Working in cybersecurity. Cybersecurity needs you.

Redazione RHC : 12 July 2025 10:13

We know it by now. Every country in the world (including Italy) has a huge shortage of cybersecurity experts, while cybercrime is rampant in every corner of the globe.

This is “a call to arms” . To combat a constantly growing phenomenon that has shown no signs of slowing down for years, and to contain it, we need resources who choose to work in cybersecurity.

We need an army of specialized people who are capable of protecting our national security infrastructures. We’re talking about resources such as water, electricity, gas, but also fixed and mobile telephone networks, interconnection networks, and we’re few and we really, really need you.

If you’re wondering what you need to do to become a cybersecurity expert, this is the right article for you to read.

Working in cybersecurity

Cybersecurity is a vast and complex subject, which includes many specializations ranging from humanistic skills to specialized technical ones.

It goes without saying that everything starts from a solid foundation in knowledge of networks and computer architecture and the Internet in general. Even if you end up dealing with privacy or legal aspects of cybersecurity, always remember that your work will always be focused solely on this goal:

Stopping highly specialized and motivated people (who know the subject very well technically) from violating your organization.

It goes without saying that you will have to be better than them to outperform them.

In this article, we will delve into three phases that will allow us to make the right “choice”, that is, which direction to take in the vast world of IT security and we can summarize these three phases in:

1. The basics;
2. The specializations;
3. In-depth information and certification courses.

The basics

To be able to become part of the world In cybersecurity, without taking anything for granted, you’ll need a master’s degree in computer engineering (or better yet, cybersecurity), but a bachelor’s degree is fine too. These majors are an excellent place to start to gain a solid foundation in general computer science.

Let’s be clear: we’re talking about computer engineering to simplify things. Obviously, if you need to hack a radio protocol, you need a basic telecommunications background, while, for example, if you need to design a new cryptographic algorithm, you need a solid foundation in mathematics.

Many people ask if you can do without it. The answer is: “yes, it’s possible, but in that case you’ll have to acquire all that cultural background on your own and completely independently.” To do this, you’ll have to build a path for yourself with many challenges and technical knowledge to acquire. university is better.

As you embark on your academic journey, you should start asking yourself a fundamental question right from your first university exams, namely:

What role would you like to have in the world of cybersecurity in 5 years?

But to be able to answer this question you will have to take into account your “inclinations”

We are in fact talking about those “aptitudes” that each person has, which can be useful in the workplace. To put it simply, if you like writing and reading more, it might be more appropriate to specialize in the “privacy”, “governance” or “legal” fields, while if you like to dig into things more, a “specialized technical” field might be more appropriate, which we will see later.

A propensity for continuous learning

Without a shadow of a doubt, all the great IT security experts, especially those who “excel” in this subject (and you are people who want to “excel”, aren’t you?), are “curious” people.

In fact, “curiosity” and “passion”, or let’s put it another way, “having an open mind towards knowledge and the constant study of computer breaches”, is the basis of cybersecurity, even if we can extend this concept to any discipline. As we were saying before, if you want to “excel” in cybersecurity, “curiosity” and “passion” must be your guiding light and will be a constant that will follow you throughout your working life.

This is a fundamental thing that you should start cultivating because every day there is a new cyber attack that uses a new technique that was not “diabolically” designed yesterday.

If you don’t know it, how on earth will you be able to protect a large organization?

You can exercise this “curiosity” in several ways. For example, by acquiring knowledge through the many specialized industry magazines you’ll find online, following trends in threats and risks, especially trying to understand them from a purely technical point of view.

Let’s always remember that cybersecurity is a technical subject, where you never stop

learning.

You will learn from cyber criminals who violate systems every day with increasingly new and sophisticated tools using bizarre and unthinkable techniques. You will learn from those who try to fight them and fail miserably, but you will also learn from those who manage to keep their heads above water in a world full of pitfalls. You will learn from those who try to define rigid rules without knowing what they are talking about and you will also learn from those who believe that zero risk really exists and will never want to change their minds, whether out of ignorance or pretext.

In short, if you know how to grasp the magic of this fantastic world, you will never get bored, because every day is different from the previous one and every day there will be a new defeat from which you can learn a lot, or fantastic and unexpected surprises.

Specializations

Once we have acquired the basic notions, we will have already answered that famous question we were talking about before, that is: what role would you like to have in the world of cyber in 5 years?

In fact, cyber security is divided into different “specializations” but if we want to summarize them, we can enclose them in three different “macro areas”:

• High level security;
• Specialized technical;
• Research.

Once you have finished your academic path, you should already know which “bullet” to finish, also because, if you are not yet clear, it could be important to evaluate whether cybersecurity is really the future for your life.

This is because you will have already touched almost all of the specializations first-hand, even if not in depth, and you will have already formed an idea of what best suits your “aptitudes” and your person, as well as your future path.

