Talos Researchers Tell You How to Get Hired in Security

- June 14, 2017

Wondering how to start a career in security research?

It’s a question that comes up often, and with good reason. A report issued earlier this week noted that by 2020, the cybersecurity industry will have 1.8 million unfilled jobs.

But where do you start? What should you study?

Who better to ask than researchers with Cisco’s Talos threat intelligence group? Talos is a group of more than 250 experts in infosec, reverse malware engineering, network security and even design. The group is in charge of using sophisticated systems to gather threat intelligence and apply it to Cisco security products, and they manage signatures for, ClamAV, and SpamCop.

Each security researcher or engineer has a story of their own personal journey into the field. The security experts at Talos are no different.

Beers with Talos

Talos Technical Leader and Outreach Manager Craig Williams said in a recent episode of the Talos podcast “Beers with Talos” that his personal path was more of a traditional route. “I knew immediately since I was about 8 years old exactly what I wanted to do,” he said. “Some of my earliest memories were hacking the Apple IIGSes to change the sounds and colors instead of playing ‘Number Munchers’ like a good boy in elementary school. And I just followed that path all the way through college and got a job doing IPS work.”

There used to be a “golden age” of computers, where anyone who showed some aptitude and strong interest in computers or networking could likely get a job. Now, it’s a bit different. Hiring managers are looking for skills in not only computers and networking, but also in math, data analysis and pattern recognition.

“For me it was a lot of [bulletin board systems] and setting up Linux, destroying my parents’ computer,” Williams said. “That’s how I got my first computer, trashing my parents’ computer for the four-hundredth time.”

But, he said, for a lot of people the path isn’t so straightforward. And in today’s job market, those skills mentioned earlier are absolutely necessary to be successful. Being certified, although helpful to track one’s progress and learning, is not one of them.

The candidates who are smart, creative, self-learners who can dig into data sets are the ones who will rise to the top of the list.

“If you don’t like constant learning, security research is the wrong place for you,” Williams said.

Communication skills are also not only in high demand but often required, which most entry-level security professionals may not expect.

“The reality is, you can have the best intel, but if you can’t communicate it in a way that’s attractive and a way that makes sense, no one’s going to read it. It’s very important,” Williams said.

To hear more advice from Craig Williams and the rest of the Beers with Talos hosts, check out the latest podcast episode here.