It’s week 2 of National Cyber Security Awareness Month. This week’s topic has to do with the millions of available jobs in Cybersecurity and how to prepare for one.

TelStrong is a company that is dedicated to hiring our nation’s veterans. While many companies don’t see how information technology experience in the military translates to IT in the business world, we understand how valuable that experience is. While this message is not exclusively for veterans, we do have several resources that apply to veterans. If you are a veteran, I encourage you to read this article by Jim Howard.

A great deal of Cybersecurity has to do with identifying and mitigating risk. For example, you have a risk of getting ransomware on your computer. Mitigating the risk of ransomware can include consistently backing up the data and installing advanced endpoint protection. As a rule of thumb, the security controls that you design and install for any risk should cost less than the value of the asset being secured. Cost can include the cost of the hardware and re-creating the data for the asset.

Just Start learning

In a well-rounded Cybersecurity position, there are multiple areas of study that you may already have experience in. For instance; If you have network or server administration experience, you already have some of the experience you’ll need to get started. If you don’t have experience yet, don’t let that discourage you. If you are job hunting and interested in the cybersecurity field, look for a job in Information Technology. Many of the aspects of most IT jobs have security related duties.

Another great way to gain experience is through internship programs. You can find plenty of these through a simple internet search. Some require experience, some do not. Cybersecurity is a very wide topic, that there are many different areas within the topic. Many cybersecurity professionals will tell you that the subject is “a foot deep and a mile wide”. Below is a chart from Cybersecuritydegrees.com that lists some of the roles you will find in the field.
Cyber Security Organization Chart
Source: CyberSecurityDegrees.com

There are many academic paths to a cybersecurity career that range anywhere between an Associates degree and a Doctoral degree. There are plenty of resources both online and in person. If you are interested in the traditional path, this website is a good place to start your research.

Get Certified

As you would expect, many cybersecurity certification programs are available. Some of the most well-known certifying bodies are; CompTIA, EC-Council, (ISC)2 and SANS GIAC.  These websites will give you an idea of how involved the area of cybersecurity really is. Some offer training directly, other through training partners.

Be sure to check the prerequisites for the certification you are pursuing. I want to be clear that there are many of other certifications, I am only using CISSP as one example.For example, the current requirements to become an (ISC)2, CISSP include:

  • 5 years’ work experience in two or more of the following 8 security domains:
  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security
  • You must be endorsed by an existing CISSP
  • Agree to the code of ethics
  • Pass the exam

If you don’t meet all the work experience, you can opt to take the ISC(2) Associate route. This will let you prove yourself and allow you to become a CISSP once you complete the experience. You can also substitute 1 year of experience by completing a qualifying certification.

As you will see, there are many certifications in the field, you need to pursue the ones that will help you most in your field, not just the most popular ones.

A grasp of multiple operating systems will be helpful in this line of work. One operating system that you will want to know well is Linux. There are many different flavors of this operating system including a distribution made specifically for penetration testing called Kali Linux. Kali Linux is the Swiss Army knife of many professionals.

Many cybersecurity roles may require you to have some coding experience. Some good languages to know are C, PHP, JavaScript, SQL and Python.

Don’t Stop Reading

Finally, keeping up with the field, you will need to do a lot of reading. Some of the websites that will help you when you are getting started include;  Dark Reading, Krebs on Security, Tripwire’s The State of Security, Schneier on Security, and Secplicity just to name a few. There are a staggering number of new threats that are documented every day, as a cyber security professional, you need to stay as far in front of them as you can.