8 answers
Asked
1028 views
For people working in Cyber Security or a related field, what is a piece of advice that you would give someone like myself that is looking to start a career in this field? Like, what are some things we should be wary of, what should we expect, etc.?
#technology #computer #career #information-technology #advice #computer-science #security #cyber-security
Login to comment
8 answers
Updated
Thomas’s Answer
Iryanna,
Cyber security is a big field which gets a lot of attention and ad marketing. There are a lot of professional development schools and colleges which try to promote the exciting idea of being a cyber security expert. I think what would be best for ones interest in the field is to understand what parts of cyber security seem interesting to you. Within cyber security you have individuals who might work as investigators, or as policy administrators, those who focus on network, or those who do reverse engineering.
Regardless of your particular interest the fundamental skills are always important. There are a lot of resources available online, whether a tailored 'academy' like Cybrary.it which offers courses to earn certifications, or youtube for Linux foundational learning. I recommend both, a college education in Cyber Security will obviously push you in a particular career path, but certifications will also be very important to show to potential employers that you know the practical knowledge for the job.
Which brings me to my last piece of advice. I would also do some research or investigation into where you want to work. What kind of company, or government organization. Each company and organization will have a different way they think to apply the ideals of cyber security. Some will be much more concerned about proper network set up, or others intrusion detection and mitigation, having a target company/entity in mind might help you to understand what their interest in cyber security is, and along the way shape how you'd want to apply it in your career.
Cyber security is a big field which gets a lot of attention and ad marketing. There are a lot of professional development schools and colleges which try to promote the exciting idea of being a cyber security expert. I think what would be best for ones interest in the field is to understand what parts of cyber security seem interesting to you. Within cyber security you have individuals who might work as investigators, or as policy administrators, those who focus on network, or those who do reverse engineering.
Regardless of your particular interest the fundamental skills are always important. There are a lot of resources available online, whether a tailored 'academy' like Cybrary.it which offers courses to earn certifications, or youtube for Linux foundational learning. I recommend both, a college education in Cyber Security will obviously push you in a particular career path, but certifications will also be very important to show to potential employers that you know the practical knowledge for the job.
Which brings me to my last piece of advice. I would also do some research or investigation into where you want to work. What kind of company, or government organization. Each company and organization will have a different way they think to apply the ideals of cyber security. Some will be much more concerned about proper network set up, or others intrusion detection and mitigation, having a target company/entity in mind might help you to understand what their interest in cyber security is, and along the way shape how you'd want to apply it in your career.
Thank you so much, this really helped me!!!
Iryanna
Updated
Botakrider’s Answer
Hi Iryanna,
I agree with everyone's answer but I would like to add to be very flexible with the cyber domain you are getting into. That means you should be willing to course correct and unlearn what you have learned to absorb whatever field you find the most joy doing. The foundational knowledge is very important as they will anchor you moving forward. Many times, we are mesmerized by the sexy stuff being talked about in the industry and the media. There are many more in the cyber field that are operating behind the scenes and they are the nuts and bolts or plumbing that keeps our world running securely.
I agree with everyone's answer but I would like to add to be very flexible with the cyber domain you are getting into. That means you should be willing to course correct and unlearn what you have learned to absorb whatever field you find the most joy doing. The foundational knowledge is very important as they will anchor you moving forward. Many times, we are mesmerized by the sexy stuff being talked about in the industry and the media. There are many more in the cyber field that are operating behind the scenes and they are the nuts and bolts or plumbing that keeps our world running securely.
Thank you so much!
Iryanna
Updated
Andrew’s Answer
I agree with Thomas that the biggest part is figuring out what part of cyber security interests you the most, and what motivates you. Defending (blue) and attacking (red) are talked about a lot and are great parts of the field to go into, however the field is bigger than just Red/Blue. I'd give the other aspects of it (Policy, Compliance, Vulnerability Management, Security Engineering) a try also. Interneships are a great way to get paid to try a job and a company out. If you can, get internships at different companies of different sizes. Working for different companies will help you learn what makes you happy what you won't want to do, and it's best to do that before you start a full time job.
I appreciate this, thank you for the advice.
Iryanna
Updated
Melanie’s Answer
Hi Iryanna,
I support Thomas' answer above, this is great guidance. Being wary of where you are spending your investment (time and funding) into programs can really pay off. There are so so many companies out there that can offer certain programs or certificates that may not be very legit, leaving you wasting your time and funds. Do your research and due diligence in the school, program, and degree/certificate and your hard work will pay off.
I support Thomas' answer above, this is great guidance. Being wary of where you are spending your investment (time and funding) into programs can really pay off. There are so so many companies out there that can offer certain programs or certificates that may not be very legit, leaving you wasting your time and funds. Do your research and due diligence in the school, program, and degree/certificate and your hard work will pay off.
