5 answers
Asked
894 views
What should my next steps be upon acquiring my first professional role? What should I be doing now to become an expert in my field, specifically cybersecurity?
I am currently in my last quarter of my masters degree program and have accepted my first professional cyber security role. I want to ensure that I create a solid foundation for my career and do everything possible to become a knowledgeable expert in my field. #cybersecurity #Network security #Career
Login to comment
5 answers
Updated
Divya’s Answer
Cybersecurity is a vast field and to master your profession you should remember below points:
• The first step to choose a path is to identify your strengths based on your unique background. Evaluate your own skills and interests.
• Get connected with groups like Information Systems Security Association (ISSA), Open Web Application Security Project (OWASP), Cloud Security Alliance (CSA) or ISACA.
• Volunteer with these groups, get plugged in with Open Source projects on the internet.
Here are some common roles in cybersecurity and as in when you grow in your career you can pick up the roles that you are interested/mastered upon:
• Security generalist
• Network security engineer
• Cloud security engineer
• Application security
• Identity and Access Management (IAM) engineer
• Security architecture
• Penetration tester
• Malware/forensics analyst
• Incident response analyst
• Cryptographer
• Security trainer
• Security auditor
• Governance, Risk and Compliance professional
Technical Skills You should learn:
• Security and networking foundations
• Logging and monitoring procedures
• Network Défense tactics
• Cryptography and access management practices
• Web application security techniques
Below are some of the important certifications:
CISM-Certified Information Security Manager
CRISC - Certified in Risk and Information Systems Control
CGEIT - Certified in the Governance of Enterprise IT
Network+ Certification
Certified Network Défense Architect (CNDA)
• The first step to choose a path is to identify your strengths based on your unique background. Evaluate your own skills and interests.
• Get connected with groups like Information Systems Security Association (ISSA), Open Web Application Security Project (OWASP), Cloud Security Alliance (CSA) or ISACA.
• Volunteer with these groups, get plugged in with Open Source projects on the internet.
Here are some common roles in cybersecurity and as in when you grow in your career you can pick up the roles that you are interested/mastered upon:
• Security generalist
• Network security engineer
• Cloud security engineer
• Application security
• Identity and Access Management (IAM) engineer
• Security architecture
• Penetration tester
• Malware/forensics analyst
• Incident response analyst
• Cryptographer
• Security trainer
• Security auditor
• Governance, Risk and Compliance professional
Technical Skills You should learn:
• Security and networking foundations
• Logging and monitoring procedures
• Network Défense tactics
• Cryptography and access management practices
• Web application security techniques
Below are some of the important certifications:
Divya recommends the following next steps:
Awesome thorough answer from a person with lots of experience in this area.
Gil Figueroa
Thanks Gil :)
Divya Rathore
Apologies for the delayed response. I really appreciate your insight as I begin this new chapter of my career. I will certainly continue to apply myself and evaluate my abilities in order to further develop them. As well as look into the various groups and certifications you mentioned. My goal is to learn as much as I can about the various sectors within cybersecurity and I think this advice is fundamental in achieving this goal. Thank you!!!
Armando
Updated
Gil’s Answer
I loved Divya's expert answer. I'm not an expert in the field, so my answer is going to focus on your first year at work.
In your first year, you will most likely be expected to learn things you did not learn in school, so definitely apply yourself with a similar learning attitude and the application of that learning will likely be the work you do.
Your attitude will count for a lot. The simplest way for me to describe this is for you to have an attitude of yes. It doesn't mean you say yes to everything, but it does meant hat you stay away from saying no. Instead of saying no, you ask a question to find a way to yes.
Scenario: Let's say your supervisor or team lead asks you to do something you don't have any idea how to do.
1. You could say no, I can't do that because I don't know how. (Not the best response.)
2. You could say yes and then struggle to figure out what to do. (Not the best response.)
3. You could say, that is unfamiliar to me, ... And then ask some pertinent questions like: Where could I find out more about that to help me get this done? Would I be working with someone who understands this better than I do?
The point is to be open to doing work that is unfamiliar to you so you can learn (always a good thing) and so you can do work that needs to be done.
