{"id":306,"date":"2018-10-21T15:50:23","date_gmt":"2018-10-21T21:50:23","guid":{"rendered":"http:\/\/cybersecurity.bellevue.edu\/?p=306"},"modified":"2018-10-21T15:50:23","modified_gmt":"2018-10-21T21:50:23","slug":"choosing-your-cybersecurity-career-path","status":"publish","type":"post","link":"https:\/\/cybersecurity.bellevue.edu\/index.php\/2018\/10\/21\/choosing-your-cybersecurity-career-path\/","title":{"rendered":"Choosing your Cybersecurity Career Path"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-57 aligncenter\" src=\"https:\/\/rwxsecurity.com\/wp-content\/uploads\/2018\/10\/Cyber-Career-Paths-jpg3-300x163.jpg\" alt=\"\" width=\"420\" height=\"228\" \/><\/p>\n<ul>\n<li><span style=\"margin: 0px;padding: 0in;border: 1pt windowtext;color: #333333;font-family: 'Arial',sans-serif;font-size: 14.5pt\">Landing and keeping a job in cybersecurity<\/span><\/li>\n<li><span style=\"margin: 0px;padding: 0in;border: 1pt windowtext;color: #333333;font-family: 'Arial',sans-serif;font-size: 14.5pt\">What\u2019s best for your Cybersecurity career: certification or a degree?<\/span><\/li>\n<li><span style=\"margin: 0px;padding: 0in;border: 1pt windowtext;color: #333333;line-height: 107%;font-family: 'Arial',sans-serif;font-size: 14.5pt\">Strategic (GRC) vs. Tactical (Technical) career paths<\/span><\/li>\n<\/ul>\n<p><span style=\"margin: 0px;color: #333333;font-family: 'Arial',sans-serif;font-size: 12pt\"> I\u2019m often asked by folks entering the cybersecurity career field, \u201cHow do I land (or keep) a job in cybersecurity?\u201d and \u201cShould I get a degree in cybersecurity or focus on certifications?\u201d The bottom line is that there is no one answer that fits everyone. As with most things in life, it depends. Where you are at in your career, life\u2019s journey (i.e., age), financial resources and your own ambitions are all things to consider. In this post, I\u2019ll cover options in hopes of helping you understand the benefits of each and how you can grow your career as a cybersecurity professional. This is part 2 of my series on <\/span><span style=\"margin: 0px;font-family: 'Arial',sans-serif;font-size: 12pt\"><a href=\"https:\/\/www.peerlyst.com\/posts\/breaking-into-security-careers-2018-ron-woerner\">Breaking into Cybersecurity<\/a><\/span><span style=\"margin: 0px;color: #333333;font-family: 'Arial',sans-serif;font-size: 12pt\">. <\/span><\/p>\n<p><span style=\"margin: 0px;color: #333333;font-family: 'Arial',sans-serif;font-size: 12pt\">From a career or professional perspective, information security (aka cybersecurity or information assurance) is now a stable and growing profession. Information security jobs are expected to increase by 28 percent through 2026, according to the Bureau of Labor Statistics (BLS). With all the opportunity, landing a cybersecurity job can still be tricky trying to meet the laundry list of requirements that are often looking for the optimal candidate who walks on water. <\/span><\/p>\n<p><span style=\"margin: 0px;color: #333333;font-family: 'Arial',sans-serif;font-size: 12pt\">Below are some steps for you to determine certs or degree and help you build your cyber career:<\/span><\/p>\n<ol>\n<li><strong>Pick a path<\/strong>. There are two main categories of cybersecurity careers: Strategic and Tactical.\n<ol>\n<li>Strategic <span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">includes Governance, Risk, and Compliance (GRC), Policy, IT Audit, security frameworks and management.<\/span><\/li>\n<li>Tactical<span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\"> includes everything technical: security systems administration, networking, application security, security operations, incident response, vulnerability management, and penetration testing.