Introduction In a previous post "How Do I Get into the IT Field?", I discussed the topic of breaking into the IT industry. In this post, I will delve deeper into how to enter the field of cybersecurity. While some of the myths surrounding the IT industry are similar to those in cybersecurity, there are unique challenges that need to be overcome to gain a foothold in this field.
Cybersecurity is a vital and growing subfield within IT that offers exciting and challenging career opportunities. Whether you are a seasoned IT professional looking to specialize or someone new to the industry, cybersecurity is worth exploring. In this post, I will share some insights and tips to help you navigate your way into the cybersecurity field. If you are interested in cybersecurity, cybersecurity news and trends, be sure to visit Cyb3r-S3c frequently and check out my YouTube channel, Cyb3r-0verwatch.
Don't Believe the Myths
When it comes to cybersecurity, it's important to be aware of myths and misinformation just as in the IT field. False information may come from HR personnel or recruiters who are not fully knowledgeable about the requirements for cybersecurity roles. However, depending on your experience, some cybersecurity roles may be out of reach. As with the IT field, an entry-level position may be the best way to break into cybersecurity, particularly if you have little to no experience.
As I mentioned in my previous post, conducting your own research is a key to success. To assist those who want to enter the cybersecurity field, I created Cyb3r-S3c to provide guidance and support. While I don't consider myself an expert, I share information based on my personal experience and research.
Although there are some unique myths surrounding entering the cybersecurity field, many are similar to those in the IT industry. For a more detailed description of these myths, please refer to my previous post "How to get into the IT field."
4 year degree or a technology degree required.
Must gain your knowledge from college classes.
Must know how to code.
Cybersecurity is for the young.
It takes years to learn the necessary skills.
Your current skills wont transition to Cybersecurity.
Why Do You want to Get into Cybersecurity?
People have various reasons for wanting to pursue a career in cybersecurity. It could be due to a long-standing passion for computers or a desire to switch from an unfulfilling career. Military veterans may find cybersecurity an attractive option for post-service employment. Additionally, fresh high school or college graduates may be drawn to the potential rewards of the field. Regardless of the reason, it can be a significant motivator for making a career change.
According to research conducted by the Bureau of Labor Statistics, overall employment in IT occupations is projected to grow by 15 percent from 2021 to 2031, surpassing the average growth rate for all occupations. Furthermore, the employment of information security analysts is projected to increase by 35 percent from 2021 to 2031, indicating a high demand for cybersecurity professionals. On average, around 19,500 job openings for information security analysts are projected every year over the decade.
For those who are passionate and willing to learn, the cybersecurity field offers ample opportunities and rewards for those who put in the effort.
Getting into Cybersecurity is not Impossible
Getting into the Cybersecurity field can be challenging, especially if you have no prior experience. However, there are ways to make it easier to get your foot in the door. It's important to approach every IT/Cybersecurity opportunity as a chance to learn and gain experience, even if it's not a security engineer or manager role. You should not expect to start at the top right away, and it's important to be willing to start from the bottom and work your way up.
While everyone's journey is different, it's possible to succeed in the Cybersecurity field with hard work, motivation, perseverance, a positive attitude, and a willingness to learn. You don't necessarily need a four-year degree, although it can be helpful. It's also important to be proactive in your learning, whether that means studying, reading, watching videos, or working on a lab.
Remember that not every opportunity will be perfect, but finding the silver lining and using it as motivation to take advantage of the next opportunity can be beneficial. With dedication and a willingness to learn, you can start your journey in the Cybersecurity field and work your way towards a successful career.
Have a Plan
Lets say you refused to let myths discourage you and have thoroughly considered your motivation for entering the cybersecurity field. You are feeling confident in your decision. You recognize that it is not impossible to pursue a career in cybersecurity, even with limited to no prior experience. So, what steps should you take next? This is an excellent question, and the first crucial step is to develop a well-structured plan.
Document on paper your intention to get into the Cybersecurity field.
