From mission support and connected vehicles to medical device protection and ethical hackers – there’s never been a better time to pursue a career in cyber.
Organizations around the globe – commercial and government – are seeking those with the right cyber skills to solve challenges in this constantly changing field. But there are some gaps in the candidate pool. Some companies are struggling to find qualified applicants. Others can find applicants, but can’t find those who have a very specific set of skills.
Battelle has firsthand experience when it comes to cyber jobs. Our Cyber Innovations team recently weighed in on two of the most prominent skills gaps—reverse engineering and vulnerability research—and how job seekers can prepare themselves to be more competitive.
What Can You Do?Three words: capture the flag. The world’s best security researchers often participate in capture the flag competitions, including CSAW, Ghost in the Shellcode, Plaid CTF and DEF CON. For those just starting in the field or still in school, find a capture the flag, security group or open-source club to join. If one doesn’t exist, start one. Capture the flag (CTF) events are designed to test your skills in:
- Reverse engineering
- Vulnerability research
- Code auditing
- Web exploitation
If you participate in CTFs, or other wargames, you should make sure to list them on your resume. When interviewing for a cyber-related job, you can be certain that your interviewers will be CTF players, and your involvement will set you apart from your peers.
The Two Major Skills Gaps
Software and hardware reverse engineers disassemble targets into discrete components so they can be thoroughly documented and understood.
The process varies depending on the target, but ultimately the end goal of a reverse engineer is to answer specific questions about a target, such as:
- What capabilities does this software have?
- How exactly does this algorithm work?
- Is this device capable of wireless communication?
- Are there any physical debugging ports on this circuit board and how can we connect to them?
Vulnerability researchers hunt for weaknesses in software. Whether that software runs as a desktop application, or handles the boot process on your cool new gadget, vulnerability researchers aim to make software fail in order to prove weak spots.
Strong vulnerability researchers should be able to:
- Understand how software developers think, as well as the mistakes they typically make.
- Aim for control.
- Understand how to profile the characteristics of software bugs, and if possible, gain control over execution, leak information or inject commands they should not be able to.
- Prey on the mistakes of forward engineers, whether it's to patch critical security flaws or insert additional capabilities through advanced tool development.
Together, reverse engineering and vulnerability research make up a small cross-section of skills needed to be a successful security researcher, but they are critical skills in this new cyber domain.
Join Our Team
Battelle has a number of job openings in cyber and has developed a formal training program for new hires to help close the skill gap. Learn more about some of our cyber capabilities and then see what positions are available.