I appreciate this, thank you for the advice.
Iryanna
Ken Meier
Information Security Team Lead | Identity Access Management | MS Cybersecurity | CISSP-ISSMP
34
Answers
Pittsburgh, Pennsylvania
Updated
Ken’s Answer
For people looking to start a career in cybersecurity, I'd recommend developing your experience, education and industry certifications. The CompTIA Security+ is a good certification with which to start as it has no experience prerequisite but demonstrates understanding of the fundamentals of information security. Seek out internships that can get you practical experience, and think about what companies are doing work you'd be most interested in. Set up a LinkedIn profile, make connections and keep growing your network.
I'd be wary of narrowing your focus too quickly. Try to avoid getting in the mindset of "I want to attain a certain title" because when beginning your career you don't want to limit your options in any way.
I'd be wary of narrowing your focus too quickly. Try to avoid getting in the mindset of "I want to attain a certain title" because when beginning your career you don't want to limit your options in any way.
Updated
Aastha’s Answer
Hey! This is a great question especially as cyber security is an up and coming field. I am going to be working within the same industry as well and found that broadening my knowledge through online certifications, shadowing current professionals by connecting on LinkedIn, and most importantly keeping track of my learning helped the most. After that I looked into the various areas of cyber security (ex: government, local, technology, etc.) and decided where I saw myself fit.
I appreciate you taking the time to answer this.
Iryanna
Updated
Paul’s Answer
I agree with Thomas (very comprehensive answer), Andrew and Melanie. They all touched on "decide what you want to do". Again I fully agree. I would add
1. Consider (not necessarily "decide") if you want to be fully hands on (setting up/configuring Firewalls, AV, IPS/IDS/ etc.), purely hands off (never touch equipment or look at granular alerts, alarms, policies, etc.) or something in between (not configuring equipment but analyzing data, alerts, alarms, etc.). Those are broad categories and not meant to be a comprehensive list but rather some examples.
2. Consider the type of job....perhaps from a broader perspective from what other's mentioned. Do you want to be a Project Mgr, Sales, tech sales (tech person who supports sales people), work for a company that creates cybersecurity products (Fortinet, Palo Alto, Check Point, etc.), a company that uses other companies' products to provide solutions (i.e. consultants, 3rd party services, etc.), or an end user (any company not in the other categories).
2. Get as much granular level experience as possible early on, no matter which way you choose to go. The better you truly understand the underlining components Firewalls, AV, IPS/ISD, malicious activity/attacks, etc. the better (and more in demand) you will be for opportunities/jobs. So even if you want to be 100% hands off, understanding how the various pieces/technologies work, will be an asset. Similarly, if you want to be a tech guru configuring equipment, troubleshooting, etc. understanding the importance of policies or requirements and how they drive technical solutions will be a huge plus.
1. Consider (not necessarily "decide") if you want to be fully hands on (setting up/configuring Firewalls, AV, IPS/IDS/ etc.), purely hands off (never touch equipment or look at granular alerts, alarms, policies, etc.) or something in between (not configuring equipment but analyzing data, alerts, alarms, etc.). Those are broad categories and not meant to be a comprehensive list but rather some examples.
2. Consider the type of job....perhaps from a broader perspective from what other's mentioned. Do you want to be a Project Mgr, Sales, tech sales (tech person who supports sales people), work for a company that creates cybersecurity products (Fortinet, Palo Alto, Check Point, etc.), a company that uses other companies' products to provide solutions (i.e. consultants, 3rd party services, etc.), or an end user (any company not in the other categories).
2. Get as much granular level experience as possible early on, no matter which way you choose to go. The better you truly understand the underlining components Firewalls, AV, IPS/ISD, malicious activity/attacks, etc. the better (and more in demand) you will be for opportunities/jobs. So even if you want to be 100% hands off, understanding how the various pieces/technologies work, will be an asset. Similarly, if you want to be a tech guru configuring equipment, troubleshooting, etc. understanding the importance of policies or requirements and how they drive technical solutions will be a huge plus.
Thank you, this is really helpful.
Iryanna
Updated
Charles’s Answer
I agree with all the other answers here. I would like to add that if you're more interested in the importance of the job than a great big salary, I would recommend you consider working in cybersecurity for a government. Whether in the United States or abroad, governments have a huge challenge to defend their nation in cyberspace. These jobs are challenging, but they really matter. You get to work with the smartest people, the best machines, and the hardest problems. Plus, you end up with a good work / life balance because you cannot bring the work home!
Thank you for taking the time to help.
Iryanna