Document your goals.
Document what you need to do to achieve your goals.
Document resources that can help you achieve your goals.
Explore Roles and Career-paths
Next, it is essential to gain clarity on the potential entry-level roles you may qualify for, considering your limited IT or cybersecurity experience. Alternatively, if you are still exploring various career paths within cybersecurity, it's crucial to discover what interests you the most. Fortunately, there are numerous resources available that can assist you in understanding the different roles within the field and their respective responsibilities. Here are some valuable resources to help you gain insight into available roles and their job descriptions.
Resources:
Start Educating Yourself
Having completed your research, you have discovered an entry-level role that has sparked your interest and even generated excitement. Now, it's time to roll up your sleeves and dedicate a consistent amount of time each day to learning. This may demand setting aside at least an hour or two daily to study, read, train, and absorb knowledge. To support your learning journey, feel free to check out my website cyb3r-s3c.com, where you can access a free "Resources" page featuring links to a wide range of IT and cybersecurity learning materials. Additionally, remember that Google can be an invaluable tool for finding relevant information and resources to enhance your learning experience. You will want to learn the fundamentals of:
Windows
Linux
Active Directory
TCP/IP
Networking
Vulnerabilities
Python
Log Analysis
Resources
(https://www.howtonetwork.org/design/ccda/chapter-1-network-fundamentals/network-fundamentals-tcpip/)
(https://www.cybrary.it/catalog/practice_labs/windows-operating-system-fundamentals/)
(https://cloudacademy.com/course/linux-fundmentals-1346/the-linux-directory-structure/)
(https://www.cybrary.it/course/linux-fundamentals-for-security-practitioners/)
(https://www.geeksforgeeks.org/basics-computer-networking/)
(https://pythonprogramming.net/python-fundamental-tutorials/)
(https://linuxsecurity.com/features/complete-guide-to-vulnerability-basics)
(https://log-hero.com/docs/beginners-guide-to-log-file-analysis)
(https://medium.com/microsoftazure/log-management-fundamentals-for-cybersecurity-engineers-33e433677a0b)
(https://www.sans.org/mlp/cybersecurity-training-community/?hide-footer=1&utm_campaign=NA+Cybersec+Training+Community&utm_content=RSA1&utm_medium=CPC&utm_source=Google&utm_term=Training)
Pursue Certifications
As you begin to grasp the fundamentals of IT and cybersecurity, it becomes crucial to explore the certifications available. Certifications act as checkboxes that can help you navigate through HR gatekeepers. These certifications not only serve as credentials but also offer valuable learning materials to strengthen your foundational knowledge. To assist you in this process, I recommend reviewing the following resources that provide certification maps, outlining various certification options within the field.
Resources:
(https://pauljerimy.com/security-certification-roadmap/)
(https://partners.comptia.org/docs/default-source/resources/08314-it-certification-roadmap-nov2020-update-8-5x11-online)
Build Practical Experience
Now that you have identified the certification you wish to pursue and have developed a study plan to prepare for and pass it, it's an opportune time to start gaining practical experience. Consider the following steps:
Build a personal lab: Establish a dedicated environment where you can practice deploying various solutions and technologies related to cybersecurity. This hands-on experience will enhance your understanding and proficiency.
Explore virtual labs: Sign up for platforms like TryHackMe, HackTheBox, or Offsec Proving Grounds, which provide virtual labs and challenges for hands-on learning. These platforms offer a wide range of cybersecurity scenarios to sharpen your skills.
Volunteer on projects: Seek out volunteer opportunities where you can contribute to setting up networks, deploying systems, or other relevant tasks. This will provide real-world experience and allow you to apply your knowledge in practical situations.
Create a website or GitHub: Establishing an online presence through a personal website or GitHub repository showcases your skills and projects. It serves as a portfolio for potential employers and demonstrates your commitment to continuous learning and growth in the cybersecurity field.
