Cybersecurity is a growing field in need of bright, driven people. It’s an excellent area to study, and presents many opportunities for lucrative careers. Unlike, say, the major I once overheard someone claiming to pursue while on a cable car in San Francisco, medieval French folklore. More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five years, according to a recent analysis by the Bureau of Labor Statistics.
But how does one go about entering the field? There are numerous tactics for people looking to break into a cybersecurity career. Additionally, most of the following educational options are valuable for existing professionals to advance their careers.
Cybersecurity Career Opportunities
Jeremiah Grossman, recognized worldwide as a pioneer of web application security, currently Chief of security Strategy, SentinelOne, and Founder of WhiteHat Security, has excellent insight. On a recent webinar, “Breaking into a career in Information Security,” Mr. Grossman stated that once you’re in cybersecurity, it’s much easier to move vertically or laterally. With lots of work to be done, there are also numerous opportunities to excel. “But one thing we haven’t done a great job of in the industry is getting the first step in, a career path for those who may have come from different backgrounds to move into security. We need people from a variety of backgrounds to solve these challenges.”
Select a Cybersecurity Specialization
The industry gets specialized quickly, so it’s important to find the specialization that most interests you. The Open Web Application Security Project (OWASP) lists initial categories as “Builders, Breakers, and Defenders,” to segment the various roles of individuals tackling the massive responsibility of cybersecurity.
Cybersecurity Professional Prerequisites and Free Online Courses
Candidates should have a good working knowledge of software development and networking. The more you know about a system, the easier it is to break it, defend it, and design a better system. Learning the basics and becoming proficient will give you a leg up.
The specific, ideal technical skills candidates should possess are:
- Programming
- Protocol basics (TCP/IP, DNS, HTTP)
- Encryption basics (digest, synchronous)
By leveraging free online resources, Mr. Grossman estimates that you could get the basics of these down in two to four weeks. Online courseware is ubiquitous, with numerous options to select from. One example is Concise Courses, which has an amusing opening, “We’ve been in the cybersecurity training space for YEARS, in fact since 2012 – which is way back when!”
Vendors, such as Gemalto, WatchGuard, and WhiteHat Security, also regularly provide training assets in the form of free webinars, blogs, and even live workshops. While some of the content may pertain to their specific technology offerings, much of it is also vendor-neutral.
Associations and Conferences
Cybersecurity associations include Open Web Application Security Project (OWASP), Cloud Security Alliance, Information Systems Security Association (ISSA). There are security conferences by the hundreds, including RSA Conference, Blackhat, DEF CON, and AppSec California.
Reading lists recommended by Mr. Grossman include Krebs on Security, Dan Goodin, SANS, OWASP, and Jeremia Grossman’s slide share. And, of course, keep up to date with Twitter, YouTube, and free webinars.
Colleges with Cybersecurity Programs
The Digital Guardian recently published, “Cybersecurity Higher Education: The Top Cybersecurity Colleges and Degrees,” consisting of 82 of the top degree and research programs for cybersecurity studies. The number of universities offering infosec degree programs continues to increase, and many are also participating in ground-breaking research, providing students excellent hands-on opportunities.
Hackbright Academy is unique as a software engineering school for women founded in San Francisco in 2012 with a mission to increase female representation in tech.
Certifications
There is no shortage to the number of certifications available. How extensive they are, the level of difficulty to obtain each, and the amount of respect all vary greatly. They are certainly not required in order to have a successful cybersecurity career. Although they can serve as a foot in the door, you could simply let your certification lapse in the future as you learn on your own.
Build Cybersecurity Skills and Pad Your Resume
Tactics for building skills and padding your resume:
- Participate in hackathons
- Contribute to open source projects
- Publicly present independent research
- Attend conferences and meet-up groups
- Take professional training classes
- Blog
- Engage in the [local] community via Twitter, Linked, and Facebook
- Participate in bug bounties (the number of bug bounty programs is now in the thousands, and Bug Crowd has a has a list).
Best Pathways, Pros and Cons
Rather than there being one ideal path to a cybersecurity career, leveraging many of the tactics in this post can result in synergy. Whether your start by dipping a toe in the water, or jump straight in, it’s an exciting industry in need of more exceptional minds.
