Getting into Cybersecurity — finding your path

This time around, something less technical but what I feel is vital for our industry.

Why

The global cybersecurity workforce needs to grow 65% to effectively defend organisations’ critical assets. — (ISC)² Cybersecurity Workforce Study, 2021

We need you, is the simple answer.

We require talent with different backgrounds that are passionate about what they do.

The security landscape is massive, and many different skills play essential roles in thriving in this field; you do not have to be a tech wiz.

In 2021 (ISC)² estimated a gap of over 3 million unfilled positions globally in Cybersecurity. There is plenty of room for talent from all walks of life.

This field grows continuously because our adversaries invent more creative ways to achieve their goals. The laws around the cyber-space are evolving, and new challenges will materialise.

How

Embrace learning; it is almost guaranteed that you will wake up every day and learn something new about Security.

Learn to find answers and use the resources that we have available. It is OK to say, “I don’t know, but I will find out.” You will not be expected to be the smartest person in the room. We live in the information age, and the information is out there; we need to be good at finding it.

Be ready to work hard, and have the drive and ambition; you can be successful in this field. Here are some ideas on where to start and find your place in the cybersecurity domain.

Get a good grasp on the basics, what are an asset, vulnerability, risk and a threat and how they are linked together.

Understand how the information security triad of Confidentiality, Integrity and Availablity (CIA) helps you identify and address the challenges within the organisation.

Look into the different types of attacks organisations face, what threat modelling is, and how it can help uncover potential challenges in the early stages of service development.

Look into past attacks and breaches like:

• Maersk ransomware attack (2017) — https://www.youtube.com/watch?v=wQ8HIjkEe9o
• Sony data breach (2014) — https://www.vox.com/2015/1/20/18089084/sony-hack-north-korea
• SolarWinds supply chain attack https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?international=true&r=US&IR=T

Learn about cybersecurity frameworks and how they can be a starting point for your organisation’s security program. Start with learning about NIST, ISO standards for Cybersecurity, and CIS benchmarks.

• NIST framework explained — https://www.youtube.com/watch?v=nFUyCrSnR68

Look into conferences BlackHat, Defcon, and RSA, to name the big three, but there are many more. You can find recordings of talks on Youtube and search for areas of Cybersecurity that interest you. I am sure you will find exciting presentations.

• https://www.youtube.com/c/BlackHatOfficialYT
• https://www.youtube.com/c/RSAConference
• https://www.youtube.com/user/DEFCONConference

You can try to look for Cybersecurity communities and meetups in your area to join like-minded people. Organisations like the OWASP Foundation have chapters worldwide or check out local Meetups.

• https://owasp.org/chapters/
• https://www.meetup.com/

For more actionable items, look at organisations like (ISC)² with an Entry Level Cybersecurity program. (ISC)² designed the program to introduce new talent, like you, to Cybersecurity.

Check out sites like https://www.coursera.org or https://cloudacademy.com for more specialised technical and non-technical courses around Cybersecurity.

YouTube has excellent free resources as well; channels like https://www.youtube.com/c/Freecodecamp contain great quality courses such as:

• CISSP (Certified Information Systems Security Professional) course https://www.youtube.com/watch?v=M1_v5HBVHWo covers a lot of material across the whole cybersecurity domain. The CISSP certification is one of the most recognised in the industry and is worth pursuing. For now, stick to the course; you will learn a lot.
• Penetration testing course https://www.youtube.com/watch?v=3Kq1MIfTWCE technical course focused on discovering and exploiting vulnerabilities.

Publications like https://www.infosecurity-magazine.com or https://magazines.isc2.org/pages/2022/ are an excellent way to get a big picture view of the cybersecurity domain and what challenges we face every day.

Do not be afraid to try different things within the cybersecurity domain, especially if you are not confident about the path you want to take. There is a lot of overlap, and most of the skills tie into other parts of your work.

But be careful not to spread yourself too thin and become the “Jack of all trades and master of none” ideally, you should aim to become a subject matter expert (SME) on one or two topics.

I hope this post convinced you that there is room in Cybersecurity for anyone who wants to join. If you want to get in touch, chat, or are looking for more advice, feel free to contact me via LinkedIn https://www.linkedin.com/in/filipchyla/