Cybersecurity Awareness – By Ron Frechette, The Cyber Coach
After we published our February article, The Good, Bad and Ugly of the Cybersecurity Workforce Shortage, we received lots of questions about what types of cybersecurity jobs are available and if it is possible to break into the industry with little to no experience.
We divided these topics up into a two part series. Last month we covered Part One, Cybersecurity Jobs that are available and in the highest demand. This month, Part Two will cover the 3 most effective ways to break into the cybersecurity industry with little to no experience.
Leverage Your IT Experience
The most likely way to transition into the field of cyber security is to leverage the knowledge and experience you have gained in the information technology industry. Most people who are interested in a career in cyber security have some basic knowledge and experience with software, networks and systems. Whether working as a Desktop Support Technician, Database Administrator or software developer, some level of security and compliance is involved. If you think through how often security and compliance play a role in your daily work routine, you can begin to build a case that you have some level of cyber security knowledge and experience.
Once you realize how you practice security in your current role, then you can begin to connect where your experience and skills would be best suited in a full time security role. This will also help you identify the type of career path that appeals to you most (i.e. digital forensics, incident response, writing policies & procedures, pen testing, compliance, etc.). Once you know the type of security work you would be most passionate about, then you can begin the process of expanding your knowledge base and developing the skills needed in that discipline.
Increase Your Knowledge Base and Skills
There are several ways to increase your knowledge and skills once you know what discipline to pursue. The best way to start is by learning and practicing from home. There are several free resources available on-line. We recommend Cybrary. Cybrary is a great resource to help gain the essential skills to enhance your marketability and many of the courses are offered for free.
Entry level cybersecurity certifications can also help get your foot in the door by demonstrating your drive to learn and showing that you’re serious about entering the field. In fact, 61% of Information Systems Security Association (ISSA) members believe that cybersecurity certifications are far more useful for getting a job than they are for doing a job.
The easiest certifications to get are the cybersecurity certifications that test your basic skills and foundational understanding, such as the MTA Security Fundamentals, the ISACA CSX Cybersecurity Fundamentals, and CompTIA Security+. There is also the more traditional path of pursing a Bachelors or Master’s degree in Information Security.
Ultimately, hiring managers are going to look for the skills you have developed above all else. The majority of hiring managers we work with put candidates through skills based testing as part of the interview process to insure they possess the skills listed on their resume.
There are also several professional cyber security networking associations that can expand your knowledge base, skills, and abilities which leads us to our third most effective way to break into the cyber security industry
Leverage & Expand Your Network
If you work for a large company that has an IT security division or you know someone in the field, invite them out for coffee or lunch and ask them how they made the transition into cyber security. Ask if it would be possible to shadow them for a day to help you gain a better understanding of what they do on a daily basis. You never know where it could lead.
Getting involved in local cyber security associations can be extremely valuable for breaking into the cyber security industry. This is where you will meet the local cybersecurity thought leaders who are responsible for keeping their companies data safe and dealing with the cybersecurity workforce shortage firsthand. Every meeting provides an opportunity to learn about the latest cybersecurity threat and trends. There is also an opportunity to network and build personal relationships with members. We recommend ISC2 of Central FL although there are others to consider.
In Our Experience
In hiring numerous security and compliance consultants personally over the past 10 years, we can attest, unequivocally, that the best security practitioners began their careers as technologists prior to transitioning into security and/or compliance. We also see this as a common thread in many of the candidates we submit to clients through our information security staffing firm.
The supply and demand dynamic for cyber security professionals is heavily in the favor of those truly interested in joining the workforce with little to no experience. At the end of the day, good old-fashioned persistence, drive and determination always seem to win the day.
Wishing you continued success on your journey in cyberspace!
Sources:
https://resources.infosecinstitute.com/can-i-start-a-career-in-cybersecurity-with-no-experience-2/#gref
https://en.wikipedia.org/wiki/Chief_information_security_officer
Questions? Send me a tweet: @GoldSkyRon or email ron.frechette@goldskysecurity.com