Category: Cloud Security

Trying to decide between a job in cyber security vs cloud security? Read on as we discuss the difference between two to help you make the right career choice!

Cyber Security vs Cloud Security: Quick Overview

What is cyber security?

By now most people understand what cyber security is; it’s the protection of information and information systems against cyberattacks, data breaches, and unauthorized access.
 
Interested in learning the difference between cyber security and information security?

What is cloud security?

As you may have guessed, it’s not surprising to understand that cloud security is the process of securing the hardware and software assets within a cloud environment. However, it’s not to be confused with the cyber security requirements of the cloud service provider. I’ll discuss that further below.

What Is the Cloud?

To give you a little background, when IT gurus talk about the cloud, what they’re usually (though not always) referring to is a remotely located server setup.
 
These setups (aka the “cloud”) allow organizations to have access to virtual servers, operating systems, software, applications, databases, networks, and data storage from pretty much anywhere in the world.
 
The cloud provides end users the ability to store and even process data from the servers instead of on their own devices.

Why Do Companies Need the Cloud?

Let’s take a look at the main reasons why companies make the decision to move to the cloud:
 
Scalability: They no longer need to worry about application related bottlenecks. Companies can choose to grow horizontally to handle additional workloads or vertically for additional power and capabilities depending on their needs.
 
Flexibility: As corporate workloads grow, shrink, or change, the cloud environment has the advantage of meeting the client’s evolving demands within minutes.
 
Cost Savings:The largest benefit of using the cloud is the cost savings associated with not having to purchase and maintain the network infrastructure, which can be significant.
 
No Licensing: Because software isn’t being run on each user’s device and is simply being accessed over a remote location, companies can now purchase a service instead of a license.
 
Wider Accessibility: End users can work from remote locations while accessing the application and data on the cloud from anywhere. Interested in learning more about working remotely?
 
Enhanced Collaboration: It’s also made it easier for companies to work with partners without requiring them to have physical access to company servers.
 
Increased Productivity: Companies can harness the power of accessibility and collaboration efforts to increase the speed at which workloads are processed.
 
Ease of Use: End users aren’t burdened by the need to understand how the cloud environment works. From their perspective, it’s as simple as accessing the application or data from their own devices.
 
It’s not surprising then that many organizations are moving their critical applications and workloads to the cloud, but there is a downside.

Who Is Responsible for Security of The Cloud?

Responsibility for the cloud environment varies depending on the deployment model (i.e. private, community, hybrid, or public) and service type an organization chooses. No matter what solution is chosen, prior to any data being stored in the cloud, the organization’s IT security team will always be responsible for encryption of the data before it’s stored on the server.
 
Private cloud environments are completely owned and managed by the organization. If an organization chooses to utilize a private cloud environment, then the security of the cloud environment solely rests upon that organization.
 
Community cloud environments are owned by the members of the community and either share the resources to manage the environment themselves or outsource that responsibility. The same holds true for its security, either it can be shared among the members, outsourced to a third party, or both. Because it’s not truly a private environment, it’s not as secure as a private cloud, but it is more secure than a public cloud.
 
Public cloud environments are owned and managed by third party vendors. As such, public clouds are less secure because the client maintains no control over the data and is also forced to share resources with other users.
 
In a public environment, there are usually two separate parties, the Cloud Service Provider (CSP) and organization, involved in the cloud’s security. The CSP will always be responsible for the management and operation of the remote facility. This includes the physical security of the facility which houses the servers, networks, and other hardware.
 
After that, things get slightly complex. Depending upon the type of service (e.g. IaaS, PaaS, or SaaS) the organization is purchasing, the responsibility of the security varies. In all three scenarios the CSP is responsible for implementing security into the network, storage drives, servers, and hypervisors.

IaaS (Infrastructure as a Service): If the organization chooses IaaS, cloud security becomes the responsibility of the client who must implement security for the application, data, and everything down to the operating system, virtual machines and networks.
 
PaaS (Platform as a Service): If the organization choose PaaS, cloud security only includes security of the application, data, and data interfaces; everything else becomes the responsibility of the CSP.
 
SaaS (Software as a Service): In a SaaS solution, all security aspects of the cloud environment except for the data and data interfaces are the responsibility of the CSP.

Hybrid cloud environments are a mix of private and public cloud infrastructure depending on the corporate need. Highly sensitive applications or data requiring increased security may be run on a private cloud whereas all other data could be run in a public environment.

