How to start a cyber security career

How to start a cyber security career

What are some good tips for people who want to begin a career in cybersecurity? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.

Answer by Mårten Mickos, CEO of HackerOne, on Quora:

Cybersecurity is an attractive career for ambitious people and a great way to make the world a better place. If you want a career in cybersecurity, don’t wait. You don’t need to be of a particular age or gender. You don’t need any particular approval or certification or study place to get going.

Just start learning and start doing. Get involved any way you can. Bug bounties is a great way to learn and test your skills. Check out Hacker101. Just know that even if you can jump straight in, you will need skill, tenacity and patience to ultimately reach a rewarding level of proficiency. Bug hunters may need a year or two of learning before the start finding security vulnerabilities worth reporting. Most bug hunters study the Hacktivity feed where vulnerability reports are published once the vulnerability has been fixed.

Also note that to go far and to become a technical expert on cybersecurity, a lot of studying will be needed. What you invest in learning will come back as career opportunity. A degree in Computer Science will not hurt.

Many jobs in cybersecurity are highly technical, but some are not technical at all. The area of cybersecurity needs people with people skills, leadership talent, and business understanding. Don’t think you don’t fit in just because you don’t know the jargon or don’t get the technical details. The truly difficult challenges in cybersecurity relate to leadership of and collaboration between people. And on the most strategic level, cybersecurity is risk management.

As for industry segments and application areas, there are so many of them that it’s not possible to list them all. You can become passionate about network security, endpoint protection, application security, mobile security, cryptography, authentication, threat intelligence, identity and access management, phishing and social hacking, and so on. You can work with products or services, for a vendor or a customer, in a commercial company or the public sector, in operational roles or in leadership, with known technologies or new ones under development. You can become a consultant or an instructor. The list is practically endless.

You should know that behind the facade of seriousness and advanced terminology is a profession where normal people carry out normal tasks. Cybersecurity is certainly an exciting industry to work in. But it is not nearly as cryptic as it portrays itself. It is a bunch of people who have fun together while making the world a better place.

Daniel Miessler has written a great blog posting on how to build a successful career in cybersecurity. As you next step, read it! How to Build a Successful Career in Information Security / Cybersecurity | Daniel Miessler

This question originally appeared on Quora – the place to gain and share knowledge, empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions:

How to start a cyber security career

Cybersecurity is an in-demand field. Growing cyber attacks, demand for safe and secure data, and other concerns mean that companies need professionals to keep their information safe.

It’s a financially lucrative one as well: “Cybersecurity professionals report an average salary of $116,000, or approximately $55.77 per hour. That’s nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics.” (source)

But many cybersecurity professionals aren’t doing it for the paycheck alone. It’s a role that comes with an incredible amount of responsibility and brings immense value to an organization.

Moreover, there are lots of opportunities in government agencies and defense/aerospace firms for cybersecurity professionals. Also financial services – think industries with classified or private data. However, all kinds of companies are looking for cybersecurity professionals nowadays.

Image courtesy of Pexels.com

1. Don’t specialize just in security

The best security professionals have well-rounded experience in tech work. Sean Tierney, head of the cyber intelligence team at Infoblox, says, “The thing that will make you good at security is that you are great at something else first. For example, become a master of the fundamentals of data networks, be an expert at administering multiple operating systems or be proficient at multiple scripting languages (Python, Bash, etc.).”

If you’re coming to cybersecurity from another sector of technical work, Tierney’s colleague Rod Rasmussen, VP of CyberSecurity at Infoblox, has tips for switching over: “If you’re already in IT, then spend time studying up on network security, dealing with endpoint hygiene, or whatever is related to the work you’re already doing. You will find that you will become “the security guru” in your office pretty quick by doing that and from there, the transition becomes a lot easier.”

2. Sometimes it’s who you know–so network

This is something that’s true across industries. Tierney says, “Professional networking. Get to know as many people in the industry as you can. Get involved in open source or community projects. Another thing often overlooked in networking is offering to help others more than you ask for help.”

In-person networking is ideal: get involved in meetups, attend conferences, ask for tips over coffee with current security professionals of local tech companies. If these things aren’t possible, online networking is a good idea too.

3. Not in tech yet? Start by studying up on IT basics

Rasmussen advises, “If you aren’t in the IT space at all, start with learning IT fundamentals. We’ve seen this as necessary for even folks like FBI or other law enforcement officers who have the investigatory or ‘finding bad guys’ part down really well. That will serve you well in cyber, but regardless of your background, you need those building block fundamentals in IT in order to create an effective new career in cybersecurity.”

