If you’ve watched Mr. Robot, or read a single news headline in 2016, you’re probably familiar with how powerful hackers are these days. Everything from celebrities’ phones to health records and government emails have fallen victim to cyber-attacks in recent months, leaving companies scrambling to find ways to protect their sensitive data.
Well, information security analysts are the people responsible for predicting and preventing these kinds of breaches. Since basically everybody in the world now carries around their bank info, emails, and uh, “sensitive photographs” on their cell phones, it’s probably no surprise that the “infosec” field is booming.
The Information and Communications Technology Council estimates that roughly 2,000 more analysts will need to hired by 2019 in Canada, and only 68.1 percent of employers can currently find the infosec talent they need. It’s been tipped as one of the top jobs of the future, and one of the least stressful. And with a constant stream of new technologies—and new ways to attack them—always on the horizon, this line of work has longevity.
Toronto-based James Donaldson is the 33-year-old CEO of Copperhead OS, a secure operating system that Chris Soghoian of the American Civil Liberties Union called the “the most exciting thing happening in the world of Android security today.” Donaldson also runs Toronto Crypto, a non-profit privacy advocacy group that promotes personal operational security.
Interested in a career in information security? Here’s how James did it:
What first got you into information security?
I’ve been a self-taught hacker since I was 12, so it’s always been a passion of mine. I was able to predict what was happening in the world, and I knew that I should getting into this field. Now, I’m able to give myself a comfortable lifestyle while retaining my ethical values. If you can pay your rent doing that, it’s pretty ideal.
Were you ever tempted to use your powers for evil instead of good?
[Laughs] That depends on your definition of evil. Let’s put it like this, I’ve never been interested in defrauding people or stealing money, how about that?
Good enough for me. So how did you take the leap to go professional?
I started making connections through Toronto Crypto, and they really helped propel me forward. That’s what I like about computer science nowadays. I found it really hard to break into the industry when I was starting out. You had to know people, or have the right papers. Nowadays, you can be a hacker, a programmer, or just have an account at Github and still get job offers. You can work from home. You can work for whatever ethical structure you believe in, whether it’s nonprofit, counter-cyber security with governments, anything. All that matters is that you have the right type of brain for it.
What’s an average day like for you?
Most of my day is spent between the company’s business needs and technical outreach. For technical outreach, I’m supporting our customers, taking the time to answer community questions, helping my CTO cope with the mess that is Android, and responding to emails about why we don’t support people’s specific devices and for us to prove that we aren’t the NSA or CIA.
How’s the community? Close-knit?
The information security community is rapidly expanding, which is a good thing. Toronto has a large cybersec community, but it’s a bit scattered amongst different networks. Local meetups, such as Defcon 416 and TASK, do exist though and provide a great place to start for someone looking to dive in.
You’re a hacker. Let’s say I’m not a high-powered government official but a lowly freelance writer. How should I be protecting my information more casually?
I don’t think there’s anything as “casual” protection. Mobile devices are the key to our personal lives. Who you call, where you go—that can draw a picture of your life, that’s worth a lot of money, and it can be very damaging. I ask people, do you walk outside naked? Do you send mail without envelopes? Would you park your car with the windows open? The same people who would never walk down an alleyway at night will give all their information to a that Meitu selfie app.
….I downloaded that selfie app.
Me too! It made you look like a fairy, right? But why does a selfie app need permission to access your call data and send it to China? We should be conscious of these things.
The lowdown on careers in infosec:
Types of jobs: There’s a ton of variety in the field. You might prefer to be an Information Security Architect, and design and build a company’s entire security network. Or a Forensic Analyst, who acts like a detective and figures out the sources of data breaches. Or go freelance offering consultations on how to better companies’ existing systems.
What you’ll be earning: According to PayScale, the median salary for an Information Security Analyst is $79,386. But if you get into consulting or management at a major company, you can hit $150,000, easily.
What you’ll need to study: A bachelor’s degree in computer science or in a related field will be helpful, since baseline coding experience is mandatory. If you’re angling for a management position, an advanced degree like Concordia University of Edmonton’s Master of Information Security would be a serious boon. If you follow Donaldson’s lead and teach yourself, make sure you get a solid foundation in programming, networking, and system administration.