Where do you begin?
Many people in information technology, or just starting out are wanting to enter into #cybersecurity. Using my personal journey, I want to showcase the paths I went and the paths one could take to venture into this large and growing field. This is intended for people attending college, or just simply looking at a certification track to start working immediately. Hopefully these can help guide you on your best choice.
Defend or Attack?
One of the biggest hurdles pertains to not knowing how to get started. To figure this out you have to realize that cybersecurity is a vast and ever-changing industry. Any time someone asks how to break into the field the first question I ask is do you want to break into systems (wireless, websites, physical, etc.) or do you want to learn the art of defending the way we deliver information? To excel in one, you guess it- you need to understand both well enough that you know how to defend and what to attack. These questions help me guide you down a truer path.
If you are unsure which side you prefer offense or defense, you should at the very least start with studying for and obtaining a baseline security certification like CompTIA's Security+.This means prepare and learn the material. It’s a baseline certification, but it has a wealth of knowledge to build on if you’re starting at zero. I understand that certifications aren't everything, however until you get your foot in the door somewhere, the certification will get you through HR and the knowledge that you should have will get you through the interview process.
Technical vs. Procedural and Beyond
Once you get your first baseline certification it is prudent that you start to learn Linux and some scripting language (Python, Ruby, Perl) if you intend to be more technical, rather than policy, or procedure oriented. Keep in mind I am making these assumptions since you should already have prior knowledge of the Windows and/or Mac operating systems.
If you’re in college, graduated and looking for a career, or never attended, the main thing you can do is network and grow your name. Document your journey from day one. Start a blog about what you are learning, start writing scripts that help in your day to day activities and put them on GitHub. Commit to making something that you can put on a resume, Twitter, LinkedIn, or any other platform to distinguish yourself. If you are trying to get a job with no formal experience, being able to show what you have done on your own is vital. By doing these things, you should also start establishing a network. Social networking isn't bad if used properly. Twitter has a lot of #cybersecurity and #infosec people that are worth following and developing a professional relationship with. If you find the right people, they will go to bat for you and help your network grow. You need a job, let it be known and it will get likes and retweets by the community. You want your blog to be seen? Put it out there for your network to see. I have met many great people through Twitter and LinkedIn.
Direction and Continuous Development
Once you have started documenting your journey, developing a presence, and studying you should be at a point where you start to see what you like about #cybersecurity whether that's offensive or defensive. You should also understand what certifications and knowledge will be required to advance your career. #SANS is a great organization that develops a multitude of certifications and training however they can be expensive and are usually paid for by your organization. #SecurityBlueTeam is an up and coming organization helping to develop #blueteam training and certifications that are more practical and hands on, and #OffensiveSecurity is the go to for developing your career as a pentester. Though, there are others out there that offer training like #eLearnSecurity and cybrary.it. Any of these avenues can help you develop into the professional you want to be.
This is the most important thing you have to do and remember is this. First, find a mentor. Someone who can help guide you on your journey. They don't have to be available 24x7, but someone who you can count on to give you advice and information about what you should be working on. Second, DON'T CHASE MONEY! I say this as someone who understands what it’s like to not have and wanting to do something just because it pays more. It won't guarantee you happiness or even that you are getting into a position that you will enjoy. I spent years serving my country and I spent time making pennies in #infosec, even though I had experience and certifications. By understanding that you will start at the bottom somewhere and must work your way up, you will develop patience and a thirst for knowledge. Both are required in this field. Finding the culture of an organization that will bring you piece of mind, and allow for training and advancement is more important than only going for money.
I hope this has been informative and if you would like any more information or are looking for a mentor do not hesitate to reach out on Twitter or LinkedIn.