What are Typical Cloud Security Salaries?

Look at the typical cloud security job salary for the following positions:

Salary.com

• Cloud security analyst averages $86k and falls between $72k and $92k
• Cloud Security engineer averages $98k and falls between $87k and $110k

ZipRecruiter

• Cloud security analyst was unavailable
• Cloud security engineer salary averages $141k and fall between $86k and $191k

Glassdoor

• Cloud security analyst averages $77k and fall between $74k and 180k

What are Typical Cyber Security Salaries?

Look at the typical cyber security job salary for the following positions:

PayScale

• Cyber security analyst averages $74k and falls between $54k and $116
• Cyber security engineer averages $98k and falls between $69k and $139k

ZipRecruiter

• Cyber security analyst averages $100k and falls between $41k and $145
• Cyber security engineer averages $120k and falls between $54k and $181

Is Cloud Security Same as Cyber Security?

No, cloud security and cyber security are not the same thing. Read further to find out why.

What’s the Difference Between Cloud Security and Cyber Security?

The essential difference between the two is that cloud security only focuses upon the security of the cloud environment; in contrast, cyber security is a holistic approach to securing data and information systems within the entire organization and not just the cloud.
 
The security of a cloud environment can be holistic within the confines of a private cloud environment where the enterprise has full security control. When this happens the security of the cloud is enveloped into the organization’s overall cyber security strategy.
 
If the cloud environment is not private, the security of the environment must be partitioned or shared between organizations, or between organizations and third-party users. As a result, cloud security isn’t fully encased by the organization’s cyber security risk management system.
 
Interested in learning the difference between cyber security and network security?

Cyber Security vs Cloud Security: What Is Better?

If you’re still trying to determine the best field between the two, then it really depends on the factors you’re considering.
 
Salary: Unfortunately, salary information was widely varied depending on the source. Using ZipRecruiter, an apples-to-apples comparison clearly shows that cloud security engineers average about $21k more than their cyber security counterpart. Although as we move towards the more experienced end, the difference becomes minimal.
 
Education: Cybersecurity degrees are becoming ever increasingly popular and are now being offered at many major institutions; on the flip side, you’ll be hard pressed to find a cloud security degree program; you’re better of getting a degree in cloud computing with security certifications.
 
Job Stability: Both fields are here to stay and won’t be going away anytime soon. You may see increased job stability in cloud security and cyber security as the need for remote data access and infrastructure will only increase.
 
Job Opportunity: As a result of the increased growth, cloud security and cyber security job opportunities are also expected to grow in parallel. The Bureau of Labor and Statistics estimates a 30% increase in job growth just for information security analysts alone. That doesn’t mean there aren’t plenty of cloud security positions available. A recent check of Indeed shows nearly 19,000 positions available for cloud security related positions.
 
Job Growth: In either field, job growth is nearly guaranteed; however, as with any job, increased competition is normal the higher you get promoted. If your aim is to become either a cloud security or cyber security director, ensure you’ve spent a minimum of 15 years providing and implementing security solutions. By then you should have sufficient knowledge to design technical solutions from the ground up!
 
Work Life Balance: Having a work life balance is important, but as most professionals in the security industry are keenly aware, having that balance is extremely difficult. Limited security budgets lead to limited security personnel implementing complex solutions, making long work hours very common.
 
Ultimately, what is better is dependent on what factors you consider to be important and your area of interest.

TLDR

Deciding between cyber security vs cloud security…Click below to find out more!
 
Cyber Security vs Cloud Security: Quick Overview
 
What Is the Cloud?
 
Why Do Company’s Need the Cloud?
 
Who Is Responsible for Security of The Cloud?
 
What are Typical Cloud Security Salaries?
 
What are Typical Cyber Security Salaries?
 
Is Cloud Security Same as Cyber Security?
 
What’s the Difference Between Cloud Security and Cyber Security?
 
Cyber Security vs Cloud Security: What Is Better?

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Why does LinkedIn matter when you’re looking for a cybersecurity job?

If you’re one of the estimated 1.1 million cybersecurity professionals in the United States, you’re probably thinking to yourself that privacy matters, specifically your own privacy.

The good thing is that roughly half of the cyber community is present on LinkedIn, how active they are is a different story entirely; but that means, the other 550K cyber professionals aren’t.

In today’s article, we’ll talk about why LinkedIn really is important in cybersecurity.