Furthermore, acting like a know-it-all at the beginning, in the world of cybersecurity, will not be very good for you (in addition to avoiding serious blunders), so once you have decided on the macro-area in which to enter, you will have to decide on the specialization.

It is about defining a “pointer” on which to work and learn as many specialized fields as possible that can guarantee you a correct entry into the world of work.

In the cybersecurity field, analyzing the specializations of each “macro area”, we will discover that there are a multitude of figures that we have tried to summarize in the following sub-chapters.

High level security

The specializations in the cybersecurity field – high level security, can be divided into the following specializations (professional categories):

1. Policy & Procedure Analyst: an analyst specialized in defining policies and procedures within an organization;
2. Legal & compliace: analyst specialized in the knowledge of cyber security laws and how these can be implemented within the organization;
3. Governance program analyst: analyst specialized in the definition of special programs and crash programs for risk reduction, contingency plans for the implementation of specific security measures;
4. Technical Evaluation analyst: analyst specialized in investigative activities on an organization’s assets through specific “gap analysis” and “recovery plans”;
5. Security solution designer: specialist in the engineering or integration of specific security solutions.

Specialist technician

While the higher-level specializations involve a less in-depth knowledge of STEM subjects, the following specializations are more suitable for those who want to make logic and mathematics their profession.

1. Security solutions engineer and developer: developer or engineer of security solutions, designed for specific “use cases” within a large organization;
2. Digital Forensics Specialist (FDA): an analyst specialized in conducting detailed investigations to detect and document the course, reasons, culprits, and consequences of a security incident or violation of organizational rules or state laws;
3. Incident Response Specialist: an analyst specialized in classifying cybersecurity incidents, responding to such incidents according to defined processes, and assisting and providing guidance to stakeholders during the cyber incident response process;
4. Penetration testing / ethical hacking specialist: a specialized analyst in impersonating a hypothetical cybercriminal, in order to understand how a system is resilient to a hypothetical cyber attack, identifying vulnerabilities and defining what needs to be done to resolve them;
5. Threat intelligence specialist: analyst specialized in the analysis of public sources to perceive and neutralize threats before they can encounter the organization and cause damage.

Research

Going increasingly vertically in the specializations related to cybersecurity, we find research activities. These are highly technical analyses, and in order to conduct them, it is necessary to have a solid “specialist technical” foundation.

1. Bug research specialist: an analyst specialized in detecting undocumented (zeroday) security vulnerabilities in software / firmware / hardware;
2. Malware Analysis specialist: an analyst specialized in reverse engineering binary components, who analyzes malware to understand how it works, attribute it and know its origin;

We’ve certainly left some out. There are so many specializations in cybersecurity, and as time goes by, more specializations are added to the known ones.

In-depth information and certification courses.

As we’ve seen previously, university provides a solid foundation for entering the world of cybersecurity, although it’s a good idea to keep yourself constantly updated.

After completing the course of study, it’s possible to access a master’s degree in cybersecurity, which now also combine other subjects strictly related to the course, such as artificial intelligence. But on this I leave it up to you to explore the internet to understand which one can best suit your needs.

In addition to this, there are also some interesting certifications you can consider to give your resume an extra boost. Certifications are often looked upon favorably in a job interview, even if you normally write your CV in the field.

Some that can be evaluated (I report the most popular ones), can be the following, where in the last 4 we insert “specialist technical” certifications.

1. Isaca CISM (Certified Information Security Manager): is a standard developed by ISACA for the certification of IT Managers’ security skills;
2. Isaca CISA (Certified Information Systems Auditor): The CISA certification is recognized at the recognized worldwide as the standard of achievement for those who audit, control, monitor, and evaluate an organization’s information technology and business systems;
3. CEH (Certified Ethical Hacker): is a certification program that combines theoretical knowledge and practical learning. It includes several modules starting with the basics, penetration testing methods, tool demonstration, and more. The training provides the necessary knowledge on everything from analysis to exploitation of the defined scope of the IT infrastructure.
4. OSCP (Offensive Security Certified Professional): is a practical penetration testing program with Kali Linux, is a popular basic penetration testing training, intended for cybersecurity professionals to jump-start their skills at a faster pace. Helps you learn the latest ethical hacking tools and techniques to become a penetration testing expert.
5. GIAC (Global Information Assurance Certification): A process-oriented approach to penetration testing. This certification verifies an ethical hacker’s ability to perform an Assessment. This certification has developed skills to use exploits and perform detailed reconnaissance.
6. KLCP (Kali Linux Certified Professional): is a professional certification that attests to your knowledge and fluency in using the Kali Linux penetration testing distribution.

In conclusion

The world of Cybersecurity awaits you and can give you a lot of satisfaction.

At this point, it is only up to you to understand it and know how to ride it, making the right choices, so that in a short time you will be able to earn a role in this wonderful field.

So give it your all and always be curious, as there is so much, so much still to do.