To gain these skills, check out technical and community colleges near you for night courses. “Most of those, particularly those that provide network management courses, offer good courses in security basics,” says Rasmussen. You can also look into online courses through websites like edX that feature top courses from real universities.

4. Legitimize your skills by earning certifications

The Security+ certification is a good place to start; having one will go a long way toward showing employers that you can handle the job duties of a cybersecurity job. Another common certification for cybersecurity professionals is the Certified Information Systems Security Professional (CISSP) certification.

Rasmussen points out that you don’t need to have a full degree or extensive credentials to become successful. “With the lack of manpower in the industry right now, just getting your basic credentialing and having at least some aptitude is sufficient to get an entry-level job. Those that are proficient will rise rapidly.”

5. Show initiative in your own time

Tierney says, “Self-directed learning and experimentation are critical. College degrees, vendor training and professional certifications are great. However, the most frequent interview question is always along the lines of, “tell me about your home lab, what kind of systems you’re running, and work you’re doing?” Followed up by, “what have you learned?”

Adds Rasmussen, “There are dozens of good books and courses on things like reverse engineering malware, tracking malicious activities on the internet and other such cyber-related skills. We’ve taken many folks with basic IT skills and turned them into very proficient cybersecurity engineers and investigators by supporting self-study combined with team-led reinforcement of those principles — usually in far less than a year.”

Contributing to open-source projects not only provides demonstrable initiative and skills, but it also helps out the tech community: a win-win.

6. Hone your data analysis skills

In cybersecurity, it’s critical to be competent at noticing trends in large amounts of data–so if you’re coming from a background in big data, you’ll be well set up. If you don’t come from that background, it’s well worth taking a course in it and getting some real experience collecting and analyzing large amounts of information.

With a lack of cybersecurity talent in the playing field these days, it’s a perfect time to get your start in the sector and set yourself up for lifelong success in a lucrative career.

How to start a cyber security career

Cybersecurity is an in-demand field. Growing cyber attacks, demand for safe and secure data, and other concerns mean that companies need professionals to keep their information safe.

It’s a financially lucrative one as well: “Cybersecurity professionals report an average salary of $116,000, or approximately $55.77 per hour. That’s nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics.” (source)

But many cybersecurity professionals aren’t doing it for the paycheck alone. It’s a role that comes with an incredible amount of responsibility and brings immense value to an organization.

Moreover, there are lots of opportunities in government agencies and defense/aerospace firms for cybersecurity professionals. Also financial services – think industries with classified or private data. However, all kinds of companies are looking for cybersecurity professionals nowadays.

Image courtesy of Pexels.com

1. Don’t specialize just in security

The best security professionals have well-rounded experience in tech work. Sean Tierney, head of the cyber intelligence team at Infoblox, says, “The thing that will make you good at security is that you are great at something else first. For example, become a master of the fundamentals of data networks, be an expert at administering multiple operating systems or be proficient at multiple scripting languages (Python, Bash, etc.).”

If you’re coming to cybersecurity from another sector of technical work, Tierney’s colleague Rod Rasmussen, VP of CyberSecurity at Infoblox, has tips for switching over: “If you’re already in IT, then spend time studying up on network security, dealing with endpoint hygiene, or whatever is related to the work you’re already doing. You will find that you will become “the security guru” in your office pretty quick by doing that and from there, the transition becomes a lot easier.”

2. Sometimes it’s who you know–so network

This is something that’s true across industries. Tierney says, “Professional networking. Get to know as many people in the industry as you can. Get involved in open source or community projects. Another thing often overlooked in networking is offering to help others more than you ask for help.”

In-person networking is ideal: get involved in meetups, attend conferences, ask for tips over coffee with current security professionals of local tech companies. If these things aren’t possible, online networking is a good idea too.

3. Not in tech yet? Start by studying up on IT basics

Rasmussen advises, “If you aren’t in the IT space at all, start with learning IT fundamentals. We’ve seen this as necessary for even folks like FBI or other law enforcement officers who have the investigatory or ‘finding bad guys’ part down really well. That will serve you well in cyber, but regardless of your background, you need those building block fundamentals in IT in order to create an effective new career in cybersecurity.”

