Should You Work in Cyber Security

Posted by

You must have intellectual curiosityExcerpts from a presentation at BSides Nova by John Stoner. Watch the video via IronGeek here

Starting a career in cyber security is a bit less cut and dried than starting in many other professions. There is no one clear path that will take you to your perfect job. I spent five years getting a two-year degree and didn’t learn much. What I have learned along the way is that everyone will have really different paths.

One of the first things you need to determine is what aspect of cyber security interests you. There are 52 job roles in the NIST cyber security framework and your first assignment is to uncover where your interest lies. It doesn’t tell me anything if you say you want to “do something in cyber security”. It’s hard for anyone to guide you without specifics.

Getting started in cyber security does not require any first starting point. It does not require premium-priced boot camps and does not necessarily even require college courses. All things are applicable. I would say you need to begin by proactively learning all you can about the industry.

There are all sorts of resources at your disposal that require little or no financial investment. There is Google, YouTube, Cybrary and even Google has Code Academy. Online you will find many terrific cyber security podcasts which can offer invaluable information. You can take on-line courses that are affordable and will give you the opportunity to dip your toe into many areas of cyber security. The most important thing is take charge of your future. Practice proactivity and discover where you want to concentrate your efforts.

Right out of the gate many newcomers to cyber security say they want to be a hacker or a pen tester. Please understand that much of the learning process for these roles will have to be done on your own. You will need a heavy amount of intellectual curiosity. These skills do not happen overnight. A 40-hour Security+ class and a 40-hour CEH class does not a pen tester make.

So how do most pen testers get started? They hack stuff at home. They take it apart and figure out how to put it back together. Hundreds of hours of hacking and breaking things, then you start to become someone who could potentially be hired for a role as a pen tester or a hacker.

After working as a pen tester I discovered it was not for me and I also learned that I didn’t like coding. Now I currently work as a cyber threat intelligence analyst which for me is an interesting mix of my intelligence experience, communication skills and enough technical knowledge to be able to combine all those aspects effectively.

The point is that there are many different jobs within cyber security. There is a place for you. The important thing is to dive in and learn what excites you. My biggest encouragement to you – whether you are just starting your career or if you are making a career pivot — is to find a mentor; someone with solid experience who is willing to take the time to guide you through the process of entering the world of cyber security.

If you’re trying to get a federal job or a federal contracting job in cyber, these positions have a DoD 8570 requirement which means you have appropriate certifications. That regulation is awful and I can say that because I work for a Department of Defense agency.

Many folks grow into cyber security from an IT background and that is a path that makes a lot of sense. With that background you understand systems and how they are configured which hopefully means you know from a security perspective why a system should be configured a certain way. If you decide to move into the cyber security world, having that baseline knowledge of IT is critical and fundamental.

I absolutely recommend doing CTFs. I have done a couple CTFs and learned many interesting things. If nothing else, you may learn what you don’t want to do. That takes us back to needing intellectual curiosity to guide your path.

Another important thing you should do is have a home lab. If you want to be technically proficient in any other of the 52 job roles beyond policy, you will need to practice. You gain the most knowledge by being hands-on, and you must have intellectual curiosity to figure out and solve problems to be successful.

To line up the basic steps I recommend you follow to move into cyber security:

  • You have to develop skills
  • You have to proactively build a network of people
  • And then you wait for the opportunity

I have moved around quite a bit in my career. It took me a while to find a place that I could really call home. It was a bit of a struggle for me to find my place within the industry. Don’t expect to land your dream job right out of the gate. It’s not uncommon to move around, just be sure you have a solid reason to move on and can explain it as a growth opportunity on your resume.



This entry was posted on Wednesday, March 21, 2018 1:48 pm

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.