From mission support and connected vehicles to medical device protection and ethical hackers – there’s never been a better time to pursue a career in cyber.
Organizations around the globe – commercial and government – are seeking those with the right cyber skills to solve challenges in this constantly changing field. But there are some gaps in the candidate pool. Some companies are struggling to find qualified applicants. Others can find applicants, but can’t find those who have a very specific set of skills.
Battelle has firsthand experience when it comes to cyber jobs. Our Cyber Innovations team recently weighed in on two of the most prominent skills gaps—reverse engineering and vulnerability research—and how job seekers can prepare themselves to be more competitive.
What Can You Do?
Three words: capture the flag. CTFs were created to give cyber researchers a place to learn and practice new skills in a fun low-stakes environment. While the problems are often silly and contrived, the lessons learned participating in these challenges are directly applicable to real world cyber R&D.
The world’s best security researchers often participate in capture the flag competitions, including CSAW, Plaid CTF and DEF CON. For those just starting in the field or still in school, find a capture the flag, security group or open-source club to join. If one doesn’t exist, start one. Capture the flag (CTF) events are designed to test your skills in:
- Reverse engineering
- Vulnerability research
- Creative problem solving
- Web exploitation
If you participate in CTFs, or other wargames, you should make sure to list them on your resume. When interviewing for a cyber-related job, you can be certain that your interviewers will be CTF players, and your involvement will set you apart from your peers.
The Two Major Skills Gaps
Software and hardware reverse engineers disassemble targets into discrete components so they can be thoroughly documented and understood.
The process varies depending on the target, but ultimately the end goal of a reverse engineer is to answer specific questions about a target, such as:
- What capabilities does this software have?
- How exactly does this algorithm work?
- How can you interact with this device? What input is it expecting and what output does it provide?
- Are there any physical debugging ports on this circuit board and how can we connect to them?
Vulnerability researchers hunt for weaknesses in software. Whether that software runs as a desktop application, or handles the boot process on your cool new gadget, vulnerability researchers aim to make software fail in order to prove weak spots.
Strong vulnerability researchers should be able to:
- Understand how software developers think, as well as the mistakes they typically make.
- Utilize advanced tools to automate tedious parts of a workflow.
- Efficiently discover and explore edge cases to uncover bugs quickly.
- Understand how to profile the characteristics of software bugs, and if possible, gain control over execution, leak information or inject commands they should not be able to.
Together, reverse engineering and vulnerability research make up a small cross-section of skills needed to be a successful security researcher, but they are critical skills in this new cyber domain.
Join Our Team
Battelle has a number of job openings in cyber and has developed a formal training program for new hires to help close the skill gap. Learn more about some of our cyber capabilities and then see what positions are available.