To gain these skills, check out technical and community colleges near you for night courses. “Most of those, particularly those that provide network management courses, offer good courses in security basics,” says Rasmussen. You can also look into online courses through websites like edX that feature top courses from real universities.

4. Legitimize your skills by earning certifications

The Security+ certification is a good place to start; having one will go a long way toward showing employers that you can handle the job duties of a cybersecurity job. Another common certification for cybersecurity professionals is the Certified Information Systems Security Professional (CISSP) certification.

Rasmussen points out that you don’t need to have a full degree or extensive credentials to become successful. “With the lack of manpower in the industry right now, just getting your basic credentialing and having at least some aptitude is sufficient to get an entry-level job. Those that are proficient will rise rapidly.”

5. Show initiative in your own time

Tierney says, “Self-directed learning and experimentation are critical. College degrees, vendor training and professional certifications are great. However, the most frequent interview question is always along the lines of, “tell me about your home lab, what kind of systems you’re running, and work you’re doing?” Followed up by, “what have you learned?”

Adds Rasmussen, “There are dozens of good books and courses on things like reverse engineering malware, tracking malicious activities on the internet and other such cyber-related skills. We’ve taken many folks with basic IT skills and turned them into very proficient cybersecurity engineers and investigators by supporting self-study combined with team-led reinforcement of those principles — usually in far less than a year.”

Contributing to open-source projects not only provides demonstrable initiative and skills, but it also helps out the tech community: a win-win.

6. Hone your data analysis skills

In cybersecurity, it’s critical to be competent at noticing trends in large amounts of data–so if you’re coming from a background in big data, you’ll be well set up. If you don’t come from that background, it’s well worth taking a course in it and getting some real experience collecting and analyzing large amounts of information.

With a lack of cybersecurity talent in the playing field these days, it’s a perfect time to get your start in the sector and set yourself up for lifelong success in a lucrative career.

How to start a cyber security career

Everyone and most every thing needs some type of protection. You protect your home with locks or alarm systems; you protect your car with insurance, and you protect your health by going to the doctor. A major corporation or organization uses a security specialist to protect their software and network security system. A security specialist is smart career path to take to begin your career in cyber security, as you’ll be the go-to person responsible for the overall safety of your employer’s data.

SECURITY SPECIALIST JOB RESPONSIBILITIES

It is possible for a security specialist’s job responsibilities to vary depending upon place of employment. Here are some of the most common duties:

  • Keep up to date with security updates and improvements
  • Monitor the security administrations
  • Protect the system against damage, changes or illegal access
  • Ensure accurate security tools are running properly, including anti-virus software and firewalls
  • Implement training to colleagues
  • Develop system specialized security requirements

CAREER PATH AS A SECURITY SPECIALIST

Since a security specialist is essentially an entry level position in the large world of cyber security, there are positions you can start out in at first and then, you can work your way up the ladder into a management role. It is a great career to enter as there are several roads to travel toward executive-level roles.

Entry-Level

Senior-Level

IT Project Manger

Executive-Level

SIMILAR JOB TITLES

When researching the perfect job as a security specialist, make sure you keep your eyes open for job postings under other titles that could be classified as a security specialist. Here are some examples:

Network Security Specialist

Computer Security Specialist

Information Security Specialist

IT Security Specialist

JOB REQUIREMENTS

How to start a cyber security career

Hard Skills

  • Knowledgeable in SIEM—Security Information and Event Management
  • Ability to perform vulnerability and penetrations tests
  • Understand computer protection programs and software such as anti-malware, anti-virus and firewall
  • Fluent in programming languages like PHP, Java, C++, C# or C
  • Comfortable working with UNIX, Windows, and Linux systems
  • Confident in threat modeling, coding practices and ethical hacking
  • Understanding of Load Balancer, Proxy Server and Packet Shaper

Soft Skills

  • Self-motivated
  • Able to work well with others
  • Strong communication skills
  • Critical thinker
  • Problem Solver

Education When first starting out, some employers may accept an associate’s degree or a few years of work experience. To move your way up into some of the roles described earlier, a technical bachelor’s degree is usually going to be required. A master’s degree specializing in technical security, or obtaining approved certifications will give you the edge to further your career.

Work Experience Always inquire with a potential employer for their specific job requirements. Some companies may accept as little as 1-to-2 years of experience while some may require over five years of IT security experience.

SALARY EXPECTATIONS

The U.S. Bureau of Labor Statistics’ current Occupational Outlook Handbook lists the median annual salary for the commensurate job, information security analyst, at $99,730. Depending on where you live and work your salary could be as high as $158,000 per year.

