Cyberattacks are now part of the daily news wreaking havoc everywhere, to individuals and organizations of all sizes and industries.
We are nearing the end of 2021. So much has changed in the last two years, many changes that can be seen as negative. But as with most hardship, there is a silver lining.
The silver lining is that there is a huge necessity for cybersecurity skills. The skills are in such demand that recruiters shamelessly contact employed cybersecurity professionals to extend offers, often more profitable than the jobs they currently hold.
There isn’t just one road to follow for a career in cybersecurity, a market which is expected to reach over USD 372 billion by 2028.
Not all, but many roads can lead to Rome if your heart so desires
Supply and demand, an age-old rule by which businesses operate. Lower availability makes for higher value of skills. This certainly applies in this case.
Organizations, whether they choose to admit it or not, need cybersecurity professionals. They need people with the know-how to devise a sound cybersecurity strategy, implement the required tools to constantly monitor their information assets and block intrusions.
Information is the gold of the 21st century and cyber attackers are reminding the world of this fact every day. As such, information assets should, in theory at least, protected at all costs.
Profile of a cybersecurity professional in the making
Let’s start by addressing the stereotypes. People with an interest in cybersecurity aren’t all hackers, locking themselves into their parents’ basement.
Netflix’s Mr. Robot may have provided the general public with a fictional glimpse of how cybercriminal gangs operate but let me reassure you: mental illness is not required to be a skilled cybersecurity professional.
While the examples listed above are caricatures, this does not mean that there isn’t a profile for people who have an interest on what happens in the depths of the internet.
First and foremost, people with cybersecurity ambitions need one very important character trait: curiosity. A curiosity for anomalies, a desire to know “what’s under the hood”, an inclination to test limits and boundaries to find vulnerabilities.
Another character trait that is a great asset for anyone interested in a career in cybersecurity is the ability to remain pragmatic in stressful or unexpected scenarios. (what’s the word I’m looking for??) Problems can arise at any moment and being able to react calmly and logically to stressful situations is an invaluable asset for any security professional.
Here are more traits that employers find valuable in a cybersecurity candidate:
- Persistence and passion
- An insatiable urge to learn and explore
- A passion for tech
- Inquisitive & Skeptical
- Diligent & Responsive
- Well-rounded perception, be able to think like the bad guys
- Having a well-rounded skillset (biz/tech/comm) – Being able to communicate with management in a term that they will understand
Now that we’ve established who and what, let’s delve into the ‘how’. Read on for 7 pieces of advice for a path in cybersecurity.
Be aware of what going this path means
Getting certified in cybersecurity can have knowledge and experience requirements. Reaching the higher levels takes time and persistence. This is why a passion for the field is so important.
You don’t become a cybersecurity champion overnight. And once you get there, you have to work to stay there. Again, if you’re passionate, you’ll have the advantage over someone who isn’t.
Furthermore, once you reach the stage where you are passing certifications, these certifications have to be maintained periodically, so you will need to stay up to date.
Whatever your goal becomes, being aware of the road ahead helps you prepare for what lies ahead.
To help you put the path your goal into perspective, let’s keep the 70-20-10 model in mind:
- 70% Workplace experience
- 20% Social Learning – learning from others/mentoring
- 10% Structured Learning – formal training/learning
1 – Preparation
To be able to grasp the concepts of what you’ll be learning, you’ll need some basic computing and security knowledge, as well as some basic programming skills.
Below are a few options to get you started:
2 – Learn and try to specialize on a particular cybersecurity area
If you are interested in cybersecurity, chances are you know your way around the internet fairly well. And this is a good thing because you already have a knack for knowing how to find what you’re looking for. Time to use this knack to poke around and find an area in the field that piques your curiosity more than any other.
Here is a list that may give you ideas:
- Governance and risk management
- Security auditing
- ISO 27001 and 22301 experts
- Application security development
- Cloud security
- Threat intelligence analysis
- Penetration testing/red teaming
- Network security
- Identity and access management
- Risk and compliance auditing
- Mobile-remote computing
Once you’ve found the one, start digging. There is a lot of knowledge out there. Cybersecurity is an industry were self-starters are at a clear advantage. Learn anything you can get your hands on.