I don’t need a profile; I’ve got a resume.

There are those that’ll say applying to specific jobs, having a resume on a job board or even in the hands of a headhunter, is sufficient. BTW if you need help with your resume, please check this link out!

Which may be true for individuals involved with national security.

But while that works for them, where’s the benefit in intentionally withholding your brand.

We get it; you’re in cybersecurity, and you know how dangerous the internet can be.

You don’t want your PII (“personally identifiable information” for you non-cyber folks) leaked all over the world.

Having a resume is certainly a start no matter who you are, but if you think not having a LinkedIn profile, or keeping it hidden, shows how secure you are, you’re in trouble.

The biggest problem with that mentality is that you’re not showing anything to the world except how unavailable you are.

Recruiters need to find you!

If you’re looking for a job, most recruiters like to use everything in their arsenal to find out about a candidate before they decide to reach out.

Recruiters will search for you online; this means “Googling” your name and especially checking your cyber profile out on LinkedIn.

So guess what, your first impression begins the moment that resume lands in their hands.

Keep in mind that, most recruiters are people-persons who devote themselves to helping cyber applicants fulfill company roles.

Recruiters like to see your face, understand your background and previous roles and responsibilities, see the organizations you’re involved with, and ultimately get better picture of who and what you are.

By not having a profile, you already putting yourself at a disadvantage.

Recruiters begin to wonder why you don’t have a LinkedIn profile; is there a legitimate reason, or do you have something to hide.

Regardless of which scenario, it’s never a good idea to give the recruiter a chance to even entertain that thought.

And as you already know, the competition in the cybersecurity industry is fierce.

So, while not having a LinkedIn profile, or having one that’s incomplete or inaccessible, isn’t a game stopper, realize that you’re only making the recruiters job that much harder.

A “Safe” Way to Display my LinkedIn Profile

If you’re thinking about creating or updating your LinkedIn profile, there are ways to have a LinkedIn profile with some added security.

For you cyber job seekers, LinkedIn has some good privacy capabilities, but you really ought to have a few settings unchecked for visibility purposes.

You need recruiters to view the specifics of your profile.

This doesn’t mean revealing your activity or the details of every job you’ve listed.

This does mean allowing strangers to find you, even if that makes you slightly uncomfortable.

At a minimum recruiters should be able to view your picture, name, professional summary, past companies and dates of employment, previous roles and at least a summary of your responsibilities, educational and certification background.

If you can find someone to write a recommendation about you and have it displayed, that’s also very helpful.

I won’t go into all the details of what settings you should have enabled or disabled; there are plenty of resources available to guide you through that process.

And since LinkedIn is continuously updating their features and options, it’s better to dive into their security and privacy settings yourself to figure out what works for you.

If you’ve decided to create your LinkedIn profile, you need to ensure that it provides an accurate representation of your actual professional experience.

Don’t think you can get away with telling the truth on your resume while exaggerating your LinkedIn profile.

The last thing you want is to create a LinkedIn profile only to have it come into question by the employer.

The resume you provide to an employer needs to correlate with what’s seen on your profile, though not be an exact match.

It’s okay to summarize in a few areas because you don’t want complete strangers viewing every detail of your online profile, but you do need to ensure your resume and profile sync up for the most part.

Do I need to use LinkedIn if I’m not hunting for a cybersecurity job?

Yes, even if you have a LinkedIn profile, it’s important to stay active.

Recruiters that spend a lot of time using LinkedIn like to know their efforts to reach out are at least being seeing by potential candidates.

Why does that matter? Depending on how they use LinkedIn, recruiters can filter out candidates that aren’t active on the platform.

That means even if you have a profile, you need to be occasionally active, so you don’t get filtered out.

This is more important if you’re job hunting.

Beyond just being active, you need to brand yourself even when you’re not looking for a job.

Trying to make connections once you’re out of a job (or just graduated) is too late in the game.

By making those connections early on, you’ll be in a much better place when the time comes to make that move.

Conclusion

You’ve got to give recruiters every opportunity to find you, regardless of where you’ve applied.

It’s absolutely great that you’ve taken the first step of creating a resume for yourself, but don’t let it stop there; create or update that LinkedIn profile.

If you’re overly cautious about displaying your profile, LinkedIn has implemented security measures to help.

Regardless of your job status, you always need to be active on LinkedIn to make new connections; as such, a LinkedIn profile is an absolute no brainer!

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.