Updated: Jan 15, 2020
I started my career in cyber security about 10 years ago, and it’s been a remarkable and rewarding journey thus far. In the process, I have mentored and guided so many people as they worked to build careers in this space as well. The truth is, there isn’t really a one size fits all answer to how you can build a career in the industry – and that’s actually a good thing! There are SO many different paths and options you can take, and this guide can at least give you a place to start. Note that this content can be helpful to anyone, whether you are still a student, or are already working in another industry.
Know what cyber security really is and what it isn’t. There are many myths associated with working in the cyber security industry. I think the most prevalent one is that you have to be a hacker and sit at a computer and code all day. This couldn’t be further from the truth! In the companies I have worked for and with, hackers (Yes companies hire “good” hackers, also known as ethical hackers), make up about only 5 – 10% of the team. This means the majority of the roles in cyber security don’t really involve hacking. What are the other roles? You’ll get a small taste of that as you read on, but keep an eye out for my future post that will get a detailed rundown on technical and non-technical security roles. If you simply can’t wait for my take on the topic 😊, in the meantime, here is a useful link that can help you understand some of the roles. The point is that you have to keep an open mind and don’t be discouraged. There are many technical and non-technical roles in cyber security, and both are super important. Choose whichever side you prefer and dive in! I personally wanted a good mix of both. I knew that I eventually wanted to be a senior leader in cyber security, and that means you must understand both the technical and non-technical domains.
Get exposure to the various domains in cyber security. When someone introduces themselves as a doctor – a curious person who knows anything about the industry will likely ask, “What kind?”. Eye doctor? Foot doctor? Pediatrics? The list goes on and on. The same logic applies to cyber security. Depending on who you talk to, there are at least 10 – 20 different domains in cyber security and dozens of roles to choose from. Each requires a different skillset and thought process. You can find an example map of domains here. (I’ll dive into this map more in the future.) The bottom line is that it’s hard to know where your passions and skills may align unless you get the exposure and try different things. I suggest taking a brief online class that can give you a fundamental overview of what cyber security is. One of my favorite resources is Cybrary.it , I REPEAT Cybrary.it ! If you don’t take anything else away from this series, take that link and run with it! You can also find classes through other online training platforms like Coursera, Udemy, Khan Academy, etc. If you are a student currently, see if your school offers cyber security classes and consider taking one! In addition, read the upcoming article on a day in the life of a cyber professional.
Pick a development path or, better yet, mix it up. I could write an entire book on this part. There are so many ways into security. I know people like me who studied it in school and got in. I know people who were once nurses, biologists, historians, law enforcement officials, lawyers, and so on who now work in the cyber security space. There isn’t really a preferred path. The truth is that 90% of the people who are leaders in cyber security today, don’t have formal education backgrounds in the disciplines because it simply didn’t exist a few years ago. With that in mind, here are a few options.
1. The formal education route: Today, more schools are offering degrees in cyber security. I ended up getting a master’s degree in Information Security from the University of Houston and a Ph.D. in Security Engineering from the University of Colorado that really helped catapult my career in cyber. If you want to take the education route, look into programs at various schools, read reviews, and determine if that’s an investment you can and want to make.
2. Alternative program/training route: If a formal degree isn’t an option or desire for you, fear not! There are technical programs that are surfacing to help people fast track their careers in cyber security. Below are a few examples, but there are tons of others – do your research!
Research boot camps and other programs, there are tons
3. The self-taught route: Google is my best friend. There are SO many free resources out there, and when I wanted to build my cyber security expertise, I used them all. For example, the greatest hackers aren’t learning how to hack in school, they are usually self-taught. The same can apply to other domains as well. You can read content online, set up your own lab, and try teaching yourself about the industry. One challenge to keep in mind is that while many companies are progressive and focus more on competency than credentials, many still have stringent degree and certification requirements. This doesn’t mean that hope is lost. It means that first, you need to make sure you are REALLY good at what you do. And second, you need to seek out those progressive companies. Don’t waste your time on the others.
4. The certification route: There are cyber security certifications that can help you build your credential pool and skill set, whether you’ve chosen any of the paths above. Some examples include CISSP, Security+, CEH, and CISM, and of course, there are tons of others. This series includes an article that provides a rundown on certifications – coming soon!
5. The hybrid route: Lastly, there is the hybrid route. I’d say this is the path that I took and probably the best option. Doing a mix of formal education, self-taught learning, technical trade classes, and certifications allowed me to learn as much as possible about the industry and grow at a faster pace. Doing so gave me exposure to SO many different domains of cyber security, and it allowed me to discover what I loved in the industry quickly. Once I found that sweet spot – I began to excel even more because I loved what I was doing and got pretty good at it.
Get experience! Lastly, you have to work on building experience. A big challenge in cyber security is that it’s such a high-risk area that companies tend to prefer people who have done the work before. It’s a catch 22 because there aren’t enough experienced professionals without jobs to fill that need. What it means for people early in their careers is that having a degree or certification helps, but experience talks! I got creative to solve this problem for myself by always interning or working full-time in cyber security while learning at the same time, and will share more on that in the final article that details my own journey into cyber security.