Cyber-security expertise is one of the most in-demand skills in today’s IT landscape, and those with security proficiency have some of the most promising career options in all of tech . In the past year alone we ve seen major data breaches in the servers of Verizon, Deep Root Analytics, Kmart (US), DocuSign and the Intercontinental Hotel Group among many others . And most recently, we saw the biggest hack of them all the compromise of the US credit agency Equifax, which led to the theft of the financial information of up to 143 million people. The growth and increased sophistication of these attacks has led to an explosion of demand for cyber security professionals . In 2016, the global cyber security industry was estimated to be worth $106 billion . By 2023, that s expected to explode to around $639 billion according to research firm IT-Harvest. That explosive growth has led to a huge skills gap when it comes to cyber security . Research organisation Cybersecurity Ventures estimates that worldwide there will be 3.5 million unfilled cyber security jobs by 2021. Those estimates have been backed up by the number of job ads appearing for cyber security professionals in the last two years .
According to job site Indeed, there was an incredible 124% increase in the number of postings for cyber security professionals between 2015 and 2017 . Seek has reported similar numbers: between February 2016 and February 2017, the number of ads in the sector grew by 57% . And professional body ISACA s survey of businesses reported that in 2017, 65% of those surveyed had a chief information security officer a huge increase from the 50% just a year before. The high demand for cyber security experts has also driven wages in the sector considerably . According to a recent survey by recruiters Robert Half, security specialists starting salaries have grown at a rate of 6.2% in 2017 among the highest rate in any industry . In the survey, Robert Half found that its recruited cyber security specialist wages had a minimum of $118,000 and a maximum of $160,000. Job salary survey site PayScale reports somewhat similar figures . It lists the median salary of an IT security consultant and computer security specialist at $105,000 – $110,000, with more entry level roles at $88,000 . IT security architects can expect a median salary of $135,000+.
So how do you get a career in cyber security ? Right now there is no official accreditation (although the Australian Information Security Association has been in talks with the Professional Standards Council to create one), but there are plenty of courses one can take to prepare yourself for a career in cyber security. One example of a qualifying course is the Master of IT Management1 from Southern Cross University . It s a two-year part time course that will qualify you for many roles in IT security . It s comprised of 12 units, all of which can be completed using the University s structured online learning system, which requires no on-campus activity and allows the course to flex around your existing time commitments . You can jump in and out of the course as your life allows. Of special note is the Information Systems Security Management unit, which specialises in teaching students to identify and resolve security threats and vulnerabilities .
The unit covers much more than specific resolutions: it also looks at managing risk to the company and partners; legal and ethical considerations; the role of management; and the integration of security systems into existing business practices . The goal is to get you qualified and ready to deal with the growing number of threats facing Australian businesses online . If you can manage that, then your career prospects are good indeed.
What you ll learn in Southern Cross University s Information Systems Security Management
SCU’s Information Systems Security Management unit gives you a specific, up-to-date skillset aimed specifically at cyber security expertise, which includes:
- How to identify and describe the various threats to the security of digital information and information systems.
- How to analyse models and practices for managing security of digital information and information systems.
- How to investigate the human management aspects of security in an enterprise including roles, responsibilities and personalities, and the impact on trading partners.
- The ability to review and describe the major legal and ethical issues with respect to managing security of digital information and information systems.
- Analysing the need for managing security of digital information and information systems.
- How to undertake risk assessment regarding the security of digital information and information systems and develop strategies for controlling risk.
Further evidence has emerged regarding the insecurity of Equifax s web setup, as independent security researcher Scott Helme reports having uncovered all manner of problems with Equifax s security header configuration1. The finding from Helme comes as a date was confirmed for the Equifax CEO to appear before Congress earlier next month, and the FTC said it was investigating the credit reference agency.
Equifax s security header configuration
Many of the headers are more about addressing the basics, but as a site that serves over HTTPS they should really have features like HSTS and CSP enabled to offer their visitors a higher level of protection, Helme told El Reg.
The current misconfiguration that is present on the site with duplicated headers and conflicting values just raises questions about why the basics aren t being done properly. Earlier this week, Equifax admitted2 that hackers exploited an Apache Struts vulnerability (CVE-2017-5638) to break into its systems . The flaw had been patchable since March 7 but Equifax had failed to patch promptly . The intrusion but was only detected more than two months later.
Criminals gained access to names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers of millions of Americans as well as the credit card numbers of 209,000 US consumers . The whole sorry mess raises a number of important questions. Three top Equifax executives, including its chief financial officer, sold a combined $1.8m worth of stock in the consumer credit reporting agency after the breach was detected but before it was made public .
Equifax said4 that the executives had had no knowledge that an intrusion had occurred at the time they sold their shares. US data privacy watchdogs at the Federal Trade Commission have taken the unusual step of confirming5 they had launched an investigation into the Equifax breach. Equifax chief exec Richard Smith has been called6 to testify before congressional lawmakers at the beginning of October .
Smith is due to appear before the House Energy and Commerce Committee on October 3.
Another security researcher reported7 that he d begun receiving spam emails at a single-use email address he d used uniquely to register with Equifax years earlier, but we ve not seen widespread evidence that data has escaped into the wild yet.
If you have any info you d like to share, drop us a line
Second-hand electronics and video games dealer CeX has suffered a serious security breach, with the data of up to two million customers being stolen from its online store. The company, privately held by its founder Robert Dudani, operates a nationwide chain of high-street shops buying and selling electronics and video games, as well as an online retail platform. It said late on Tuesday that the stolen data included the names, addresses, email addresses and phone numbers of many customers.
The data also included old credit card information, but CeX assured it was all for expired credit cards, as it had not held customer credit card data in-house for a number of years.
A small amount of encrypted data from expired credit and debit cards may have been compromised, the company said in a statement.
We would like to make it clear that any payment card information that may have been taken, has long since expired as we stopped storing card data in 2009. CeX was advising customers to change their passwords for the website, as well as for any other websites on which they use the same or similar passwords.
Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services. CeX said it was contacting the up-to-two million customers that may have been affected, and was working with the police and a cyber security expert to to gather details of the attack and work to prevent another from happening.