn more. They also value people who are honest about what they don’t know. Internet threats are rapidly evolving, and security professionals must be able to match or exceed the pace of their adversaries.
Always network
Those who have been in the industry awhile understand that a person’s network can be as valuable as raw technical knowledge – at least when it comes to finding and landing a job. Boston has a vibrant community of security networking groups, and one should tap into as many as possible. Examples include the Boston chapters of the National Information Security Group (NAISG) and Boston’s chapter of The Open Web Application Security Project (OWASP). Local security conferences are also great places to network. Check out such events as BSidesBoston and SOURCE Boston.
Breaking into Boston’s security scene isn’t easy. But for the foreseeable future, there will be plenty of companies to choose from. Be patient and persistent and follow the five tips above, and you will eventually make it.
This is the third story in our "Cybersecurity in Boston" series, which is running several stories on cybersecurity the week of September 25.