One last point, take the time to learn something new reasonably well. It is very good to grow yourself into the type of person that other people seek out for knowledge, help or information - and please give that waya freely as I'm sure others will give it to you.
In your first year, you will most likely be expected to learn things you did not learn in school, so definitely apply yourself with a similar learning attitude and the application of that learning will likely be the work you do.
Your attitude will count for a lot. The simplest way for me to describe this is for you to have an attitude of yes. It doesn't mean you say yes to everything, but it does meant hat you stay away from saying no. Instead of saying no, you ask a question to find a way to yes.
Scenario: Let's say your supervisor or team lead asks you to do something you don't have any idea how to do.
1. You could say no, I can't do that because I don't know how. (Not the best response.)
2. You could say yes and then struggle to figure out what to do. (Not the best response.)
3. You could say, that is unfamiliar to me, ... And then ask some pertinent questions like: Where could I find out more about that to help me get this done? Would I be working with someone who understands this better than I do?
The point is to be open to doing work that is unfamiliar to you so you can learn (always a good thing) and so you can do work that needs to be done.
One last point, take the time to learn something new reasonably well. It is very good to grow yourself into the type of person that other people seek out for knowledge, help or information - and please give that waya freely as I'm sure others will give it to you.
Gil,
This is awesome advice that certainly applies no matter what industry you work in. Furthermore, this is something that I have been actively doing in my new role. I certainly agree that as I start out my career and throughout my career its always better to find a method in which to contribute even if I lack the expertise necessary at that time. The goal is always to learn and the best way to learn in my opinion is certainly hands on. That said I will undoubtedly continue to apply your advice and make sure that I am not only learning something new, but learning it well. Thank you!
Armando
Updated
Blair’s Answer
Congratulations on landing your first professional cyber security role! It's a great field to be in and most individuals I work with in the Cybersecurity space have many options when it comes to the next step in their career. Below are a few thoughts that could help you get to the next level.
1) Take advantage of anything your new employer offers related to attending industry conferences and networking functions.
2) Participate in professional training offered within the company. Often times, if a company has a good training organization they will provide up to date training within growing fields such as cybersecurity.
3) Check on your employer's tuition reimbursement program. This could help in advancing your education specific to cybersecurity and/or provide assistance with pursuing cybersecurity related certifications.
I hope this helps! Good luck with finishing your Masters degree program and your new position in cybersecurity!
1) Take advantage of anything your new employer offers related to attending industry conferences and networking functions.
2) Participate in professional training offered within the company. Often times, if a company has a good training organization they will provide up to date training within growing fields such as cybersecurity.
3) Check on your employer's tuition reimbursement program. This could help in advancing your education specific to cybersecurity and/or provide assistance with pursuing cybersecurity related certifications.
I hope this helps! Good luck with finishing your Masters degree program and your new position in cybersecurity!
First off thank you I am certainly excited to see where my career takes me. However, I know there is still a significant amount for me to learn in order to get where I want to be. Furthermore your advice will absolutely keep me on track to reach my ambitious goals. I will certainly be looking to see if these opportunities are offered within my organization and if so will absolutely take advantage of them.
Thank You Blair!!
Armando
Edmond Momartin ☁️
Public Cloud Security & Compliance AT&T | MBA InfoSec | OWASP-LA Board
75
Answers
Updated
Edmond’s Answer
Divya's answer is comprehensive and to the point. Take that tho heart. Find your local ISSA/CSA chapters and start attending their meetings or their annual conferences (if they have onne); Volunteer in the chapters; Infosec people are always willing to share what they know and you'll get a lot of mileage from attending, plus most likely all your future jobs through connections you make.
I would add the following:
(1) create a Twitter account that you can use professionally; don't mix it up with your personal one. Start following security professionals in our field. There are several security lists that are a collection of several Twitter handles. Search for ISSA and OWASP chapters in your local city and start following them.
