Most people think of Silicon Valley as the tech capital of the world, but it's in northern Virginia nearly 3,000 miles away that many security firms and defense contractors operate. As of 2009, more than half of the world's Internet traffic passed through this region.
Located close to our nation's capital, the Dulles Technology Corridor receives billions in government and private contracts each year, and the growing demand for cyber security allowed the region to weather the 2008 recession better than most parts of the country. However, some skills are being prioritized over others. If you're interested in pursuing a career in this region, here are the five skill sets you'll need to market:
1. Exploit Development
Do you like to break things? In real life, you probably don't take a hammer to your house for fun, but online is a different story. Exploit development is all about finding a weakness and taking advantage of it.
You'll need to know more about developing exploits than how to use Metasploit, and you'll always need to think creatively to write new stack overflows. In essence, exploit development is the cyber security industry's first line of defense against vulnerabilities.
In fact, exploit development is so important to the cyber security industry that companies like Google and Facebook offer cash rewards to anyone who can demonstrate exploits. Instead of guarding email accounts and social media sites, you'll be protecting classified materials and networks that are vital to national security.
2. Malware Analysis
At the other end of the spectrum is malware analysis. Instead of breaking applications, you'll be looking at existing malware to figure out how it works and what it's capable of. Almost all antivirus software has some heuristic scanning capabilities, but these programs are mediocre at best.
The government relies on teams of security experts to analyze new viruses and new strains of existing viruses to find out where they came from, how they spread, and how to protect against them. In many ways, malware analysis is the IT equivalent of the Emerging Pathogens Institute.
You'll likely work for a security firm that contracts with global corporations and the U.S. government to patch vulnerabilities. Unlike a career in exploit development, you'll be fixing vulnerabilities after they become a problem.
3. Advanced Penetration Testing
Penetration testing involves attacking a network, operating system, and application at the same time to find any opening at all. Once you get inside, you can start to exploit and manipulate the entire system, and your job is to bring it to its knees if possible.
You'll start by investigating real examples of penetration attacks, and then you'll test your attacks on real companies and government organizations. Penetration testing often goes hand in hand with exploit development, but the former is much more involved and complicated. You'll simulate attacks from within and outside the network, and your reports will help network administrators swiftly patch any vulnerabilities you find.
4. Mobile Application Penetration Testing
Both the Google Play and Apple App stores have about one million apps, and there are countless others available only on third party websites. A vulnerability in any one of those apps could spell disaster for unsuspecting smartphone users.
Why is smartphone security so important? Many government employees carry sensitive data around in their pockets and purses including contact information, emails, and reports. As a mobile application penetration tester, you'll be tasked with finding vulnerabilities in mobile apps, cellular networks, and smartphone operating systems.
5. Threat Intelligence
Threat intelligence is a set of tools used to identify attacks as soon as they start. In this field, you'll figure out where attacks are originating from and which controllers are being exploited. By identifying the attack early, you'll be able to limit the damage.
You'll also work with malware experts and exploit developers to patch vulnerabilities in your network before hackers take advantage of them. A powerful suite of tools will alert you when an attack is underway, but it's up to you to decide which countermeasures to take.