ANNUAL MEDIAN SALARY OF

$99,730

Information Security Analyst

UPPER 10% OF THE PROFESSION

$158,000

or more

CERTIFICATIONS

Research your future employers’ exact job requirements. For security specialists, certifications may not be required when you are first starting your career. They are good idea to work towards while gaining some work experience however, and may help you at promotion time. Some certification options may include:

  • EC-Council Network Security Administrator (ENSA)
  • Cisco Certified Network Associate—Routing and Switching (CCNA)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA’s popular base-level security certification (Security+)

A security specialist is an excellent way to jump start your career in cyber security. Whether it is something you are striving for before college, or making a job transition, be prepared by garnering as much knowledge as possible toward what companies are looking for in potential employees. Major job requirements can widely vary among employers and you might miss the opportunity to build up your work experience and knowledge before making the leap towards a senior or management position. However you choose, a security specialist role is a career with many opportunities.

Are you thinking about doing a mid-career transition to a cybersecurity position?

It is a great field to join. There are currently millions of unfilled cybersecurity jobs in the US and countless more around the world. There are not enough qualified applicants to fill these jobs.

Because qualified applicants are limited, the salaries for cybersecurity jobs are on the rise. It is common for cybersecurity positions to pay more than six figures to folks who have some strategic IT certifications and just a few years of experience.

In your 30s, 40s, or 50s?

It is never too late to get into cybersecurity. I know plenty of folks in the industry that got started their 40s and 50s. With age comes valuable experience. Combine your current expertise with some cybersecurity training, and you will have a great head-start over many of the younger folks who are trying to break in the cybersecurity industry.

Perhaps you have years of experience in management, sales, teaching, or another profession where you deal with people. Such people skills can make you very attractive to a technology company. Many people who get into the field are introverts. A whole team of introverts requires leadership and someone with the interpersonal skills needed to deal with the clients and manage the people. With a little bit of cybersecurity education and a few certifications, you will be able to talk the talk, understand the mission, and become a leader or manager in this growing field.

You first need to prove that you know the basics. If you have been working with computers your whole career, then you probably have a good head start on your transition. If you have little experience with computers, then you have a bit more work to do.

Step 1: Get Certified

The first thing that employers look for is certifications. Certifications prove to the industry that you know your stuff.

CompTIA certifications should be your first step. Each certification will likely take up to a couple of months of preparation to pass.

For the absolute beginner, you should first choose the CompTIA A+ certification. If you already have a good background in computers, then you could skip to the Security+ certification. Here are the CompTia certification paths:

How to start a cyber security career

The certifications get harder as you move along the path.

Passing the Security+ exam will begin to open doors in the industry. The Department of Defense categorizes the certifications. The three levels are IAT1, IAT2, and IAT3. The Security+ certification puts you in the IAT2 category. Here is a visual of the certification levels:

You can see the value of each of these certifications by searching the job search engine, Indeed.com for IAT1, IAT2, and IAT3. You will find that the higher IAT levels qualify you for positions at higher average pay. As an example, here is a summary of jobs that are available in Northern Virginia for people who hold the Security+ (IAT2) certification:

How to start a cyber security career

But your ultimate goal should be to earn an IAT Level 3 certification. It will be a pretty significant commitment to studying and passing the CASP exam. The CASP exam does not require any experience to sit for it, but it is designed for well-experienced professionals. If you can do it, then you are setting yourself up to be qualified for a six-figure income. As an example, here is a summary of positions that are available in Northern Virginia for people who hold the CASP (IAT3) certification:

How to start a cyber security career

The CASP certification clearly demands a higher salary range.

Step 2: Get some experience

The next step is to get some experience on your resume. This might not be as hard as it seems. Many businesses are looking for computer help. Since you are already working, you may be able to pick up some additional job duties at your existing company. You could volunteer to help out with configuring laptops, troubleshooting issues, and a wide array of other tasks that can build your credibility in the industry.

One way to gain the needed experience is to start your own cyber consulting business. You can set this up as a sole proprietorship or a limited liability corporation.

You will need a website and some business cards. You can have a lot of fun and learn a lot if you set up your site using WordPress. There are plenty of tutorials online about how to get a WordPress site up and running.

You can then start approaching small businesses and offering your assistance as a part-time gig. The experience you gain can be strategically incorporated into your resume.

