There is a massive need for cybersecurity professionals today and the need is only growing. We’ve seen estimates of anywhere between 2-3 million vacant jobs over the next three years. The demand is definitely bullish and showing no signs of stopping. With this being said, breaking into an industry is always a difficult thing to do and nothing should be assumed, even with the massive demand of unfilled positions. Here are a few areas I’d suggest if you’re looking to not only get into security, but become successful.
I don’t want to hurt anyone’s feelings here, but just because you have a degree in cybersecurity doesn’t mean you’re owed a job. This is an awesome step up when breaking into the field, but don’t take this as a free pass into a job. Also, learn more than just cybersecurity. I see this as the biggest gap when speaking with students who have degrees focused in cybersecurity today. In order for long term success you’ll have to understand the technology that you’re protecting. Being able to spit back security terms is one thing, but understanding networks, systems, applications and databases is how you become a true security professional. We need to take the blinders off and truly understand the technology we’re protecting or exploiting.
Cybersecurity is so vast and there are numerous roles that focus from analyst, engineer, penetration tester, risk, compliance, etc. These roles can be even further segmented based off the technology itself and can be hyper focused at times (e.g application, network, system, etc). Determine what you’re interested in and go at it full speed! The best way to learn something is by being interested in the topic, it brings out your true passion and that fuels your desire even more. Review some of the open roles on job sites and get an idea of what’s needed long term to and be successful in a role you’re interested in. If you’re doing something you don’t love, it won’t last long. Find your niche in security and go after it. There are times where you might have to take a different role to prepare you for something your aiming at in the future. Keep your priorities straight, develop a strategy and now your end game.
Look for a mentor in the field and learn from them. Use Linkedin, find people locally, create a relationship with bloggers, etc. People who are in the field are actually very open to speaking and guiding others that are starting in the industry. Don’t be shy to ask a person to mentor you and help teach you from their past experiences. Build you network of cybersecurity contacts by going to local conferences and meetups. You don’t always have to attend BlackHat or DefCon to start speaking with others in the field. Look local first, these people will one day be your peers, and it helps with getting face-to-face time with other like minded security pros.
Learn, fail, learn from failing and move forward. Don’t get upset if you’re not able to break into the industry right away. Keep plugging away at learning new things, take certification exams in the areas you’re interested in and stay the course. Keep an open mind and don’t expect anything to be handed to you, because the industry you’re looking to be a part of is helpful, but has the saying, “Keep calm and try harder.” Feel free to contact me directly to speak more if you have any questions, I’m always open to chatting. We look forward to working with you in the future.
Check out these links for some additional cybersecurity career resources:
- EDUCAUSE’s NCSAM Resource Kit
- SANS Securing the Human’s NCSAM Planning Toolkit
- Careers in Protecting the Internet
- DHS Scholarship for Service Programs
Author Bio: Matthew Pascucci Is the Cybersecurity Practice Manager at CCSI with over 16 years’ experience in IT focusing on Cybersecurity. Previously he’s worked in the manufacturing, financial, ecommerce, healthcare and service industries developing security programs for his employers.
He joined CCSI to develop a Cybersecurity practice that includes managed security services, penetration testing, and risk assessments for organizations of every size and vertical. Personally, he holds multiple information security certifications and has had the opportunity to write and speak about cybersecurity for the past decade. Matt is a Privacy Advocate and Security Blogger and has hundreds of publicly published articles and presentations. He’s the founder of www.frontlinesentinel.com and a board member on the local chapters of InfraGard and OWASP. Matthew can be contacted via his blog, on Twitter @matthewpascucci, or via email firstname.lastname@example.org