By actively engaging in these activities, you can supplement your theoretical knowledge with practical experience, making you a well-rounded cybersecurity professional.
Resources:
(https://www.cyb3r-s3c.com/resources)
(https://www.iamcybersafe.org/s/volunteers)
(https://www.isc2.org/Volunteer)
Network with Cybersecurity Professionals
You are starting to put all the previous steps together and you are gaining experience and starting to see the fruits of your labor. Expand your network within the cybersecurity community. Consider engaging with cybersecurity professionals through various avenues such as; attending conferences, meetups, and actively reaching out on LinkedIn or Twitter. Utilizing social media platforms like LinkedIn and Twitter provide excellent opportunities to connect with professionals, join relevant groups, and engage in meaningful conversations related to cybersecurity. By attending conferences and meetups, you can participate in discussions, attend workshops, and network with like-minded professionals. Networking is a valuable way to build relationships, stay updated on industry trends, and potentially discover new career opportunities.
Resources:
(https://www.meetup.com/topics/cybersecurity/)
(https://www.linkedin.com/)
(https://infosec-conferences.com/)
(https://www.securitymetrics.com/blog/top-cybersecurity-conferences-attend)
Polish Your Resume
As you become more involved in the cybersecurity community, networking with professionals and aspiring individuals, you gain a better understanding of the job opportunities available in the field. It's time to focus on polishing your resume to make a strong impression. Consider the following:
Formatting: Find a well-formatted resume template that presents your information in a clean and professional manner. Use bullet points wherever possible to make it easy to read and keep the bullets concise.
Emphasize Skills: When lacking work experience, highlight the skills you have acquired in detail. For example, provide specific examples like installing Windows 11 on multiple devices or completing a certain number of TryHackMe modules, noting if you are ranking in the top 1%.
Resume Header: Clearly note your contact information, replacing outdated email addresses with more professional options like Gmail or ProtonMail. Include links to your LinkedIn profile, personal websites, and GitHub, showcasing your online presence.
Objective/Summary: Consider including an objective statement that highlights your skills and how you can contribute to an organization in the cybersecurity field. While its impact may vary, it can provide a concise overview of your qualifications.
Certifications: Document your certifications after the Objective/Summary section to showcase your professional qualifications.
Skills Section: Include a dedicated section to outline your hard skills, such as experience with various operating systems, security applications/solutions, hardware, and networking. Place it near the top of your resume, following the Certifications/Accreditations section.
Soft Skills: Don't forget to mention your soft skills, such as communication, teamwork, problem-solving, and time management. These skills are valuable in the cybersecurity field.
Education: If you lack formal education, place the Education section at the bottom of your resume. However, if you have taken relevant college courses, be sure to include them, even if you didn't obtain a degree.
Work Experience: When detailing your work experience, highlight aspects that demonstrate how your previous roles have prepared you for a transition into cybersecurity. Mention any experience with different operating systems, creating standard operating procedures, troubleshooting, and emphasize relevant soft skills.
Proofreading: Before submitting or posting your resume, proofread it carefully to ensure there are no spelling or grammar errors.
You can create a well-organized and impactful resume that effectively showcases your skills and potential as a cybersecurity professional.
Resources:
(https://resumeworded.com/cyber-security-resume-examples)
(https://www.coursera.org/articles/cybersecurity-resume)
(https://brainstation.io/career-guides/cybersecurity-resume-examples)
Helpful Suggestions
I gave you a lot of information to process and a lot of the steps I noted can be multitasked. Here are some recommendations that I hope will be helpful for you on your journey.
1. Stay Focused Obstacles are inevitable in any journey, including your pursuit of a career in IT or Cybersecurity. There will be times when things get tough, and it's important to remain positive and motivated. One way to stay on track is to set specific goals for yourself, both short-term and long-term. Write them down and review them regularly to keep yourself focused.