Step 3: Find your first position

After you have your certifications and have a bit of experience, then it is easy to get an entry-level job in cybersecurity. You may have to start at the bottom, but you can quickly leverage your skill to move up the ladder.

You may find it a bit harder to step into the industry in a mid-level position, but it is certainly not impossible. You can leverage your professional experience to get into a leadership position. You can then continue to learn and grow without having to be the one that does the highly technical work.

Step 4: Keep learning and growing

The fun thing about cybersecurity is that it continues to evolve and change. This requires continuous learning. After you are full time in the field, you should continue to gain certifications. Your goal should be to get to IAT level 3 (CASP or CISSP).

How to start a cyber security career

Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.

Nearly anywhere you look in the world, cybercrime is becoming an increasing threat. Some experts even go so far as to say that cybercrime is the greatest threat to virtually every company and organization on the planet, a fact that governments and corporations across the globe are taking very seriously. For instance, the US federal government spent $75.4 billion on information technology in 2011, an expenditure that ballooned to a total budget of $95.7 billion for IT in 2018. Meanwhile, in Australia, over 11,800 people reported incidents of cybercrime to the Australian Cybercrime Online Reporting Network between April to June 2017. According to the UK’s National Crime Agency, in 2016 cybercrime accounted for over 50% of all crime in Britain. Private security firms estimate that by 2021, global cybercrime damage will amount to about $6 trillion. What these figures clearly show is that cyber security is more important than ever, with professionals and specialists needed in almost every industry. So if you’re looking to pursue a career in cyber security, there’s no better time to start than now.

Know What You’re Up Against

Understanding the national and global impact of cybercrime is the one of the first steps towards pursuing a career in cyber security. Not only are these facts proof that cyber security is a promising career, they’re also indicative of how essential it is for every country and industry in to be able to defend against hackers. In fact, any industry whose resources can be moved and utilized via computers – which today is virtually every functioning industry – needs the expertise of people who understand how to prevent cybercrime. You should also be looking into networking with cyber security professionals who can provide you with valuable advice as well as leads on available jobs.

How Can You Help?

Determine which specific skills of yours can contribute to the job of securing a company’s data. Trip Wire explains that cyber security is divided into various domains , each with its own technical requirements. For example, threat detection and data protection fall under security operations. Meanwhile, security architecture is about access control, cloud security, cryptography, and secure network design. Risk assessment deals with determining how vulnerable your assets are to actual attack. On the other hand, user education is about training your users to be the first line of defense against cybercrime. These and other domains like threat intelligence, governance, and physical security all work together to protect a company’s data from theft.

Obviously you don’t need to stick to just working for one domain. Everyone who works in cyber security needs to know at thing or two about certain aspects of information security that may not necessarily be part of their main expertise. The more experience you have about the technicalities of each essential domain, the better you can predict and defend against any and all forms of cybercrime that falls under your responsibility. It is for this reason that Forbes recommends earning experience in the tech industry .

Get the Right Training

Getting the proper training and certification can go a long way in securing the right job for your skill set. Whether you enroll in an offline or online college to get your cyber security diploma or certificate, pick an institution that’s accredited by the both the National Security Agency as well as the Department of Homeland Security’s Center of Academic Excellence in Information Assurance/Cyber Defense Program. While bachelor degrees in computer science or programming can definitely help, specialized cyber security courses can give you the practical skills necessary to excel at different information security domains.

Cyber Security is a High Risk, High Pay Industry

As for the pay, you can expect a lucrative career from fighting cybercrime. Maryville University reveals that security engineers can earn as much as $88,000 annually while information security managers can rake in a yearly $100,000 – and those are just the lower to middle tiers of the cyber security career ladder. If you’re competent enough to become a chief information security officer for a medium to large company, your basic annual earnings could be upwards of $150,000. Just remember that there’s a reason why cyber security professionals are paid this much. Even the entry level jobs in this career requires tons of expertise.

Do Your Homework

If you’re looking to work for a particular company, do your research and really dig into that company’s security history and profile. Here on MyComputerCareer we have advised in the past , on how doing your homework can greatly increase your chances of getting the job and not just end with you getting frustrated due to spending too much time job searching. Do your research and make sure you have the proper expertise to actually defend the company’s data, at least from the predictable threats to its security.

