Where do you begin when you have no experience?
In 2017, I wrote two articles on what to study and where to begin in cybersecurity. The first one I wrote in January was an explanation of fields of study for the different jobs that can be acquired in cybersecurity. In September, I wrote one that was more of a general overview of the different cybersecurity areas that consisted of GRC, offensive security, and defensive security. In this article, I want to take things back to the basics as far as what many forget when they look into cybersecurity.
Many people see that there is a huge push for cybersecurity these days and see it as a big payoff without ever knowing exactly what it takes to truly succeed in the field. When I began my Master’s degree in Cybersecurity, I was there with quite a few people who had absolutely no background in information technology, let alone cybersecurity. This is probably one of the biggest mistakes people can make. Without a beginning career in helpdesk, system administration, or network administration, you will most definitely be behind the curve. So before you begin down the path of cybersecurity, you may want to venture down the path of information technology.
There is nothing wrong with starting at the bottom and working a helpdesk job for six to 12 months to figure out how operating systems work and the issues that may arise; this may even be the start to finding bugs in the underlying systems. From there becoming a system administrator and learning servers and how the security structure works with active directory on Windows Servers or even samba on Linux will guide you on your way. Knowing Linux and how to utilize bash scripts or other scripting languages is your best friend when moving to cybersecurity. Next is the work of a network administrator. You should know by now that this isn’t an easy career field either as understanding ports, protocols, and how networks operate is a process, but if what you desire is to work in network penetration testing or network defense then it will be to your benefit to know networking.
While working in the fields previously mentioned it is there where you will start to work on your certifications and knowledge. If cybersecurity is your passion, then you can start by getting the CompTIA Security+ certification. This is the baseline certification looked for in any cybersecurity job. Once you choose your field of study in cybersecurity, you can then work on bettering your knowledge in that field both at home and at work. This is a field where you must consistently push yourself to learn more and advance your skills both at work and at home.
I hope I have given you a little insight on where and how to get started throughout this and previous articles.
In my next article I will layout what management should be looking for at the different levels of positions and why recent job postings have been a detriment to not only the security of companies but to the field of cybersecurity as a whole.