Cybersecurity Career Without Direct Experience
In these rapidly changing times of uncertainty, individuals looking for employment or a prospective career change should ask themselves two questions:
- Will this job still be relevant in ten years? How about in twenty years?
- Is this career recession-proof?
Cybersecurity is a field that answers a resounding yes to both questions.
Cyberattacks are a genuine threat to Americans. Globally, damages from cyber crime are expected to hit $6 trillion by next year. Cybercriminals are savvy and ever-evolving, and as reported in the 2020 Cyberthreat Defense Report, more active than ever. Here are some insights from the report:
- 80% of respondents had suffered at least one successful cyberattack in the previous year – the highest percentage in the history of this survey.
- Over 35% of organizations had suffered over six successful attacks in the last 12 months.
- 62% of organizations surveyed were victimized by ransomware last year, a form of malicious software that infects computers and holds their systems and personal files hostage. Of this, 58% of organizations paid a ransom.
- Security makes up, on average, 13% of IT budgets and this percentage is expected to continue to increase.
- Rogue insiders are one of the most pressing challenges keeping IT departments up at night.
This same report stated that 85% of organizations are facing an IT security skills shortage. The field of cybersecurity may seem daunting, however it is a vast and diverse field with many points of entry options. Below we’ll explore just how easy it can be to get your foot in the cybersecurity door.
The Basics
Cybersecurity provider Varonis predicts 3.5 million vacant IT security positions in 2021. This is a field in which demand is significantly overtaking supply and is therefore rife with opportunity. At the core, working in cybersecurity requires a strong interest and aptitude in IT systems. If you are someone who continually procrastinates on your latest smartphone software update or regularly clicks on email attachments from strangers, cybersecurity is likely not for you.
Second, cybersecurity is continually developing and its practitioners need to develop right along with it. A willingness, or ideally a desire, for ongoing learning and upskilling is a necessity.
Is Cyber Security a Fit for You?
Now that you have established the baseline for exploring cybersecurity as a career path, the next question you should ask yourself is, “will I enjoy this job and is it the right fit for me?”
Here are some key characteristics of individuals who thrive in this role:
- Detail-oriented–You’re good at noticing and paying attention to the details. This is important in cybersecurity, where even a slight mistake can have costly consequences.
- Tech-savvy–having a healthy level of comfort with computers and an aptitude for adopting new technologies is a must.
- Methodical–working in cybersecurity means that you are dealing with cybercriminals, who are intelligent and ruthless. It requires a methodical approach in order to understand the issue at hand, identify vulnerabilities, and prevent future recurrences.
- Realistic–getting (non-IT) employees to take cybersecurity seriously and adopt safe IT practices is critical, however asking these same employees to change their passwords on a weekly basis is not reasonable. Be realistic about what the average employee can be asked to do to support building IT security.
- Strong communicator–the ability to communicate succinctly and appropriately is a tremendous asset for those working in cybersecurity. One minute you may be in dialogue with a peer who has a high level of technical expertise, the next minute you may need to discuss the same issue with a business executive who has very little understanding of technical terminology.
- Problem-solver–so much of the life of a cybersecurity professional is spent engaged in troubleshooting, so having the ability to detect a problem and then solve it is a major advantage.
Related Reading: Cybersecurity Careers Pros & Cons
Related Reading: Cybersecurity Resources for Job Seekers
Go Forth And Hack
Traditionally, those eager to work in cybersecurity would start off down that path by obtaining a software development or computer networking degree, and while these are still viable pursuits, they are no longer a necessary requirement.
The best piece of advice for someone who is looking to break into cybersecurity is to just start getting your hands dirty. Learning networking is key–having a solid understanding of how computers and devices communicate with each other. Having a mastery of networking was identified as the most desirable skill in a survey of over 500 cybersecurity practitioners, yet only 4% of job candidates had this skill. Start off by buying a book about networking (here is a list of ten recommended reads). Explore some of the tools available to help better understand network applications (Wireshark and Tcpdump being two such tools). Befriend other cybersecurity and wannabe cybersecurity experts–this is a vast industry full of multiple member-based organizations and meetups (LinkedIn has a ton of these groups), several of which run conferences and professional development programming. Check out the many free vulnerability discovery resources available (such as nessus and Nikto). And finally, build your own hacking lab, and get to playing hacker (not on third-party sites, of course). Bug bounty programs are an excellent way to get cybersecurity experience, and may reward users with incentives.
Massive Online Open Courses
Massive Online Open Courses (MOOCs) are another fantastic resource for those looking to become more cyber-aware. These are online courses available to all at no cost and provide a flexible way to learn new and innovative skills. This list of 14 free MOOCs includes courses ranging from International Cyber Conflicts to Cybersecurity Fundamentals to Stanford’s Cryptography seven-week course.
Certification Options
Cybersecurity certifications are another option worth exploring. Forbes reports that 96% of IT leaders feel that these certifications add value to their teams. Certifications continue to grow in popularity as they require less of a commitment in time and money than an undergraduate or graduate degree. These programs also have more flexibility than degree programs to pivot and adapt as needed to avoid dated curriculum. Several certificate programs are available online, and in the cybersecurity space, certifications tend to be focused on helping to build a specific skill set. The three most in-demand cybersecurity certifications in North America are currently the Certified Information Systems Security Professional (CISSP) designation, the Certified Information Security Manager (CISM) designation, and the Certified in Risk and Information Systems Control (CRISC) certification.
Related Reading: CompTIA Training Available on Military Hire
If you are intrigued by cybersecurity and willing to put in the effort, now is the time to act. Many in the cybersecurity field are self-taught and provided you have the passion and determination to keep yourself motivated you can position yourself to help meet this high cybersecurity demand.