Author: Cyb3ars

Careers in cybersecurity run the gamut from highly technical to highly policy oriented. Careers include work from policy, compliance, risk, middle management, product management, developer ops, to the programming of software and hardware. Our efforts have focused on incubating students who live at the intersection of policy and technology: policy people who understand the development process and engineers who understand the policy implications of design decisions.

According to NIST Cyberseek, there are many more job opportunities than candidates in cybersecurity. The main challenge you will face is getting that first job. Not all employers can invest in an entry-level employee; many want to hire mid-career people who need little training. There are many strategies you can use to overcome that challenge, including the internships, externships, and research opportunities presented in this FAQ.

For job searches, we note that the CLTC maintains a job board. For jobs in the intelligence community, see this combined portal for career opportunities.

There are many scholarships in the cybersecurity field. Here are some starting points:

• The Computing Research Association provides Scholarships for Women Studying Information Security
• (ISC)2 Women’s Scholarship 
• (ISC)2 Undergraduate Scholarship
• (ISC)2 Graduate Scholarship
• ESET Women in Cyber Technology Scholarship
• Department of Defense SMART Scholarship-for-Service Program
• For I School students, the Curtis Smith Scholarship

Santa Clara University’s Markkula Center for Applied Ethics has done excellent work in explaining ethical frameworks and applying those frameworks to cybersecurity.

We suggest that you start with a grounding in ethics itself. The Markkula Center’s Framework for Ethical Decision Making explains what ethics is, what it is not, and provides several methods one could apply to an ethical dilemma.

From there, the Center’s Introduction to Cybersecurity Ethics is the best statement we have seen applying ethical frameworks to cybersecurity dilemmas.

If you are looking for a book to read, we recommend Shannon Vallor’s Technology and the Virtues: A Philosophical Guide to a Future Worth Wanting (Oxford University Press 2018). If you are a Berkeley student, you can access this book free through the library proxy.

Because security touches so many disciplines, you’ll find student and faculty groups in a range of departments active on cybersecurity. The best place to start is the Center for Long-Term Cybersecurity (CLTC). Established in 2015, CLTC is a research and collaboration hub in the School of Information. CLTC funds research, hosts speakers and conferences, and regularly produces white papers on cybersecurity. Three projects of note are: AI Security Initiative, Citizen Clinic, and Daylight Security Research Lab.

Many students have found rewarding research experiences with the Berkeley-affiliated International Computer Science Institute.

The Center for Information Technology Research in the Interest of Society (CITRIS) was created to accelerate translation of scientific research into technology development. CITRIS leads the Women in Tech Initiative and its other research thrusts are relevant to cybersecurity.

The Blum Center for Developing Economies has a number of programs that are security-relevant related to its goal to end global poverty. Check out their Idea Labs.

There are several student groups that have explicit cybersecurity concentrations. Berk1337 (“Berk-Leet”) is Berkeley’s main undergraduate student group focused on cybersecurity; Berk1337 has participated in cyber defense competitions. The Interdisciplinary Research Group on Privacy is a research working group for undergraduates. At the law school, PrivLab is a student group that hosts events primarily on privacy and information security law. Events are accessible through joining their email list.

Some groups focus on security from a particular domain lens. For instance, the foreign service and international relations fraternity, Delta Phi Epsilon hosts relevant events, as does the Algorithmic Fairness and Opacity Working Group, the Review of International Conflict and Security, the Nuclear Policy Working Group, the Center for Technology, Society, and Policy. 

Although not on our campus, Stanford’s Internet Observatory is an exciting institution. Started by Berkeley alum Alex Stamos, the Observatory has generated interesting curricular contributions, reports, and events. The Observatory has written prolifically about information operations and the group’s reports are a good study both in content and in the writing techniques analysts use to present material to busy decisionmakers.

“CISO” stands for “Chief Information Security Officer,” the executive in charge of protecting an organization’s information assets: in other words, the head cybersecurity person. CISOs often are also responsible for customer privacy, compliance with data protection regulations, and other related issues. The position has grown and evolved rapidly in the last 15 years or so; today, the vast majority of large companies have an equivalent executive position. President Obama established the first U.S. federal government CISO in 2016. 

Reading material aimed at CISOs and similar executives is a great way to get a birds-eye view of emerging and ongoing cybersecurity issues. Berkeley tends not to subscribe to practitioner-oriented publications such as MLex, but a few are available to us. The Berkeley community has a site license to Bloomberg BNA and Gartner analyses, and free accounts are available to students for the Wall Street Journal, Financial Times, and the New York Times, all of which cover cybersecurity to some degree.