This is a sector that is not experiencing the crisis. Cybersecurity is in the middle of a boom as cyber attacks spread across businesses and states around the world. Multinationals, large companies, but also SMEs, 81 % of companies were affected last year. The world of IT security is thus recruiting en masse and offering training courses that are becoming more and more numerous in order to respond to the crucial lack of well-trained candidates.
Cybercrime, unfortunately, is doing very well ! This is a frightening 2019 result from the report of the ministerial delegation to the security industries and cyber threat (DMISC) : one in eight companies were the victims of a cyber attack last year. With the main cyber attacks, rançongiciel, phishing and spear-phishing the most common with 73% of cases, malware, brute force, injection SQL, defacement, DDoS, spoofing, which can carry the "sweet names" of WannaCry, Petwrap, GoldenEye, Petya, SortaPetra, XHelper...
And the big data explosion is not going to make this cybercrime any better, on the contrary ! At the global level, there were two million attacks in 2018, with a loss of more than $45 billion. To deal with this cybercrime, States and companies are recruiting cyber security professionals en masse. In France, the cybersecurity sector employs 24,000 people (70 % in Île-de-France) in the digital economy, engineering, research, consulting and event companies, and 1,400 jobs are expected to be created by 2020 in many sectors.
According to a study by Wavestone in 2018, France had 128 dedicated startups representing 1100 jobs, for more than 100 million euros raised. An ecosystem is being set up, but it is still far from sufficient to face the hackers who have found a financial Gold Bridge.
Jobs that "run" after cybercrime
Cybercrime goes faster than cybersecurity, and it appears that this situation will intensify in the coming years. Only 25% of positions are filled due to a lack of qualified candidates or professionals trained in cyber security. Because it is not because one is a computer scientist that one can practice in the field of cybercrime. You have to be both a very good computer scientist and a very good "e-investigator" like the " ethical hacker ", who perfectly masters all the flaws of computer security to counter malicious hackers.
Even today, therefore, many IT professionals do not have the necessary qualifications to practice in the complex world of cybersecurity, its specific skills and certifications. This is due to a lack of knowledge of these rather new and highly specialized occupations and of the careers proposed, but also to the negative image too often conveyed of "geek alone surrounded by screens ". However, the cybersecurity professions are attractive, most positions are offered in full-time CID, with higher salaries than in other branches of computer science. Indeed, a young graduate can be offered, as soon as he or she is hired, an average monthly wage of between 2,500 and 3,000 € net.
Profiles sought for cybersecurity training
The real education in computer security, that is to say, with specific titles, generally exists only in the third year of engineering studies or in the Bac+5. An expert in attacks, a cybercrime lawyer, a data encryption expert, a cyber crisis management specialist, a security architect, a cryptologist, a data protection officer, a threat analyst, and an "organizational" security consultant, the cybersecurity professions are as numerous as they are varied.
But some of them are particularly sought after to counter the cyber attacks that most businesses are experiencing. Not only do we need professionals who are able to counter an ongoing cyber attack, but we also need to avoid them by securing the networks. :
- The "Ethical hacker". He is the leading hacking specialist and the most sought after profile. Its role is to formally infiltrate corporate computer systems to detect vulnerabilities before criminals do.
- Cyber crisis management specialist. It manages attacks when they occur by trying to secure as much data as possible.
- The IT Security Architect. A computer engineer, he is the key to setting up the most secure computer system.
- The IT security officer. He's an information protection expert. It defines and implements the security policy and an action plan in the event of an attack.
- The cybersecurity lawyer. Its role is to inform the company about the regulations in force and to support it in the event of a conflict. Lawyers defend them when they are victims of cyber attacks.
With basic training from bac + 2 to bac+3
The qualifications required in the IT security professions are high level after a bac+5 or an engineering school. But there are opportunities at bac+2 or bac+3, accessible after training in cybersecurity, for certain professions such as auditing, security expertise, securing existing equipment.
- With baccalaureate level+2 :
DUT GEII or networks and telecommunications and BTS OIS or digital computer system and networks.
Note: since 2017, the military High School of Saint-Cyr in Paris has opened a BTS digital systems, option cyberdefense.
- With baccalaureate level+3 :
Pro license in computer systems security or cyber defense, 38 pro licenses listed. Here are some examples: computer networks, mobility and security of the IUT of Saint-Malo, administration and security of systems and networks of the IUT of Villetaneuse, Paris 13, Cyber defense against intrusion of information systems of the Polytechnique University of Hauts-de-France, operation and security of information Systems and networks of the IUT Lyon 1.
The top 5 best masters in cybersecurity training
The OPIIEC, the Observatory dynamics of the trades of the professional branch of engineering, digital studies board of the event, has listed 150 training courses in it security, of which 37 titles from engineer to cyber security. The site meilleurs-masters.com conducted an annual ranking of cybersecurity training in both schools and universities and its 45 University masters.
- 1st. Specialised master's degree in cybersecurity, Atlantic Supelec /IMT Central, Cesson-Sévigné
- 2nd. MS cybersecurity, INSA Lyon
- 3rd. MS web Technologies and cybersecurity, Atlantic LMI, Brest
- 4th. specialized Masters Degree in Forensic and cybersecurity, Troyes University of technology-UTT ;
- 5th. Master computer Course network engineering mobile Communications and security, university of applied sciences, Hauts-de-France.
Good to know: there is a specialized master in e-Health Security, Computer Science Master cybersecurity and e-health at the University Paris Descartes.
Other training courses in IT security
To meet the exponential need for cybersecurity professional profiles, training of all kinds is flourishing, initiated by public structures, companies, training centres and specialized security organizations. Here are some of them:
- Thales and AFTI have implemented alternance certification courses, Cybersecurity expert, cybersecurity integrator Designer, Computer Security master;
- The National Agency for information Systems Security, the ANSSI, is involved in several programs of continuous or initial training in the field of information Systems Security;
- The CNAM, Conservatoire national des arts et métiers;
- French Safety Institute, IFS;
- Orsys training
There are also a number of free courses and training courses on IT security on the web. They do not issue official and recognized diplomas but allow to become informed and to be educated on the subject. This is the case of the welivesecurity site which references a list of some fifteen different free cybersecurity courses available in English and French. There are also MOOCs to train in computer security, such as the one at the ANSSI.