<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p style=\"padding-left: 30px\"><span style=\"margin: 0px;color: #333333;font-family: 'Arial',sans-serif;font-size: 12pt\">Pick the one where you have the most strengths. If you love playing with technology, go tactical. If you\u2019re more prone to management and process, consider strategic. A word of caution: don\u2019t try to do both and be a jack of all cybersecurity trades. Folks in this position (like me) are often seen as a master of none and are disqualified from many jobs. I\u2019ve been told dozens of times that I\u2019m too technical for strategic jobs and not technical enough for tactical. By the way, picking one over the other does not mean you won\u2019t need to know how the other side works. Strategic needs to understand technology and tactical needs to get business risk. The Cyber Seek website (<\/span><span style=\"margin: 0px;font-family: 'Arial',sans-serif;font-size: 12pt\"><a href=\"https:\/\/www.cyberseek.org\/pathway.html\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cyberseek.org\/pathway.html<\/a><\/span><span style=\"margin: 0px;color: #333333;font-family: 'Arial',sans-serif;font-size: 12pt\">) contains a list of careers for each path. <\/span><\/p>\n<ol start=\"2\">\n<li><strong>Determine your education path<\/strong>. <span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">This is how you will reach the goal of getting the cybersecurity job of your choice. Cybersecurity degrees and certifications each have benefits and costs. Both can be used to open doors on cybersecurity careers.<\/span>\n<ol>\n<li><strong>Degree \u2013 <\/strong><span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">Expand or gain knowledge over time. With a degree you learn how to learn. This is crucial in the ever-changing cyber world. You\u2019ll also gain additional professional skills like communications, leadership and management. Another positive for education is that a degree is forever and does not require any upkeep. It will get you in the HR screening process door if an IT degree is a particular job requirement. It indicates that you have the work ethic to complete something. Of course, it comes at a cost; both time and money. An inexpensive education option in the United States are 2-year schools (aka community colleges). The National Security Agency (NSA) designates 2 and 4-year schools as Centers of Academic Excellence in Cyber Defense. See <a href=\"https:\/\/www.nsa.gov\/resources\/students-educators\/centers-academic-excellence\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.nsa.gov\/resources\/students-educators\/centers-academic-excellence\/<\/a>.<\/span><\/li>\n<li><span style=\"margin: 0px;color: #333333;font-family: 'Arial',sans-serif;font-size: 12pt\"> <strong>Certification \u2013<\/strong> Establish your credibility. Certifications show you have knowledge in a specific area or indicates that you have the subject matter expertise. If you\u2019re just starting in cybersecurity, the <a href=\"http:\/\/bit.ly\/2Ei6Xtw\" target=\"_blank\" rel=\"noopener\"><span style=\"margin: 0px;line-height: 107%;font-family: 'Arial',sans-serif;font-size: 12pt\">CompTIA Security+<\/span><\/a><span style=\"margin: 0px;color: #333333;line-height: 107%;font-family: 'Arial',sans-serif;font-size: 12pt\">\u00a0(<a href=\"http:\/\/bit.ly\/2Ei6Xtw\" target=\"_blank\" rel=\"noopener\">http:\/\/bit.ly\/2Ei6Xtw<\/a>) is the perfect place to start. It covers the basics, without requiring you have extensive knowledge or experience. Certifications based on a point in time and require continuing certification. The benefit is that you can often take a 1-week boot camp or watch a video series like <\/span><span style=\"margin: 0px;line-height: 107%;font-family: 'Arial',sans-serif;font-size: 12pt\"><a href=\"https:\/\/www.cybrary.it\/\">Cybrary<\/a><\/span><span style=\"margin: 0px;color: #333333;line-height: 107%;font-family: 'Arial',sans-serif;font-size: 12pt\"> and complete the certification exam shortly after. This can be a low-cost option for many. <\/span><\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<ol start=\"3\">\n<li><strong>Practical Experience \/ Practice<\/strong>. <span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\"><em>Getting certifications or a degree does not guarantee a job<\/em>. You must continually practice what you\u2019ve learned and build on that knowledge. This should come from both practical experience and personal practice.<\/span>\n<ol>\n<li>Experience. <span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">For many cybersecurity jobs, this matters more than degrees or certifications. For those who are new to the cybersecurity career field, start in a help\/service desk or security operations center (SOC). These are great ways to gain positive professional experience learning how cybersecurity operates within an organization. You can also gain experience by volunteering to fix or security computers for a community group (e.g., senior center, religious organization, etc.). In return, ask for a reference. By the way, you don\u2019t have to start in cybersecurity. All careers can teach about professionalism and how organizational operations. These can provide much-needed perspective outside of technology.