This feature first appeared in the Spring 2021 issue of Certification Magazine. Click here to get your own print or digital copy.
Cybersecurity is one of the hottest areas of the tech job market right now. According to the 2020 (ISC)2 Cybersecurity Workforce Study, there are more than 3 million open cybersecurity jobs globally — with 64 percent of organizations reporting a shortage of cybersecurity staff. Since the onset of the COVID-19 pandemic, the FBI has tracked a 300 percent rise in reported cybercrimes.
Companies are accelerating their digital transformation strategies, and remote work is becoming the new normal. The recent SolarWinds breach drove home the point that the overall cybersecurity threat only gets worse with time, the stakes get higher, and the tools used by hackers get more sophisticated.
Cybercrime Magazine estimates that the cost of cybercrime will reach $10.5 trillion globally by 2025. Naturally, there is a growing demand for skilled cybersecurity professionals to educate workplace personnel, help companies manage and improve their cyber defenses, and combat threats.
Career paths in cybersecurity
There are many different roles and responsibilities in cybersecurity. Some of the most common include:
- Application Security
- Data Loss Prevention
- Incident Response
- Network Security
- Security Architecture
- Threat Intelligence
- Vulnerability Management
- Penetration Testing
- Cloud Security
So there's no shortage of options for choosing a career path in cybersecurity. As you can see from looking at that list, there are many different types of skills and experience that anyone with a career interest in cybersecurity will need in order to be successful.
There's a lot of ground to cover in that list, and a successful cybersecurity professional doesn't necessarily need to have expertise in everything. Having a variety of skills, however, will certainly help open up more opportunities to any individual pursuing a cybersecurity career path.
Keys to success
Whether you are just starting to think about a career in cybersecurity, or you are already well on your way, there a number of steps you can take to help prepare for success. Let's talk about some of the best things that any aspiring cybersecurity professional can do while in high school or college to prepare for a successful cybersecurity career.
Build a solid foundation
Before you start working on gaining cybersecurity-specific skills, make sure that you have a solid foundation of both technical and non-technical skills. Doing security effectively at scale requires a holistic understanding of the threat landscape and how people, processes, and tools all play a role in combatting threats and securing an organization.
From a technical perspective, you will want to get exposure to and experience with a wide variety of information technology (IT) domains. This includes, but is not limited to, operating systems, networking, application development, databases, identity and access management, logging and monitoring, cryptography, and cloud-based services.
You don't need to become an expert in every technical area. On the other hand, having a wide-ranging IT foundation will greatly help you when you are ready to focus more specifically on security-related technologies and techniques.
From a non-technical perspective, having effective communication, analysis, and critical thinking skills is also essential. Cybersecurity isn't just a technical issue — effectively managing and addressing cybersecurity challenges requires collaboration from everyone involved in a given business or organization.
Education and training
Get as much education and training as you can so that you can learn from the experts and not have to figure out everything on your own. If you can, get a degree in Computer Science (CS). Having a CS degree will provide a solid foundational understanding of a wide range of IT disciplines. It will also open up opportunities to pursue some of the more advanced cybersecurity careers.
Getting a degree, however, isn't the only educational path to consider. Industry certifications can also help you gain and demonstrate critical skills and knowledge. As you start down this road, don't make cybersecurity certifications your first point of emphasis — start with the basics.
Begin with certifications that cover fundamental IT skills, like the A+ and Network+ credentials offered by tech industry association CompTIA. From there, you can expand to areas like server and cloud administration, and programming. Once you have a strong IT foundation, you'll be in a much better position to take on security-specific training and certifications.
As part of charting your education and training course, you should set up your own lab environment where you can practice and test your skills. Your personal lab doesn't need to be expensive, or expansive. It can be put together with used equipment you can buy online, or get cheaply from a local computer recycling company.
You can also check with local companies or schools in your area to see if you can take older equipment they no longer use off their hands. Once you have some 'live' equipment to play around with, sign up for one of the free or low-cost subscriptions offered by Amazon Web Services (AWS), Azure, or Google Cloud. Cloud computing is taking over most IT functions, and this will help you gain hands-on cloud experience.
Learn to use ethical hacking tools
So-called 'ethical' or 'white hat' computer hacking involves testing your skills against live targets, always with the permission and full awareness of whatever entity you are attempting to breach. Before you get to that level, however, it's critical to become familiar with the skills and techniques you will be using.
There are a number of free ethical hacking tools available to help any prospective security professional learn effective cybersecurity skills and techniques — indeed, many of them are the same tools that you will use in your professional career. Purpose-built exploitation toolkits like Metasploit and the Kali Linux distribution are a good place to start.
You should also learn to use vulnerability assessment tools like Wireshark, Nmap, Nessus, and OpenVAS. There are numerous tutorials and training videos available online to help you learn and master these and other tools. If you aren't sure where to look, ask a teacher or security professional for assistance.
Bug bounties and capture the flag
Once you have gained some solid cybersecurity skills, test what you've learned by participating in bug bounty programs and capture the flag (CTF) tournaments. Helping to uncover bugs in real-world programs and applications, and engaging in supervised competition against others, are both excellent ways to gain practical experience and also demonstrate your skills and abilities to potential employers.
Some bug bounty programs and CTF tournaments even offer financial incentives to the strongest participants. Don't focus on making money as your primary incentive, however — this is mostly an opportunity to learn and demonstrate your skills. Most importantly, always play by the rules in both settings. Never hack a system without getting permission first, and be ethical in everything you do.
Stay connected with other cybersecurity professionals
One of the best ways to keep your cybersecurity skills sharp, while also connecting with others in the field, is to attend local or virtual cybersecurity conferences and participate in security clubs. At these conferences and club events, you will learn about the latest threats and the tools and techniques used to fight against them.
You will also have opportunities to meet and network with a wide variety of people in the cybersecurity field. These connections can be key to helping get your foot in the door at a future employer. Security clubs can provide great opportunities to meet local cybersecurity pros in your area, and even find mentors who may be able to help you navigate your career options.
Look into summer internships
If you are planning to pursue a degree in Computer Science, or are already doing so, then be sure to look into cybersecurity-focused summer internships. More and more companies are offering these as a way to not only augment their full-time security team during summer months, but also get on the radar of upcoming CS graduates who will consider them as a future employer.
These internships are a great opportunity to get real-world, paid cybersecurity experience while you are in college. While cybersecurity internships are generally for junior-and senior-level students, some companies will consider freshmen and sophomore students who have exceptional skills and abilities. Start checking job postings early in the year, as such opportunities can fill up quickly.
Even if you aren't pursuing a degree in Computer Science, if you have several certifications and some demonstrated experience with things like bug bounty programs, then it may still be worth it to see whether employers would consider you for an internship program. It doesn't hurt to ask — with demand for cybersecurity specialists outstripping supply, you may surprise yourself and others.
Pursuing cybersecurity will set you on a path to one of the most exciting, challenging, and rewarding career opportunities available. As a trained cybersecurity professional, you will find that there's never be a dull moment, and your opportunities for continuous learning and advancement are almost limitless.
Not only that, but all the while you will be helping to protect your employer's most critical assets, data, and infrastructure — ensuring that they can continue to grow and prosper into the future.