Remember to also take breaks and engage in activities that enrich your mind beyond IT-related topics. You can read books, attend webinars, or take courses in areas of interest. Don't view setbacks as failures, but rather as learning opportunities. If you're turned down after an interview, reach out to the employer and ask for feedback on how you can improve. Use this feedback to better yourself and your skills.
With the right attitude, persistence, and continuous learning, you can overcome obstacles and achieve your goals in the IT and Cybersecurity fields.
2. Show How Your Past Experience Translates to Cybersecurity
If you are attempting to enter the Cybersecurity field with no previous IT or Cybersecurity experience, it is important to take stock of your past work experience, including volunteer work where you may have gained skills that can apply to the role you are pursuing. Don't discount soft skills, as they are highly valued in the Cybersecurity industry since you will be interacting with a variety of people on a regular basis. Whether you are on a call, attending a meeting, responding to tickets, or emailing customers or management, good communication, problem-solving, critical thinking, time management, and interpersonal skills will be essential. Be sure to highlight your soft skills to potential employers. Additionally, let them know about any Cybersecurity skills you have developed, such as through a personal lab or training platforms like TryHackMe, HackTheBox, RangeForce, or CTFTime. If you have volunteered to help set up security solutions like firewalls, IDS/IPS, or AV at a non-profit or local library, be sure to mention that as well.
3. Earn Industry Certifications One way to quickly enter the Cybersecurity field is by getting certified. While a degree can take years to complete, you can earn a certification in just a few weeks with proper preparation. While there's debate on the validity of certifications, they can help you get past the HR gate and land an interview. Certifications were how I got started since I didn't have the chance to attend a four-year university. Certifications show potential employers that you have the skills they need, which can compensate for a lack of experience. It can even help you compete with candidates who have limited experience but no certifications. Some certifications can also open the door to more entry-level opportunities.
However, keep in mind that being certified is not a guarantee of success. You'll still need to show up and perform well during the interview. For entry-level positions like a SOC analyst I, you may not need a certification, but it can help you stand out from other candidates. When choosing a certification, consider your career goals and which certification aligns with those goals. Remember that certifications are just one part of the equation. Soft skills like communication, problem-solving, and time management are also essential in Cybersecurity since you'll often be interacting with others. Volunteer work or past experiences that showcase these skills can also be valuable to potential employers. To start with though you want to go with a general base certifications:
CompTIA Security+ This is an excellent entry-level cybersecurity certification for anyone who wants to get into the security field. It covers security access control, cryptography, and risks in cloud computing. It’s also one of the best certifications for getting your foot in the door at many companies that specialize in Cybersecurity.
CompTIA CySA+ This certification focuses on network and application security and covers topics like secure configuration of firewalls and proxies, vulnerability assessment, and penetration testing. This is an excellent certification for anyone who wants to work in IT security or management.
Certified SOC Analyst (CSA) The CSA certification from EC-Council is an option for someone looking to specialize in incident response or threat hunting within their organization’s SOC. The CSA designation requires experience and demonstrated knowledge.
4. Getting certified
When it comes to selecting a certification, it's important to do your own research and not just rely on what others say. Look at the certification website and exam objectives to get a better understanding of what the certification entails. Reading reviews from those who have taken the certification can also be helpful. There are various ways to prepare for an exam, including self-study, on-demand training, virtual instructor-led training, and in-class instructor-led training. While some may recommend taking an instructor-led course, it's important to find a study method that works best for you, both mentally and financially. Don't hesitate to look for free resources online, as there are many available in the cybersecurity field. Once you feel prepared, you can purchase an exam voucher and schedule your exam date through the certification organization's website. Note that the process may differ depending on the certification vendor, as some require you to take the exam at a testing center while others allow you to take it online from home. In another video, I'll share some certification preparation methods that have worked for me.