About MyComputerCareer.edu

Based in Holly Springs, North Carolina, MyComputerCareer, Inc. is an innovative adult technical school with courses taught online and at its seven campuses in Indiana, Ohio, North Carolina and Texas. Students who complete MyComputerCareer’s rigorous Information Technology courses may earn up to 13 highly valuable IT Certifications in areas ranging from Operating Systems to Computer Networks and Cyber Security, certificates often required even for those with four-year college degrees. In addition, these courses form the foundation for students interested in obtaining an Associate’s degree from MyComputerCareer.

GI Bill ® is a registered trademark of the U.S. Department of Veterans Affairs (VA). More information about education benefits offered by VA is available at the official U.S. government Web site at https://www.benefits.va.gov/gibill.

Check MyComputerCareer Out!

Want to see more? Or are you looking for IT certifications like Comptia A+, CompTIA Net+, CompTIA Server+, CompTIA Server+, CCNA, CCENT, Microsoft Certified Professional (MCP), CEH and others? Come on over and check us out!

About the Author

JBOnline is a writer with over eight years experience in cyber security. She works as a security consultant for a wide range of businesses. Through her writing she hopes to demonstrate how important cyber security is in today’s digital world. In her free time she likes to be away from the computer and enjoys taking long walks.

How to start a cyber security career

Everyone and most every thing needs some type of protection. You protect your home with locks or alarm systems; you protect your car with insurance, and you protect your health by going to the doctor. A major corporation or organization uses a security specialist to protect their software and network security system. A security specialist is smart career path to take to begin your career in cyber security, as you’ll be the go-to person responsible for the overall safety of your employer’s data.

SECURITY SPECIALIST JOB RESPONSIBILITIES

It is possible for a security specialist’s job responsibilities to vary depending upon place of employment. Here are some of the most common duties:

  • Keep up to date with security updates and improvements
  • Monitor the security administrations
  • Protect the system against damage, changes or illegal access
  • Ensure accurate security tools are running properly, including anti-virus software and firewalls
  • Implement training to colleagues
  • Develop system specialized security requirements

CAREER PATH AS A SECURITY SPECIALIST

Since a security specialist is essentially an entry level position in the large world of cyber security, there are positions you can start out in at first and then, you can work your way up the ladder into a management role. It is a great career to enter as there are several roads to travel toward executive-level roles.

Entry-Level

Senior-Level

IT Project Manger

Executive-Level

SIMILAR JOB TITLES

When researching the perfect job as a security specialist, make sure you keep your eyes open for job postings under other titles that could be classified as a security specialist. Here are some examples:

Network Security Specialist

Computer Security Specialist

Information Security Specialist

IT Security Specialist

JOB REQUIREMENTS

How to start a cyber security career

Hard Skills

  • Knowledgeable in SIEM—Security Information and Event Management
  • Ability to perform vulnerability and penetrations tests
  • Understand computer protection programs and software such as anti-malware, anti-virus and firewall
  • Fluent in programming languages like PHP, Java, C++, C# or C
  • Comfortable working with UNIX, Windows, and Linux systems
  • Confident in threat modeling, coding practices and ethical hacking
  • Understanding of Load Balancer, Proxy Server and Packet Shaper

Soft Skills

  • Self-motivated
  • Able to work well with others
  • Strong communication skills
  • Critical thinker
  • Problem Solver

Education When first starting out, some employers may accept an associate’s degree or a few years of work experience. To move your way up into some of the roles described earlier, a technical bachelor’s degree is usually going to be required. A master’s degree specializing in technical security, or obtaining approved certifications will give you the edge to further your career.

Work Experience Always inquire with a potential employer for their specific job requirements. Some companies may accept as little as 1-to-2 years of experience while some may require over five years of IT security experience.

SALARY EXPECTATIONS

The U.S. Bureau of Labor Statistics’ current Occupational Outlook Handbook lists the median annual salary for the commensurate job, information security analyst, at $99,730. Depending on where you live and work your salary could be as high as $158,000 per year.

ANNUAL MEDIAN SALARY OF

$99,730

Information Security Analyst

UPPER 10% OF THE PROFESSION

$158,000

or more

CERTIFICATIONS

Research your future employers’ exact job requirements. For security specialists, certifications may not be required when you are first starting your career. They are good idea to work towards while gaining some work experience however, and may help you at promotion time. Some certification options may include:

  • EC-Council Network Security Administrator (ENSA)
  • Cisco Certified Network Associate—Routing and Switching (CCNA)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA’s popular base-level security certification (Security+)

A security specialist is an excellent way to jump start your career in cyber security. Whether it is something you are striving for before college, or making a job transition, be prepared by garnering as much knowledge as possible toward what companies are looking for in potential employees. Major job requirements can widely vary among employers and you might miss the opportunity to build up your work experience and knowledge before making the leap towards a senior or management position. However you choose, a security specialist role is a career with many opportunities.

