Category: Jobs

Can you work from home in cyber security? Absolutely, but like any answer, there’s a big “if”!

The answer to that question really depends on what area of cyber security you’d like to specialize in and the employer’s requirements.

Table of Contents

Can you work from home in cyber security? Click below to find out!

Can Cyber Security Analysts Work from Home?

Are There Any Remote Cybersecurity Jobs?

Employers and Client Requirements

Does Your Role Require Collaboration?

Can I Trust you to Work Remote?

How Experienced or Specialized Are You?

Is Your Cyber Security Work More Hands-On?

When Cyber Security Work from Home Is Not Allowed

Can Cyber Security Analysts Work from Home?

Let’s get this common question out of the way. Yes, cyber security analysts can work from home!

However, there are several factors that employers consider before deciding whether a security position will be made remote. Let’s take a look.

Are Cybersecurity Jobs Remote?

Yes, there are plenty of cyber security jobs working from home. Sadly, some employers still prefer their employees to be on-site and available at all times.

However, with hard work and persistence, you’ll find an employer who’s willing to let you work from home.

Using Indeed As I did my research, you do your research, you’ll find that roughly 75% of cyber security job postings ask for you to work on-site. This makes finding remote opportunities sound difficult, but not impossible! Sometimes, it’s just a matter of asking the employer if they’ll allow you to work remotely.

Either way, this still means that about 25% of cybersecurity jobs are remote.

In the next few sections we’ll look at some of the obstacles you might face when trying to perform cyber security work remotely.

Employers and Client Requirements

The first major hurdle to overcome is that some employers and clients prefer traditional methods of professional interaction (i.e. “We’d like you in the office!”).

While there are undoubtedly some benefits to in-person interaction, this is mostly for no other purpose than the personal satisfaction of the employer or client.

But before you go blaming your employer, it may not always be their fault. Some clients will go so far as to require your presence onsite as part of your employer’s contract.

However, the pandemic forced most clients and employers to accept remote work to continue operations. Whether it remains is still yet to be seen, but employers are now more accepting of a hybrid work environment.

To give you an idea of just how rapidly the cyber security work environment has change, prior to the pandemic, 57% of security professionals were required to work onsite. Today, about 17% are required to work onsite.

That means an impressive 83% of security work is accomplished using a hybrid schedule or is fully remote!

Does Your Role Require Collaboration or Innovation?

Collaboration isn’t just meetings; it means actually working on ideas or projects together and being innovative!

And it’s a core requirement of security work to ensure that everyone’s working collectively to mitigate security risks.

This means working on reports, documents, mitigation techniques, coding/configuration setups, etc. together with a team.

So, it’s understandable that working remote is hard for some employees that prefer personal interaction.

While teleworking tools (e.g. Zoom, WebEx, etc.) have made collaborating easier, they haven’t made collaborating any better.

What’s worse? A study of 61,182 Microsoft employees found that long term remote work actually has the potential to negatively affect collaboration and innovation efforts.

To recap, if the amount of team interaction required is very extensive, then working on these platforms is likely to be a hindrance.

However, if the role doesn’t require extensive interaction, you’re more likely to find the position to be remote.

Can I Trust you to Work Remote?

Employers place a high level of trust in new employees when hiring for remote cyber security positions.

The problem is that when you’re working remotely, your management won’t see you every day or possibly ever meet you in person.

As Dan Spaulding, Chief “People” Officer of Zillow, put it:

…there was a belief, that wasn’t just isolated to us, that if people weren’t in the office that they were doing something else, and maybe that something else was not being focused on their role.

So, when you’re onsite, it’s easier for an employer to trust you because you’re readily available. They can see you every day and monitor your progress daily.

When a recruit hasn’t yet proven themselves, it’s difficult for an employer to allow remote work for a position.

A good way to alleviate their concerns is to bring impeccable references of your past work experiences. If that doesn’t work, try a trial period where you work for a few months and show them how dedicated you are before making the request again.

How Experienced or Specialized Are You?

When determining if a cyber security job is remote, an employer may consider candidates that have extensive experience or are highly specialized.

In order to do that, employers can only hire from a narrow pool of candidates to find the proper qualifications.

Additionally, if the role has been advertised for a long time, it may be a sign the employer is having difficulty in filling the position. Try and find how long the role has been vacant.

Why does this matter for you?

If that role has vacant for too long, they might have decided to outsource its recruitment to a third-party. As you can imagine, the time and sunk costs of hiring an external recruiting service can be quite expensive for a business.

That’s your signal to take advantage of the situation. Leverage your experience or specialization and make working remote a condition of your employment. They probably don’t want to go through the same process again with another candidate. So, if you can sell yourself in the interview with success, they may be willing to bend.

Can Incident Response Teams Work Remotely?

If the position demands a sense of urgency or requires a more hands-on approach, remote work will be difficult. This is usually applicable if you’re a member of an incident response team.

If the organization doesn’t have a tested process in place to handle security incidents remotely, then trying to work from home can be a nightmare!

Can you imagine trying to remove ransomeware from a user’s asset or rebuilding a server remotely all while communicating using a compromised email server?

If you are applying for a position on the incident response team and want to work remote, ensure they have processes in place to handle remote work capabilities. If not, then I wouldn’t bet on working from home.

When Cyber Security Work from Home Is Not Allowed

As the field implies, cyber security does require a certain amount of secrecy, some more than others.

Here’s a list of five reasons why you may not be permitted to work from home for cyber security work:

Required to handle company proprietary information

Required to handle government classified data

Required to handle data within air-gapped systems

If you’re a security technician, security auditor, or work in physical security

If you are an entry-level candidate and/or require training

These types of positions require the role to be performed at a specific location due to the upgraded security measures.

