Careers, Concepts, Security Education

Breaking into Security Careers – 2018

Posted on by Ron Woerner in Careers, Concepts, Security Education
Cyber Careers

Cybersecurity continues to be a hot career field with many job opportunities. This means more and more folks want to break into it. A common question I’m asked is, “How do I get a job in information security / cybersecurity?” We continue seeing people who are interested, but don’t know the steps it takes to start or extend a cyber career. This blog post answers the question, “How do I break into (the) security (career field)?” It’s updated from my 2014 and 2015 blogs.

Career Triad

To get hired as a security professional, you need a mix of experience, education, and certifications. It takes all three to not only land the job, but also be successful in it.

1. Education: With education, you learn how to learn. Cybersecurity is a vast field and it’s nearly impossible to know everything. You need to be able to learn and adapt quickly to new technologies, situations, and processes. Education also builds the soft skills of critical thinking and communications. It’s readily available both online and in-person through local universities and training partners like CyberVista or Cybrary.it. It’s hard to study on your own. These resources provide you with expert instruction and guidance to not only pass the certification exams but also gain knowledge to succeed as a security professional. When looking at formal education, seek out 2 or 4 year schools that are designated Centers of Academic Excellence in Cyber Defense by the NSA and DHS.

2. Experience: You gain experience and a fine-tuning of your abilities through work, volunteering and building your own home cyber playground. Almost every job today has an aspect touching technology. Do your homework and learn all you can about it. Ask others if you don’t know. It’s also easy and inexpensive to build your own home lab or playground. Finding an old computer or getting a Raspberry Pi and learning Linux is a great technical experience builder. You can also gain experience by volunteering to help secure a local non-profit, your church, or other community organization.

3. Certifications: IT certifications get your foot in the door and help you move up in your career by showing employers you have the skills they’re looking for. CompTIA Security+ is and has been the optimal starting point for security certifications. It helps you prove basic competency in topics such as threats, vulnerabilities, and attacks, system security, network infrastructure, access control, cryptography, risk management, and organizational security. Don’t stop there. Keep your career moving by building on it with other ones like the CompTIA cybersecurity certifications (CySA+, CASP, or PenTest+). CompTIA CySA+ and CompTIA PenTest+ delve further into the cybersecurity specialty, validating the complementary skills of offensive and defensive cybersecurity teams. If you’ve been in cybersecurity for a while and want to remain in a hands-on enterprise security, incident response and architecture role rather than moving into management, CASP is for you. Once you’ve gained five years of cyber experience with those certifications, you’ll be ready for advanced cybersecurity certs like (ISC)2’s CISSP or ISACA’s CISM or CISA.

Once you’ve decided that cybersecurity for you, decide on your career track. Cybersecurity is both vast and wide and covers a myriad of jobs. Figure 1 shows the high-level cybersecurity careers. Don’t try to do or be everything for everyone. What cyber job excites you the most? In which one(s) do you have even a little knowledge and skill? Base your decision on your strengths, interests, experiences, and future goals.

Cybersecurity Career Paths

Once you’ve decided that cybersecurity for you, decide on your career track. Cybersecurity is both vast and wide and covers a myriad of jobs. Don’t try to do or be everything for everyone. What cyber job excites you the most? In which one(s) do you have even a little knowledge and skill? Base your decision on your strengths, interests, experiences, and future goals.

The NIST National Initiative for Cybersecurity Education (NICE) is a great resource for cybersecurity career information. The NICE Cybersecurity Workforce Framework, aka NIST Special Publication 800-181 is a national focused resource that categorizes and describes cybersecurity work. CyberSeek provides detailed data about supply and demand in the cybersecurity job market. Use it to see where and what the cyber jobs are through interactive maps and career pathways. NIST NICE provides numerous other resources invaluable to cybersecurity job seekers. The nice thing about these (pun intended) is that it’s all free.

Security Professional Traits

The following traits are common among successful cybersecurity professionals. Having each will differentiate you from others when you’re hunting for a job or looking for a promotion.

  • Curiosity – A wonder on how and why things work. All hackers are curious.
  • Critical Thinking – goes with #1. You need to go beyond the obvious and be able to analyze your environment to best fit business needs.
  • Communications skills – you can find the coolest things, but if you can’t effectively let others know, it’s like a tree falling in the forest. Build your ability to both write and speak. This is where education can help.
  • Technical Skills – You need to know your way around computers, networks, and applications. Understand what’s happening under the covers. You should build this both on-the-job and on your own.
  • Maturity – Stuff happens. You need to be able to keep your head when all h311 is breaking lose.

Each are discussed in more detail in Eric Steven Raymond epic paper from 2001, “How to Become a Hacker,” which should be required reading for all cyber professionals.

Join the Community

The last piece of advice is for you to join a local or national cybersecurity organization. ISSA, ISACA, (ISC)2, and OWASP have chapters throughout the World. They provide access to expert instruction on cybersecurity topics. There’s also tremendous power in networking (the human kind). Most jobs are found through someone you know. Plus, at their meetings, you’ll can meet other passionate cybersecurity and IT professionals to help you jumpstart or extend your cybersecurity career.

For more ideas on breaking into cybersecurity careers, I recommend Launch Your Cybersecurity Career in 8 Steps from CompTIA: https://goo.gl/3aV74t.

Cybersecurity jobs are aplenty and it’s a great career. It’s up to each worker to set her/his own path. Use the ideas above and share others.