Are you thinking about doing a mid-career transition to a cybersecurity position?

It is a great field to join. There are currently millions of unfilled cybersecurity jobs in the US and countless more around the world. There are not enough qualified applicants to fill these jobs.

Because qualified applicants are limited, the salaries for cybersecurity jobs are on the rise. It is common for cybersecurity positions to pay more than six figures to folks who have some strategic IT certifications and just a few years of experience.

In your 30s, 40s, or 50s?

It is never too late to get into cybersecurity. I know plenty of folks in the industry that got started their 40s and 50s. With age comes valuable experience. Combine your current expertise with some cybersecurity training, and you will have a great head-start over many of the younger folks who are trying to break in the cybersecurity industry.

Perhaps you have years of experience in management, sales, teaching, or another profession where you deal with people. Such people skills can make you very attractive to a technology company. Many people who get into the field are introverts. A whole team of introverts requires leadership and someone with the interpersonal skills needed to deal with the clients and manage the people. With a little bit of cybersecurity education and a few certifications, you will be able to talk the talk, understand the mission, and become a leader or manager in this growing field.

You first need to prove that you know the basics. If you have been working with computers your whole career, then you probably have a good head start on your transition. If you have little experience with computers, then you have a bit more work to do.

Step 1: Get Certified

The first thing that employers look for is certifications. Certifications prove to the industry that you know your stuff.

CompTIA certifications should be your first step. Each certification will likely take up to a couple of months of preparation to pass.

For the absolute beginner, you should first choose the CompTIA A+ certification. If you already have a good background in computers, then you could skip to the Security+ certification. Here are the CompTia certification paths:

How to start a cyber security career

The certifications get harder as you move along the path.

Passing the Security+ exam will begin to open doors in the industry. The Department of Defense categorizes the certifications. The three levels are IAT1, IAT2, and IAT3. The Security+ certification puts you in the IAT2 category. Here is a visual of the certification levels:

You can see the value of each of these certifications by searching the job search engine, Indeed.com for IAT1, IAT2, and IAT3. You will find that the higher IAT levels qualify you for positions at higher average pay. As an example, here is a summary of jobs that are available in Northern Virginia for people who hold the Security+ (IAT2) certification:

How to start a cyber security career

But your ultimate goal should be to earn an IAT Level 3 certification. It will be a pretty significant commitment to studying and passing the CASP exam. The CASP exam does not require any experience to sit for it, but it is designed for well-experienced professionals. If you can do it, then you are setting yourself up to be qualified for a six-figure income. As an example, here is a summary of positions that are available in Northern Virginia for people who hold the CASP (IAT3) certification:

How to start a cyber security career

The CASP certification clearly demands a higher salary range.

Step 2: Get some experience

The next step is to get some experience on your resume. This might not be as hard as it seems. Many businesses are looking for computer help. Since you are already working, you may be able to pick up some additional job duties at your existing company. You could volunteer to help out with configuring laptops, troubleshooting issues, and a wide array of other tasks that can build your credibility in the industry.

One way to gain the needed experience is to start your own cyber consulting business. You can set this up as a sole proprietorship or a limited liability corporation.

You will need a website and some business cards. You can have a lot of fun and learn a lot if you set up your site using WordPress. There are plenty of tutorials online about how to get a WordPress site up and running.

You can then start approaching small businesses and offering your assistance as a part-time gig. The experience you gain can be strategically incorporated into your resume.

Step 3: Find your first position

After you have your certifications and have a bit of experience, then it is easy to get an entry-level job in cybersecurity. You may have to start at the bottom, but you can quickly leverage your skill to move up the ladder.

You may find it a bit harder to step into the industry in a mid-level position, but it is certainly not impossible. You can leverage your professional experience to get into a leadership position. You can then continue to learn and grow without having to be the one that does the highly technical work.

Step 4: Keep learning and growing

The fun thing about cybersecurity is that it continues to evolve and change. This requires continuous learning. After you are full time in the field, you should continue to gain certifications. Your goal should be to get to IAT level 3 (CASP or CISSP).

How to start a cyber security career

Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.