Can you work from home in cyber security? Absolutely, but like any answer, there’s a big “if”!
The answer to that question really depends on what area of cyber security you’d like to specialize in and the employer’s requirements.
Table of Contents
Can you work from home in cyber security? Click below to find out!
Can Cyber Security Analysts Work from Home?
Let’s get this common question out of the way. Yes, cyber security analysts can work from home!
However, there are several factors that employers consider before deciding whether a security position will be made remote. Let’s take a look.
Are Cybersecurity Jobs Remote?
Yes, there are plenty of cyber security jobs working from home. Sadly, some employers still prefer their employees to be on-site and available at all times.
However, with hard work and persistence, you’ll find an employer who’s willing to let you work from home.
Using Indeed As I did my research, you do your research, you’ll find that roughly 75% of cyber security job postings ask for you to work on-site. This makes finding remote opportunities sound difficult, but not impossible! Sometimes, it’s just a matter of asking the employer if they’ll allow you to work remotely.
Either way, this still means that about 25% of cybersecurity jobs are remote.
In the next few sections we’ll look at some of the obstacles you might face when trying to perform cyber security work remotely.
Employers and Client Requirements
The first major hurdle to overcome is that some employers and clients prefer traditional methods of professional interaction (i.e. “We’d like you in the office!”).
While there are undoubtedly some benefits to in-person interaction, this is mostly for no other purpose than the personal satisfaction of the employer or client.
But before you go blaming your employer, it may not always be their fault. Some clients will go so far as to require your presence onsite as part of your employer’s contract.
However, the pandemic forced most clients and employers to accept remote work to continue operations. Whether it remains is still yet to be seen, but employers are now more accepting of a hybrid work environment.
To give you an idea of just how rapidly the cyber security work environment has change, prior to the pandemic, 57% of security professionals were required to work onsite. Today, about 17% are required to work onsite.
That means an impressive 83% of security work is accomplished using a hybrid schedule or is fully remote!
Does Your Role Require Collaboration or Innovation?
Collaboration isn’t just meetings; it means actually working on ideas or projects together and being innovative!
And it’s a core requirement of security work to ensure that everyone’s working collectively to mitigate security risks.
This means working on reports, documents, mitigation techniques, coding/configuration setups, etc. together with a team.
So, it’s understandable that working remote is hard for some employees that prefer personal interaction.
While teleworking tools (e.g. Zoom, WebEx, etc.) have made collaborating easier, they haven’t made collaborating any better.
What’s worse? A study of 61,182 Microsoft employees found that long term remote work actually has the potential to negatively affect collaboration and innovation efforts.
To recap, if the amount of team interaction required is very extensive, then working on these platforms is likely to be a hindrance.
However, if the role doesn’t require extensive interaction, you’re more likely to find the position to be remote.
Can I Trust you to Work Remote?
Employers place a high level of trust in new employees when hiring for remote cyber security positions.
The problem is that when you’re working remotely, your management won’t see you every day or possibly ever meet you in person.
As Dan Spaulding, Chief “People” Officer of Zillow, put it:
…there was a belief, that wasn’t just isolated to us, that if people weren’t in the office that they were doing something else, and maybe that something else was not being focused on their role.
So, when you’re onsite, it’s easier for an employer to trust you because you’re readily available. They can see you every day and monitor your progress daily.
When a recruit hasn’t yet proven themselves, it’s difficult for an employer to allow remote work for a position.
A good way to alleviate their concerns is to bring impeccable references of your past work experiences. If that doesn’t work, try a trial period where you work for a few months and show them how dedicated you are before making the request again.
How Experienced or Specialized Are You?
When determining if a cyber security job is remote, an employer may consider candidates that have extensive experience or are highly specialized.
In order to do that, employers can only hire from a narrow pool of candidates to find the proper qualifications.
Additionally, if the role has been advertised for a long time, it may be a sign the employer is having difficulty in filling the position. Try and find how long the role has been vacant.
Why does this matter for you?
If that role has vacant for too long, they might have decided to outsource its recruitment to a third-party. As you can imagine, the time and sunk costs of hiring an external recruiting service can be quite expensive for a business.
That’s your signal to take advantage of the situation. Leverage your experience or specialization and make working remote a condition of your employment. They probably don’t want to go through the same process again with another candidate. So, if you can sell yourself in the interview with success, they may be willing to bend.
Can Incident Response Teams Work Remotely?
If the position demands a sense of urgency or requires a more hands-on approach, remote work will be difficult. This is usually applicable if you’re a member of an incident response team.
If the organization doesn’t have a tested process in place to handle security incidents remotely, then trying to work from home can be a nightmare!
Can you imagine trying to remove ransomeware from a user’s asset or rebuilding a server remotely all while communicating using a compromised email server?
If you are applying for a position on the incident response team and want to work remote, ensure they have processes in place to handle remote work capabilities. If not, then I wouldn’t bet on working from home.
When Cyber Security Work from Home Is Not Allowed
As the field implies, cyber security does require a certain amount of secrecy, some more than others.
Here’s a list of five reasons why you may not be permitted to work from home for cyber security work:
These types of positions require the role to be performed at a specific location due to the upgraded security measures.
Highly sensitive systems such as a government SIPRNet or Critical Infrastructure are isolated from external connections; you wouldn’t be able to connect from home anyways.
And while there are exceptions, I wouldn’t hold your breath. If you’re lucky, only a fraction of your duties would require you to handle proprietary or classified information.
If that’s the case, you may have the option of working in a hybrid work environment. Somedays you’ll be allowed to work remotely while other days you’ll go to the office.
Keep in mind, that just because you work 100% remote doesn’t mean you never have to show up at the office. You still might need to attend mandatory on-site training sessions and meetings with your team members.