Getting started in any new field can be difficult, even for those in an adjacent field. I personally switched from a career doing something completely different to cybersecurity in about a year, so I know it is possible for you, too.
This article will detail essential training, certifications and tips for those looking to get started working in cybersecurity in the short term (one year or less). Keep in mind that the cybersecurity universe is bigger than you may think, and by reading this article, you will be better positioned to stake out your own little part of the cybersecurity universe.
There are four entry-level roles in cybersecurity you can get involved with. These are the most realistic places to get your start. These roles are:
- Cybersecurity specialist/technician
- Cybercrime analyst/investigator
- IT auditor
- Incident analyst/responder
Each of these roles is mapped to the National Initiative for Cybersecurity Education’s CyberSeek model for the cybersecurity workforce. Below are paths of essential training you can take to each of these roles.
For this position, you will want to take information security fundamentals training. This learning path teaches fundamental hardware, software and network security knowledge and explores widely used technologies, concepts and controls. There is also an overview of incident response, risk management and disaster recovery.
Computer forensics training is the recommended learning path for this role. This training will arm you with the base of computer forensics knowledge needed to work in this role by teaching how to conduct forensics on multiple devices and platforms, including operating systems, networks and files.
The training for this role is information security auditing. Infosec is a leader in cybersecurity training and this course will help put you in your IT auditing shoes faster than you may think is possible.
Those looking to get into this role will want to take the Incident Response and Network Forensics Training Boot Camp offered by Infosec, found here. This hands-on, five-day course will take you through the details of incident response, including tools used on a daily basis, attack vectors and methods for compromise.
The roles discussed above can all be arguably reached easier by earning a certification; thankfully, there is a relevant certification for each of these roles. These certifications are:
For this role, you will want to earn the Security+ certification. Hosted by CompTIA, this entry-level information security role will introduce you to a broad array of information security concepts, technologies and technical controls. This is one of the most requested certifications for the cybersecurity specialist/technician role by organizations hiring for this role.
Offered by Information Assurance Certification Review Board (IACRB), the Certified Computer Forensics Examiner (CCFE) certification will certify that the holder has the requisite hard skills and soft skills required to work in this role. Candidates will need to pass an online and practical exam to earn this certification.
The certification you will want to earn is the Certified Information Systems Auditor (CISA) certification, released by ISACA. This certification will build your auditing knowledge of information systems as well as tools, concepts and guidelines critical to IT auditing. This certification also covers enterprise IT governance, business continuity and security controls.
The certification for those interested in this role is the GIAC Certified Incident Handler, or GCIH certification. GCIH certifies an understanding of the incident handling process, detecting malicious applications, attack techniques, tools, vectors and defense techniques.
Tips for getting into cybersecurity
In what seems like a whole other lifetime ago, I was once working in the legal field. To keep the story short, I found that helping people with technology and solving the problems they face with security was my actual calling and simply made the shift.
At the time, I was working for a small law firm startup as a sort of glorified clerk and losing my taste for it. As with other startups, you have to wear many hats, and my favorite was the IT hat. After teaching a bunch of aging lawyers how to open files, print documents and the like, I soon faced down the first security threat. After configuring my first firewall, I was hooked.
With all that said, there is no one path to cybersecurity. Some may find an opening on the job and simply roll over into it the way I did, and some may feel that they want to bolster their resumes with the training and certifications above.
Whatever path you take, keep the following tips in mind:
- Communication: This can be the make-or-break point for many. Gone are the days of cybersecurity professionals being basement dwelling goblins. You are there to help people at the end of the day so make relationships count
- Bring value: Even those who find themselves in cybersecurity in less than a year will have to bring value to the organization. Few have security responsibilities to keep you busy all day, so find something relevant to do and demonstrate your value
- Dive in: Self-taught is how I did it, and many find that this is their bread and butter as well. Never stop learning!
- Have fun
Switching fields or roles can be stressful and challenging. Challenge has never stopped anyone who has ever done anything great, and you are no exception.
This article will help you get started in charting your path to cybersecurity in a year or less, but it should not be the end of your preparation and research. Changing over to cybersecurity is actually easier than you think: remember that “as you think, so you are,” and this definitely applies to working in cybersecurity. Your mind will start finding the many ways that cybersecurity can impact your organization quicker than you think.