(2) Subscribe to security related podcasts and use any idle time (e.g. commuting back/to work) to listen to them. Most you can listen at 1.5x or even 2x speed. My suggestions are the following:
[Daily Information Security Podcast ("StormCast")] https://isc.sans.org/podcast.html
This is a 5-10 min daily update, consume every morning with your coffee :-)
[Security Now] https://podcasts.apple.com/us/podcast/security-now-mp3/id79016499
All infosec explained in plain English and all episodes starting from #1 over 10 years ago still has relevance
[ITSPmagazine] https://podcasts.apple.com/us/podcast/itspmagazine-technology-cybersecurity-society/id1268444163
These are all interviews with infosec professionals covering varying topics from technical to social impact of infosec - limited to 20 minutes and lots of info, people to follow on Twitter, etc.
YouTube is your friend but proceed with caution - doublecheck sources and don't rely 100% on a single video; some are waste of time.
Check out ISC2 which has technical security certs like CISSP (www.isc2.org)
Gil's answer is fantastic; I'd recommend going with #3 and be honest. Admit you don't know something and that you'll be able to figure it out and then ask where you can find resources. Ask questions but skip the obvious ones; really work on "figuring it out" before giving up. The follow on questions show whether you've tried or not.
I also like #1 and #2 in Blair's answer; taking care of those will open the door to #3
Finally if you can afford it, attend Defcon in Vegas
I would add the following:
(1) create a Twitter account that you can use professionally; don't mix it up with your personal one. Start following security professionals in our field. There are several security lists that are a collection of several Twitter handles. Search for ISSA and OWASP chapters in your local city and start following them.
(2) Subscribe to security related podcasts and use any idle time (e.g. commuting back/to work) to listen to them. Most you can listen at 1.5x or even 2x speed. My suggestions are the following:
[Daily Information Security Podcast ("StormCast")] https://isc.sans.org/podcast.html
This is a 5-10 min daily update, consume every morning with your coffee :-)
[Security Now] https://podcasts.apple.com/us/podcast/security-now-mp3/id79016499
All infosec explained in plain English and all episodes starting from #1 over 10 years ago still has relevance
[ITSPmagazine] https://podcasts.apple.com/us/podcast/itspmagazine-technology-cybersecurity-society/id1268444163
These are all interviews with infosec professionals covering varying topics from technical to social impact of infosec - limited to 20 minutes and lots of info, people to follow on Twitter, etc.
YouTube is your friend but proceed with caution - doublecheck sources and don't rely 100% on a single video; some are waste of time.
Check out ISC2 which has technical security certs like CISSP (www.isc2.org)
Gil's answer is fantastic; I'd recommend going with #3 and be honest. Admit you don't know something and that you'll be able to figure it out and then ask where you can find resources. Ask questions but skip the obvious ones; really work on "figuring it out" before giving up. The follow on questions show whether you've tried or not.
I also like #1 and #2 in Blair's answer; taking care of those will open the door to #3
Finally if you can afford it, attend Defcon in Vegas
As I further progress in my career, I believe its essential to get involved in the security community and network as you mentioned. Although I have yet to join or attend any security conferences, I plan to get involved and take your advice to heart. In addition I am pursuing my continued learning through various online means and books, but will most certainly look into other methods such as the podcasts you recommended.
I really appreciate your insights. Thank you!
Armando
Updated
BINU’s Answer
Hi Armando,
At the start of your career, you should always put down your head and work hard . You should try and learn the technical and non technical processes involved. Be an active listener, observer and analyze things. Slowly start focusing on certifications in your respective domain which will further enhance your career.
Once you ensure that your fundamentals are strong, then you can start eyeing for different roles and opportunities.
Wishing you all the very best!
At the start of your career, you should always put down your head and work hard . You should try and learn the technical and non technical processes involved. Be an active listener, observer and analyze things. Slowly start focusing on certifications in your respective domain which will further enhance your career.
Once you ensure that your fundamentals are strong, then you can start eyeing for different roles and opportunities.
Wishing you all the very best!
Binu,
I have certainly been able to learn significantly in my current role by simply listening and observing. I find that this is to be one of the best methods of retaining essential knowledge and discovering areas of weakness in which I require a better understanding. I have also learned that working in this field requires more than just technical knowledge as you mentioned. Since most businesses have a multitude of various functions outside of the technical realm, which must be understood in order to be successful in any technical role.
Thank you again for the great advice.
Armando