With the demand for cyber security experts so high (over 300,000 open positions in the U.S.), you might ask, “How do you get into the field?”  Over the years we have posed this question to many experts in the security community.  Here is a summary of their advice and a list of many, many FREE resources they provided.

REALITY CHECK:  Here are a few words of advice before you jump in and get started.

  1. Cybersecurity is hard and very technical.  All of the easy-to-identify hacks have already been addressed.
  2. If you don’t love learning, pick another field.  Cybersecurity changes every day and requires extensive and continuous studying to stay on top of all the creative new threats hackers dream up.
  3. Companies will not throw jobs offers at you because you say you are interested in cybersecurity and worse, they often won’t look at you even if you have a cybersecurity degree.  No, they want experienced people who can make an immediate impact.  Therefore, to land your 1st job, you will need to ‘break’ into the security job market.  This usually comes through internships, volunteering (i.e. helping secure a non-profit), or direct networking.

If you are still interested in a career in cybersecurity, here is some great advice from the Security community:

  1. READ, READ, READ:
    • Sign up for Cyber newsletters to stay up to date on current threats and trends. Some of my favorites include:
  2. Learn to Hack:
    • Learn Linux:  Most hacking takes place at the scripting level, therefore, you need to become extremely familiar with the Linux operating environment.
      • Try to understand how and why the tools in your toolbox work.
      • Run through as many hands-on scenarios as is practical using whatever resources you have access to.
      • Learn with real-world scenarios, as theory and practice are not always congruent.
    • Learn Scripting Skills:  Learn basic coding skills (i.e. C Shell, Python, ruby, etc).
    • Build your own lab:  
      • Build/upgrade a desktop PC to at least 16GB RAM, and run your choice of Linux desktop.
      • Build a virtual pentesting lab including Kali and Ubuntu server and (licensing permitting) Windows server & Desktop OSes as well.
      • Develop Python expertise so you can write your own pentesting tools. That will also deepen your understanding.
      • Here is a step-by-step guide on how to build your own lab:  How To Create A Virtual Penetration Testing Lab At Home
  3. Connect with Security Professionals:  Never underestimate the power of networking. If there are local ISC2, ISSA, or ISACA chapters, attend a meeting and network – and keep going.  One visit will not generally yield results.  Those who are consistently showing up will reap the benefits of the membership.
  4. Obtain Certifications:  
    • You may want to start off getting some basic certifications that don’t require experience such as:
    • Once you are experienced, you could further your career by getting these certifications:
      • CISA – Certified Information Systems Auditor
      • CISM – Certified Information Security Manager – Requires more proof of experience than CISSP
      • CEH – Certified Ethical Hacker
      • CISSP – Broad, shallow certification, but best recognized.
  5. Training:  
      • Take SANS courses. They are not cheap, and that may be a challenge, but unlike many other courses, SANS training is hands-on, practical, and builds strong, real-world skills.
      • Join online security communities for a ton of free and paid training opportunities.  Here are just a few:
  6. LinkedIn Courses:

1. Become an Ethical Hacker – https://lnkd.in/gMF798eN

2. Footprinting and Recon – https://lnkd.in/gA64a7HN

3. Scanning Networks – https://lnkd.in/gj-hu9XZ

4. Enumeration – https://lnkd.in/gV6AqCRg

5. Vulnerability Analysis – https://lnkd.in/gPxM2CdZ

6. System Hacking – https://lnkd.in/gaK_Qc24

7. Malware Analysis – https://lnkd.in/gCcrkRAu

8. Sniffers – https://lnkd.in/g_XD8Bmc

9. Social Engineering – https://lnkd.in/gatK3cCA

10. Denial of Service – https://lnkd.in/gjzjcYmC

11. Session HiJacking – https://lnkd.in/grT8EbQP

12. Evading Firewalls – https://lnkd.in/gra9UhWZ

13. Hacking Applications – https://lnkd.in/g37DgZQN

14. Hacking Wireless – https://lnkd.in/gcJjpmpG

15. Hacking Mobile – https://lnkd.in/ggQY5dPX

16. Hacking IoT Devices – https://lnkd.in/gx_WiJVv

17. Learning Cryptography – https://lnkd.in/gmVvKGFa

18. Cloud Computing – https://lnkd.in/gNqPkXZD

19. SQL Injection – https://lnkd.in/gXCFtHwm

  1. Experience through Charities:  Find Non-Profit organizations that need security help but can not afford traditional consultants.  This shows your ‘giving’ spirit plus it allows you to hone your skills.
    • Check out Hackers for Charities https://www.ihackcharities.org/ They pair IT people with charities who need work done. The charity gets its project completed, and you can get a nice recommendation for your resume.
  2. Early Career Paths – Anyone just starting a career in security could take one of these routes:
    • Assessor:  Become a QSA or work for a company performing gap analysis. Although this is more compliance and assessments, it will give you exposure to a wide range of environments and implementations.
    • System Engineer:  Work as a system administrator or network engineer.  Practical experience in operations is always useful for a career in information security.
    • Pen Tester: Learn penetration testing as many companies accept newbies in this field.
    • Analyst:  Start out as an analyst in a SOC or Incident Response area.
    • Application Development:  Focus on AppDev and WebApps as this is really popular right now because of the amount of exposure at that layer.
    • Work for your School:  If your degree is from a US University then look there.  Many Universities themselves are looking for Cybersecurity or Information Security staff, and they typically have different standards than the business or general government field.
    • Federal Jobs:  You may also want to explore working directly with the US government (FBI, CIA, NSA), specifically if you have language skills other than English.
    • Focus on one area first:  Stick with the field you are trying to get a job in and don’t branch out too much. It is extremely valuable to become knowledgeable about one particular technology “bucket” of which security sits on top.

While this is not a complete list of resources, this is direct advice from those who have had to build their security careers the hard way.  Hopefully, this summary gives you a roadmap to get your career kick-started in the right direction.

About Tim Howard

Tim Howard is the founder of 4 technology firms including Fortify Experts which helps companies hire the Best Cyber Talent on the Planet as well as provides expert consulting and NIST-based security assessments.

In addition, he has a passion for helping CISOs develop Higher Performing Teams through coaching, by creating interactive CISO Forums, and by helping them create highly-effective team cultures.

With each new hire, his firm produces an Employee Operating Manual to help clients understand how to motivate and maximize productivity while meeting the needs of each employee.

He also teamed up with Lyndrel Downs to launch Cybersecurity DIVAS to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the industry.

Tim is married with 3 kids. He is an avid runner and has completed two IRONMAN Texas events. He is also a graduate of Texas A&M University. 

Invite Tim to connect:  www.linkedin.com/in/timhoward

 

3 Replies to “Free Resources to Help You Start a Career in Information Security”

Comments are closed.