3 – Monitor trends in cybersecurity so you understand current issues and opportunities
Cybersecurity evolves at an unfathomable rate. New vulnerabilities pop up every single day, hackers find new ways to penetrate information systems. Aside from training, being aware of what’s happening in the industry is key. It can often also provide context to what you are in the process of learning.
Subscribe to blogs, get a cybersecurity news app, browse relevant hashtags on social media, read specialized publications. The more you can absorb and understand, the better!
Here are a few suggestions for resources on staying up to date with industry news:
- Listen do DarknetDiaries
- Listen to The CyberWire Daily
- Follow cyber Twitter accounts (e.g. Huntress Labs, The Hacker News)
- Install the Security News app (iOS or Android) on your smartphone
4 – Seek out an internship where you can get hands-on experience:
Cybersecurity internships are a great way to get hands-on experience while developing your skills. Whether or not the internship is paid, hands-on experience offers knowledge that cannot be learned in a classroom or browsing a book or PDF. There is a level of understanding that cannot be achieved until a certain amount of experience can be amassed.
When possible, I would recommend favoring positions in the service industry, where you may have to work on a greater variety of issues.
Browse your usual job boards or local employment resources to discover what is available in your area. Networking is also a great way to learn about internship opportunities.
5 – Find a mentor
A mentor can provide feedback on career management that you might not find in a job and also help you forge relationships with key contacts in the industry.
It’s very important, before beginning your search, to identify that person’s professional role and how it enables them to provide the kind of feedback and direction you need.
You should be looking for someone who can help you achieve the goals you’ve set.
What are your skills? Have you obtained any certifications? If not yet, which ones interest you? How will this person? What type of organization do you want to work in?
Identifying and setting your goals are the first step to knowing what you are looking for in a mentor.
You then have to get out there and start networking. Get involved in groups on sites like LinkedIn, attend industry events, workshops, conferences, meetups and contact association chapters in your community. The goal is finding out where potential mentors spend their time and throwing yourself in the mix.
6 – Develop your interpersonal and communication skills (take that, Mr. Robot!)
Just because someone knows how to talk “computer” doesn’t mean that they don’t know how to talk to other people. Let’s throw this myth out the window right away.
If we go back to our 70-20-10 model, 20% of knowledge is obtained through other people. You have to be able to exchange with those people.
Earlier I mentioned how having a well-rounded skillset (business/technology/communication) being important. This is because technical and business teams do not speak the same language, which gets tricky when comes the time to communicate the seriousness of certain technical issues to top management.
A good communication strategy also includes your online presence. Consider creating and keeping your LinkedIn profile up to date. There are plenty of available resources online that can teach you how to be more visible and more attractive on social media platforms. LinkedIn being above all a professional networking platform, having a strong presence there is very important if you wish to find opportunities in cybersecurity.
Follow relevant hashtags, read through comment sections, offer your opinion where you have one and do not be afraid to ask questions; a lot can be learned through discussion.
We recommend not undervaluing your online presence as many opportunities present themselves via online channels.
7 – Get a cybersecurity certification
You’ve now chosen a direction, started studying, are keeping up to date with industry news and you’re developing your communication skills. Finding a mentor or an internship is a bit more complex, as they do not only rely on your actions.
So you are putting in the work, now it’s time to tell the world you’re serious about your journey.
Certifications, in this industry as in many others, communicates your commitment to your chosen profession and can help you stand out from other professionals.
There are many levels of cybersecurity certifications out there. Assuming you’ve found the right one for you, you can browse at the table below to see what certifications you can earn depending on which direction you would like to pursue. You can click on the links to read more information about course descriptions and requirements.
Are you looking to get into the cybersecurity field? What challenges are you facing? What questions are you having a hard time answering? Let me know in the comments!