According to a study by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers.So, it is no mystery why leading innovation expert Alec Ross, in his book Industries of the Future, described cyber security as one of the five fields that will most shape our economic future.
But if you’re currently outside looking into a career in cyber security, how do you break in?
Where do you get started?
To help answer that, here are 12 tips for a career in cyber security from my colleagues and InfoSec pros at AlienVault
1.Talk to Someone in InfoSec: Start by doing what I did when faced with writing this blog. I picked some in-house experts Javvad Malik, Kate Brew and Chris Doman who had some great advice as you’ll soon see. So reach out to someone you know who works in cyber security for their pearls of wisdom. Don’t know anyone yet? Don’t worry, we’ll help you fix that below.
2. Pick a Path: We often think of ‘cyber security’ as an overarching phrase, but there are many facets to it, so there are many routes to entry. A pen tester has a different route vs. a risk manager vs. an incident responder. Of course, it’s fine to start with a broad interest area within cyber security. For instance, make it a goal to get your Certified Information Systems Security Professional (CISSP) as a foundation. But eventually, you’ll want to choose a focus area that you like and enjoy.
3. Go to Conferences: There are a number of InfoSec cons to attend for networking. Yes, you probably will learn a thing or two by going, but focus more on meeting people and networking. The big security conferences like RSA and DefCon are great, but may be overwhelming as a newbie. So here’s a list of some other options:
Also, don’t miss the local BSides cons which are affordable, worldwide and great time spent. Before you go though, make sure you have a hit list of people you want to meet and for what purpose. Introduce yourself to them well in advance. See if you can carve out 10-15 mins with them for a coffee and have a plan of discussion. Don’t make it sound like an interview, rather a more casual conversation where you’re asking for guidance. Offer to drop them your CV so you’ll want to have one printed and ready.
4. Get a Daily Dose of Security Blogs: There are too many great security blogs to list, but I’d be remiss for not mentioning KrebsonSecurity, Wombat Security Blog and Errata Security. Of course, we provide a treasure trove of great information at https://www.alienvault.com/blogs plus we welcome and encourage blogs from guest bloggers sharing their InfoSec experiences. Please reach out ot us via @AlienVault and @SecurityBrew, if you are interested in guest blogging.
5. Follow InfoSec Thought Leaders on Twitter: It won’t take long to figure out who’s who on Twitter, but here’s a great list to start with:
- https://twitter.com/briankrebs
- https://twitter.com/hacks4pancakes
- https://twitter.com/SwiftOnSecurity
- https://twitter.com/thegrugq
- https://twitter.com/jaimeblascob
- https://twitter.com/highmeh
- https://twitter.com/J4vv4D
- https://twitter.com/chrisdoman
- https://twitter.com/binitamshah
- https://twitter.com/alexcpsec
- https://twitter.com/da_667
- https://twitter.com/jeremiahg
- https://twitter.com/jleyden
- https://twitter.com/joshcorman
- https://twitter.com/euroinfosec
- https://twitter.com/ra6bit
- https://twitter.com/andrewsmhay
- https://twitter.com/benrothke
6. Self-Study: There is a ton of free, self-study material on-line so take advantage of it. For instance, many of the sessions from the conferences above are posted on YouTube. Another great example is Dan Guido who posts all his classes from NYU Poly.
7. Learn How to Code: Coding skills are extremely beneficial in InfoSec, particularly languages like Python and PowerShell that enable automation of InfoSec tasks. More perspective on this is available in a recent blog post.
8. Get Hands-on with InfoSec Tools: Find ways to get hands-on experience with SysAdmin, network management and help desk tools which are important to know for those entering InfoSec. You’ll also want to spend time learning the InfoSec tools below:
- https://otx.alienvault.com/
- https://www.kali.org/
- https://www.metasploit.com/
- https://www.shodan.io/
- https://github.com/gentilkiwi/mimikatz
9. Create a Following: There’s no better way to learn than to teach. So start writing and sharing InfoSec topics that interest you on a blog, Twitter etc. Providing links to original content helps establish your reputation with would-be employers.
10. Find a Mentor: A good one is worth their weight in gold. Remember the really clever security researcher you spoke with at BSides? Of course, figuring out how to approach a potential mentor, especially one that you don’t already have a relationship with takes finesse. One approach is to figure out what you can offer them of value. Surely there is some task you can help him offload. In the process, you’ll learn by doing while giving something in return.
11. Compete in a Cyber Security Contest: Seek out cyber security competitions like the Cyber Security Challenge UK which runs competitions and introduces competitors to potential employers. Almost all InfoSec cons have Capture the Flag (CTF) contests as well.
12. Don’t Forget the Human Element: Security isn’t just about knowing TCP stacks and buffers. It’s in very large part about the users. So, don’t forget to invest time understanding the sociology and psychology that make us susceptible to clicking on malicious links and opening dangerous emails.
In the end, it’s more about people than machines.