This job looks awesome, but they are asking for a candidate who knows everything under the sun?
If you have thought this about a cyber security role, you are not alone. I have seen Security Operations Center (SOC) roles requiring expertise in cloud technology, junior penetration testing roles requiring five years of experience working in a SOC, and even a malware analyst role needing someone from a compliance background. Human resource (HR) requirements on job descriptions can be outright ludicrous.
Very few, if any, candidates tick every box on a job description, but that’s not to say you shouldn’t strive to tick as many boxes as you can, especially as you progress in your career. The cyber security industry is always seeking out unicorns – people who combine knowledge of many technical things with their main area of expertise.
If you can become a cyber security unicorn, you will become invaluable. I have been chasing this goal for a while now. Let me share what I’ve found out.
What is a Cyber Security Unicorn?
Cyber security unicorns are the rare individuals who can come into a company and transform it almost overnight.
There is a famous rule in economics called the 80/20 Rule (Pareto Principle). This rule states that 80% of results will come from just 20% of actions and it applies to many disciplines. In other words, the success of a cyber security program ultimately comes down to 20% of the actions taken (or 20% of the employees). The cyber security unicorns, the 100x developers, and the genius marketers are that 20%. They can transform, refine, and scale businesses and, because of this, are highly sought-after individuals.
These unicorns work at a level beyond the rest of us. They can provide unique insight, solve complex problems, and create efficient business processes that save countless person-hours. Businesses know this. They know a single unicorn can account for the output of two, five, or even ten employees!
This is why you see job descriptions littered with ludicrous requirements. They are bate looking to snag a unicorn who is looking for their next challenge to conquer.
So how do you become this mythical creature?
How to Become a Cyber Security Unicorn
Cyber security unicorns are not made overnight. It takes years, or even decades, to acquire enough skills to be classified as a unicorn.
These skills come from experience, rigorous training, and consistent experimentation. Let’s break that down:
- Experiences: These are the things you see while working on the job. Through the hours you spend investigating cyber security incidents, analyzing malware, or performing penetration tests, you will naturally acquire skills related to these disciplines. The more you do something, the better you get at it and the more things you see doing it. Hence, the more skills you will gain.
- Training: This is the formal training you take. To stay up-to-date and current with the ever-evolving cyber security landscape you need to take industry training, be it from product vendors or through dedicated training providers. Taking this training will provide you with skills and, the more you take, the more skills you will acquire.
- Experimentation: This can be seen as informal training, and is perhaps the most important to master. These are skills you gain from reading books, watching YouTube videos, or going through training courses online. These skills are often indirectly related to your current role and allow you to approach your current challenges with unique insights from other technical disciplines.
Check out Free vs Paid Cyber Security Training: The Secret to Career Success to discover the pros and cons of free vs paid training.
A cyber security unicorn can use all three of these avenues to acquire a diverse set of skills, and diversity is key. To become a unicorn, you must possess a unique set of skills. Many people may have one skill, but very few combine a skill with a skill from a completely unrelated discipline.
For instance, you might be a malware analyst who also knows a lot about DevOps; as such, you can create a tool that automatically analyzes new malware samples when you push them to a repository. Or you are a SOC analyst who knows a lot about the offensive side; as such, you can create adversary emulation scenarios, mimic red team activities, and write better detection rules. Or you are a cyber security manager who has risen through the ranks; as such, you know many of the low-level details and common problems your team might face. This insight allows you to create processes that solve these common problems and empower your team to do more.
Working as a Senior Cyber Threat Intelligence Analyst, I needed to find a way to validate Indicators of Compromise (IOCs). Some of the open-source threat intelligence reports included IOCs that were used in the campaign but were not necessarily malicious, such as Windows binaries. To do this, I created a simple Python script that took a list of IOCs and ran them in VirusTotal.
However, when I discovered DevOps and Continuous Integration / Continuous Development (CICD) pipelines, I was able to convert this Python script into a GitHub action. Now whenever I want to validate IOCs all I have to do is add it to a list and push this list to a GitHub account. The GitHub action will automatically run, validate the IOC, and remove it from the list if it’s not malicious. This saves me time and energy every day through the power of automation!
All of these scenarios have one thing in common. The unicorn has a diverse background. A background that lets them piece together seemingly unrelated skills, technologies, and experiences to solve complex problems or provide unique insight.
That’s great, but what are some actionable ways to create a diverse background right now?
Creating Your Diverse Background
What if I told you that creating a diverse background was fun, easy, and financially and intrinsically rewarding? Would you believe me?
It might sound like cyber security unicorns have some superhuman ability to acquire skills or were born with an innate problem-solving capability. But the truth is they just love technology and learning, and by combining these two passions, they can become proficient at a whole range of technical things. The only thing standing in your way of doing the same is time and belief.
If you are reading this article, I can guarantee you that you have the ability to become a unicorn, and I can almost guarantee the reason you are not is either down to time or experimentation.
You may be starting your career and have not yet had the time to acquire a diverse set of skills. That’s okay. If you’re beginning your career, time is on your side, so use it wisely.
Take time to explore technologies you might be interested in. Take a week to read a book about DevOps and see if you can apply it to your current position. What unique ways could you merge DevOps with a SOC analyst role, DevOps with a malware analyst role, or DevOps with a penetration testing role?
Think of all these ideas and then go out and try to implement one of them. It doesn’t need to be perfect or commercial-grade; you just need to document your journey so that you can show your work to prospective employers. You will be amazed at all the skills you will pick up along the way, ones you never even thought you needed to know. Then the next month, watch a YouTube video about the Cloud.
Rinse and repeat.
You may have been playing this game for a while. You may know what DevOps, Cloud, and programming are. However, your knowledge is only surface level. To acquire a diverse set of skills, you need to jump in and play around with the things you are learning about. Just have some fun and experiment.
For instance, you may learn about the Python programming language. That’s great, but now think about how to apply this to your current position. Think about the automation possibilities and how much time a simple script might save you (time you could spend better elsewhere). Then go ahead and make that script. You’ve got nothing to lose. Suppose it doesn’t work out and you don’t use it professionally, so what. Along the way, you will gain a whole bunch of transferable skills that you will be able to use for your next project.
Trying to use what you are learning in a practical way is the cornerstone of solidifying your knowledge. If you can actually get something to work, then you truly understand that thing.
In short, to become a unicorn, you simply need to be passionate about technology and willing to spend time trying out new things. If you fulfill these requirements, you can learn almost any new skill. Then comes the time to think creatively and apply this new skill to your current role.
This is the fun part. The part where you get to show off to your boss that you can exceed their expectations. The part where you can begin validating your unicorn status.
That said, unicorns don’t stop there. They acquire and implement new skills consistently. They do this simple process over and over again for a broad range of skills. They go beyond the point where the average person would get bored and quit. Cyber security unicorns are unique because they do the simple thing to an unreasonable degree, and this is where success comes from.
I hope these insights help you discover what it means to be a cyber security unicorn and how you can get there. I highly recommend documenting your journey, teaching others what you have learned, and showcasing your work through a blog or home lab. I found the best way to learn is by teaching or making things and then writing about them. I encourage you to do the same!