5. A Degree does Help
A degree is not a requirement for getting into Cybersecurity, but it can certainly be an advantage. Many employers prefer candidates with a four-year degree, regardless of the major. Therefore, it is important to showcase how your degree can be applied to Cybersecurity, even if you did not major in it. For instance, a literature major working as a Tier 1 SOC analyst may have superior writing and communication skills, while a philosophy major may possess a unique way of approaching challenges with a deeper understanding of logic. By demonstrating how your degree has equipped you with skills that can be applied to the field, you can set yourself apart from other applicants who only have technical experience. Even if you have limited technical skills, highlight the soft skills you've gained from achieving your degree.
6. Don't Pass Up Entry Level Opportunities If you are new to IT or transitioning from another field, it's important to keep in mind that you may need to start at an entry-level role. Even if you had a high-level position in another field, be prepared to work your way up in cybersecurity. However, having a positive attitude and a willingness to learn will help you succeed in your new career. Remember that the experience you gain in an entry-level role will be invaluable as you progress to more challenging positions.
The earning potential in cybersecurity is only limited by the effort you put in. While starting salaries for entry-level positions may be around $45K per year, after gaining experience and obtaining certifications, you could earn a minimum of $85K per year within five years. But success in your career depends on your motivation and dedication to learning and mastering your craft. Take advantage of resources like labs, books, and online videos to educate yourself about the cybersecurity field and show your commitment to your new career.
Keep in mind that without experience, it may not be possible to jump to the top of the ladder right away. However, with the right credentials and experience, you can quickly climb to higher-paying and more specialized positions in cybersecurity, especially given the abundance of open positions in the field.
7. Networking can Greatly Improve your Chances
One way to accelerate your job search is to leverage your network and build connections in the cybersecurity field. LinkedIn is an excellent platform to connect with professionals, learn new skills, and find job opportunities. Make sure to complete your profile and engage with industry-related content to increase your visibility. Attend IT meetups, conferences, and job fairs to meet people and build relationships. Having someone in the field vouch for you or refer you for a job can significantly increase your chances of landing a position. It's not just about what you know but who you know, and many job openings are filled through referrals. Finding a mentor can also be a great way to gain insights and guidance from someone with experience in the field. Building a strong network can give you a head start in your career and provide motivation and support along the way.
8. Learn Relevant Tech Skills and Gain Experience The cybersecurity field is dynamic and demands constant learning and improvement. The industry is constantly evolving, so it's crucial to continue learning and enhancing your skills to succeed in this field. To improve your skills, resume, and career prospects, there are various topics to study, such as vulnerabilities, compliance benchmarks, firewalls, IDS/IPS, operating systems, networking, virtualization, and logging.
There are many free resources available to learn cybersecurity skills, including YouTube, specialized websites, and virtual training platforms such as Cybrary, TryHackMe, HacktheBox, and RangeForce. Additionally, books and training materials on cybersecurity can be purchased.
Building and working on your personal lab is a great way to reinforce your skills and develop new ones. It's important to follow your interests and teach yourself about cybersecurity in your free time. Also, volunteering your skills and time, whether it involves setting up a small office/home office (SOHO) network or troubleshooting laptops at a non-profit, can help you gain experience that you can add to your resume.
Remember that learning and improvement in cybersecurity is not limited to technical skills. Soft skills such as communication, problem-solving, and teamwork are equally essential to succeeding in this field. Keep in mind that employers value individuals who are motivated to learn and have the drive to succeed. So, focus on enhancing your skills and keep learning, and you will increase your chances of success in the cybersecurity field.
Conclusion Thank you for taking the time to read my post and visiting Cyb3r-S3c. I hope you found the information helpful in your pursuit of a career in cybersecurity. All of the information presented in this post is based on my own research and my 22 years of IT/Cybersecurity experience, so please use it in a way that is most helpful to you. If you have any questions, please feel free to reach out to me using the Cyb3r-S3c Contact Form.
If you find this content informative and you are interested in cybersecurity, please regularly check back on the Cyb3r-S3c website. For more free content, please like and subscribe to the Cyb3r-0verwatch channel. Until next time keep learning, the only way to improve is to keep learning.
/Signing Off
Pragmat1c_0n3
Comentários