Highly sensitive systems such as a government SIPRNet or Critical Infrastructure are isolated from external connections; you wouldn’t be able to connect from home anyways.

And while there are exceptions, I wouldn’t hold your breath. If you’re lucky, only a fraction of your duties would require you to handle proprietary or classified information.

If that’s the case, you may have the option of working in a hybrid work environment. Somedays you’ll be allowed to work remotely while other days you’ll go to the office.

Keep in mind, that just because you work 100% remote doesn’t mean you never have to show up at the office. You still might need to attend mandatory on-site training sessions and meetings with your team members.

Interested in More…

The Future of Cyber Security: Overview of New Technologies

Ways to Work in Cyber Security Without a Degree!

What Is the Best Job in Cyber Security?

Is Cyber Security Right for Me?

---

by Amit Doshi

Why does LinkedIn matter when you’re looking for a cybersecurity job?

If you’re one of the estimated 1.1 million cybersecurity professionals in the United States, you’re probably thinking to yourself that privacy matters, specifically your own privacy.

The good thing is that roughly half of the cyber community is present on LinkedIn, how active they are is a different story entirely; but that means, the other 550K cyber professionals aren’t.

In today’s article, we’ll talk about why LinkedIn really is important in cybersecurity.

I don’t need a profile; I’ve got a resume.

There are those that’ll say applying to specific jobs, having a resume on a job board or even in the hands of a headhunter, is sufficient. BTW if you need help with your resume, please check this link out!

Which may be true for individuals involved with national security.

But while that works for them, where’s the benefit in intentionally withholding your brand.

We get it; you’re in cybersecurity, and you know how dangerous the internet can be.

You don’t want your PII (“personally identifiable information” for you non-cyber folks) leaked all over the world.

Having a resume is certainly a start no matter who you are, but if you think not having a LinkedIn profile, or keeping it hidden, shows how secure you are, you’re in trouble.

The biggest problem with that mentality is that you’re not showing anything to the world except how unavailable you are.

Recruiters need to find you!

If you’re looking for a job, most recruiters like to use everything in their arsenal to find out about a candidate before they decide to reach out.

Recruiters will search for you online; this means “Googling” your name and especially checking your cyber profile out on LinkedIn.

So guess what, your first impression begins the moment that resume lands in their hands.

Keep in mind that, most recruiters are people-persons who devote themselves to helping cyber applicants fulfill company roles.

Recruiters like to see your face, understand your background and previous roles and responsibilities, see the organizations you’re involved with, and ultimately get better picture of who and what you are.

By not having a profile, you already putting yourself at a disadvantage.

Recruiters begin to wonder why you don’t have a LinkedIn profile; is there a legitimate reason, or do you have something to hide.

Regardless of which scenario, it’s never a good idea to give the recruiter a chance to even entertain that thought.

And as you already know, the competition in the cybersecurity industry is fierce.

So, while not having a LinkedIn profile, or having one that’s incomplete or inaccessible, isn’t a game stopper, realize that you’re only making the recruiters job that much harder.

A “Safe” Way to Display my LinkedIn Profile

If you’re thinking about creating or updating your LinkedIn profile, there are ways to have a LinkedIn profile with some added security.

For you cyber job seekers, LinkedIn has some good privacy capabilities, but you really ought to have a few settings unchecked for visibility purposes.

You need recruiters to view the specifics of your profile.

This doesn’t mean revealing your activity or the details of every job you’ve listed.

This does mean allowing strangers to find you, even if that makes you slightly uncomfortable.

At a minimum recruiters should be able to view your picture, name, professional summary, past companies and dates of employment, previous roles and at least a summary of your responsibilities, educational and certification background.

If you can find someone to write a recommendation about you and have it displayed, that’s also very helpful.

I won’t go into all the details of what settings you should have enabled or disabled; there are plenty of resources available to guide you through that process.

And since LinkedIn is continuously updating their features and options, it’s better to dive into their security and privacy settings yourself to figure out what works for you.

If you’ve decided to create your LinkedIn profile, you need to ensure that it provides an accurate representation of your actual professional experience.

Don’t think you can get away with telling the truth on your resume while exaggerating your LinkedIn profile.

The last thing you want is to create a LinkedIn profile only to have it come into question by the employer.

The resume you provide to an employer needs to correlate with what’s seen on your profile, though not be an exact match.

It’s okay to summarize in a few areas because you don’t want complete strangers viewing every detail of your online profile, but you do need to ensure your resume and profile sync up for the most part.

Do I need to use LinkedIn if I’m not hunting for a cybersecurity job?

Yes, even if you have a LinkedIn profile, it’s important to stay active.

Recruiters that spend a lot of time using LinkedIn like to know their efforts to reach out are at least being seeing by potential candidates.

Why does that matter? Depending on how they use LinkedIn, recruiters can filter out candidates that aren’t active on the platform.

That means even if you have a profile, you need to be occasionally active, so you don’t get filtered out.

This is more important if you’re job hunting.

Beyond just being active, you need to brand yourself even when you’re not looking for a job.

Trying to make connections once you’re out of a job (or just graduated) is too late in the game.

By making those connections early on, you’ll be in a much better place when the time comes to make that move.

Conclusion

You’ve got to give recruiters every opportunity to find you, regardless of where you’ve applied.

It’s absolutely great that you’ve taken the first step of creating a resume for yourself, but don’t let it stop there; create or update that LinkedIn profile.

If you’re overly cautious about displaying your profile, LinkedIn has implemented security measures to help.

Regardless of your job status, you always need to be active on LinkedIn to make new connections; as such, a LinkedIn profile is an absolute no brainer!

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.