How to Get Started in Cybersecurity- So, are you considering a job move or simply want to add new information security skills to your arsenal to assist you protect your data and computers? Let’s walk through the steps of moving to cybersecurity, from the brainstorming and planning stages to the skills you’ll need to master and the tools to assist you do so.
Is a College Degree Required for a Career in Cybersecurity?
The short answer is no, it isn’t always the case. “People without college degrees pioneered our industry,” says Josh Feinblum. “Work hard to get active in the community, contribute to open source projects, and attempt to talk at conferences on intriguing research – these are all things that the early pioneers did, and they can create possibilities for smart, hard-working individuals to break into the industry.”
The similar tendency has been observed (and personally experienced) by Kristen Kozinski, who is now an Information Security Trainer at the New York Times.
She notes, “Most of the folks I’ve encountered in the field are self-taught.” “My own route has been pretty unconventional. When I was working at MailChimp a few years ago, our Information Security team had an opening for an apprentice to work with our security engineers. It seemed like the ideal situation. I acquired the job after doing some research on The Open Web Application Security Project. As a Junior Security Engineer, I continued to work with that team.” Don’t Click on That, Kozinski’s security awareness company, is now open for business.
If you have a computer science or equivalent degree, though, it will almost certainly broaden your cybersecurity work prospects. “College degrees are typically a checkbox anticipated by many large companies,” according to Feinblum, “so not having a degree may limit some opportunities.” It’s not a deal-breaker; it’s simply something to think about!
Pick a Cybersecurity Career Path
One of the most interesting aspects about cybersecurity is the variety of options available. You don’t need a technical background to pursue them, as I mentioned earlier.
The first step in deciding on a cybersecurity job path is to assess your strengths in light of your history. “I urge that you do an honest assessment of your own abilities and interests as your first step,” says Robb Reck. “Are you someone who enjoys interacting with others? Are you an app developer? Are you a policy wonk? What is a networking guru?
Creating a list of your preferences and talents can assist you in determining which type of IT security employment is the greatest fit for you. “Penetrating, security engineering, and incident response are some of the most popular areas,” adds Kristen Kozinski.
Once you’ve narrowed it down, conduct more study and learn the jargon for the sectors of interest you’ve chosen within cyber security. “Look for books that delve into that topic,” Kozinski advises. “No Starch Press publishes a number of excellent security books. I also suggest taking a look at the Awesome Infosec Github page, which is a crowdsourced collection of educational resources.”
It will also assist in connecting with individuals in the industry, forming contacts, and seeking guidance. “Join Twitter,” Kozinski advises. “There is a really open cybersecurity community there, and a lot of individuals give wonderful advice on how to obtain jobs and where to locate learning resources in your field of interest.”
In-person groups are also beneficial. “Join organisations like the Information Systems Security Association (ISSA), the Open Web Application Security Project (OWASP), the Cloud Security Alliance (CSA), or the Information Systems Audit and Control Association (ISACA), all of which have regional branches near you,” suggests Robb Reck. “Begin helping with these organisations, and learn about Open Source initiatives on the internet. You don’t need a job to gain security experience. The relationships you develop in those groups will almost certainly lead to your future job.”
It’s a good idea to learn the fundamentals of programming before moving on to more advanced topics. “Knowing a programming language will put you ahead of the game in cybersecurity,” says Kristen Kozinski. “You don’t have to be an expert, but knowing how to read and understand a language is a useful skill.” This isn’t a must-have requirement for cyber security, but it’s a great to have.
Learn about the most important cybersecurity technologies and skills.
According to Chris Coleman, successful cybersecurity engineers can also think like a cybercriminal. “One can only forecast and avoid cyberattacks if they have a thorough awareness of system vulnerabilities.”
Other technical skills will differ depending on the field you choose to specialise in. Coleman does, however, propose the following cybersecurity skills:
- Security and networking foundations
- Logging and monitoring procedures
- Network defense tactics
- Cryptography and access management practices
- Web application security techniques
So, what is the most effective method for learning cybersecurity? The cornerstone to most security work, no matter what your specialty is—network security, information security, IT security, etc.—is understanding systems. Andy Ellis says, “Learn to take a systems view first when confronting new technology or processes.” “Ask questions like, ‘What is going on in this system that I’m not seeing?’ What are the objectives of the system owner or designer? What kind of inescapable loss might there be? ‘How could this have happened?’
If you’re thinking about payroll system vulnerabilities, for example, you’d start with queries like:
- How does an employee get paid?
- Where is their data?
- How can that fail?
“Asking yourself these questions and knowing the answers is a terrific approach to get started on a path to securing the future,” Ellis continues.
Soft skills, on the other hand, include a willingness to learn — especially since the subject of information security is always changing — as well as the ability to work well in a group.