<\/span><\/li>\n<li>Practice &amp; Do Your Homework. <span style=\"font-size: 12pt\"><span style=\"font-family: arial,helvetica,sans-serif\">Cybersecurity is a career where you must keep learning and relearning to stay relevant and keep your skills sharp. I often tell my students, \u201cHomework begins after you graduate\u201d and \u201cThe real test is in the real world (not in the classroom).\u201d You flunk a test in school, you can still graduate. You flunk a test irl (in real life), you won\u2019t get the job or get to keep your job. This means you need to keep learning. Take advantage of sites like<\/span> <a href=\"https:\/\/www.cybrary.it\/\" target=\"_blank\" rel=\"noopener\">Cybrary<\/a> that provide free videos on many aspects of security.<\/span>\n<ol>\n<li><span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">For the strategic \/ GRC track, you need to read a lot about cybersecurity. Study the latest frameworks (NIST, CSC), laws and regulations (PCI, HIPAA, GDPR, State Laws, etc.). Read security news like krebsonsecurity.com. <\/span><\/li>\n<li><span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">For the tactical \/ technical track, practice your skills. You should have a home lab environment with physical equipment, virtual machines or both. You can do much of this for very little cost. Learn Linux by getting a Raspberry Pi or load VMWare or VirtualBox. Learn how to hack and protect yourself.<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>No matter the path, you need to:<\/p>\n<ol style=\"list-style-type: upper-alpha\">\n<li><strong>Be aware of the other side<\/strong>. <span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">If you\u2019re tactical \/ technical, you still need to understand strategic \/ business, and vice versa.<\/span><\/li>\n<li><strong>Network (the human kind)<\/strong>. <span style=\"font-family: arial,helvetica,sans-serif;font-size: 12pt\">Join security groups in your community like ISSA, ISACA, ISC2, OWASP, Infragard, etc. This is a great way to meet other passionate cybersecurity professionals. These groups may also provide mentors to help you chose your path and keep your skills sharp through continual learning.<\/span><\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-60 alignright\" src=\"https:\/\/rwxsecurity.com\/wp-content\/uploads\/2018\/10\/red-pill-blue-pill-300x200.jpg\" alt=\"\" width=\"228\" height=\"152\" \/>This is just a short tutorial on building your cybersecurity career. Like in the Matrix, you need to pick a path (the red pill or the blue pill \/ strategic or tactical \/ education or certification) and move towards your goals.<\/p>\n<blockquote><p><em>If you chose not to decide, you still have made a choice<\/em>. Don\u2019t let the choice be made for you.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Landing and keeping a job in cybersecurity What\u2019s best for your Cybersecurity career: certification or a degree? Strategic (GRC) vs. Tactical (Technical) career paths I\u2019m often asked by folks entering the cybersecurity career field, \u201cHow do I land (or keep) a job in cybersecurity?\u201d and \u201cShould I get a degree in cybersecurity or focus on [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[34,32,11,8],"tags":[],"class_list":["post-306","post","type-post","status-publish","format-standard","hentry","category-careers","category-concepts","category-human-aspects","category-security-education"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/comments?post=306"}],"version-history":[{"count":4,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/306\/revisions"}],"predecessor-version":[{"id":310,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/306\/revisions\/310"}],"wp:attachment":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/media?parent=306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/categories?post=306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/tags?post=306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}