From entry-level to more advanced career paths, there are plenty of opportunities for figuring out how to get into cybersecurity.
Consider the latest cybersecurity job numbers:
|1,129,659||The number of people employed in the cybersecurity workforce|
|663,434||The number of cybersecurity job openings post in the past year|
Cybersecurity remains a critical topic of discussion in tech today. From ransomware attacks taking down entire hospital networks to data breaches impacting hundreds of millions of people at a time, these challenges are constantly in the news.
Companies are scrambling to find productive ways to combat cyber-attacks. Successful management of cyber risk means having the right team of experts on board to execute on a robust security strategy.
The challenge, however, is that the industry is experiencing a mass shortage of talented and qualified cybersecurity professionals. Now is a great time to build a career in cybersecurity to meet this demand. But how do you know where to start? Here are a few tips:
cybersecurityguide.org is an advertising-supported site. Clicking in this box will show you programs related to your search from schools that compensate us. This compensation does not influence our school rankings, resource guides, or other information published on this site.
Featured Cybersecurity Training
|School Name||Program||More Info|
|UT Austin||The Cybersecurity Bootcamp at UT Austin||website|
|University of Pennsylvania||Penn Cybersecurity Bootcamp||website|
|Southern New Hampshire University||Online BS in Cybersecurity or Online MS in Cybersecurity||website|
|Purdue Global||Online BS in Cybersecurity||website|
|UC Berkeley School of Information||Online MS in Cybersecurity | No GRE/GMAT Required||website|
Get exposure to the various domains of cybersecurity
When someone introduces themselves as a doctor – a curious person who knows anything about the industry will likely ask, “What kind?” Eye doctor? Foot doctor? Pediatrics? The list goes on and on. The same logic applies to cybersecurity.
Depending on who you talk to, there are at least 15 to 20 different domains in cybersecurity and dozens of roles to choose from. Each requires a different skill set and thought process. This guide contains examples of different cybersecurity career paths. The bottom line is that it’s hard to know where your passions and skills may align unless you get the exposure and try different things.
I suggest taking a brief online class that can give you a fundamental overview of what cybersecurity is. You can find classes through online training platforms like Udacity, Cybrary.it, Coursera, Udemy, Khan Academy, etc. This guide contains more specific info about finding cybersecurity courses online. If you are a formal student currently, see if your school offers cyber security classes and consider taking one!
It’s also common to categorize domains in three areas:
- Senior leadership
The management domain is all about the oversight of cybersecurity within the organization. Though it’s important to understand as much as you can about technology and the technical nuances behind cyber risk, this area tends to be less technical than others. Instead of configuring systems or getting deep into operational support, a career path in this space entails using business savviness, organizational management, and soft skills to programmatically manage security.
In the technical domains, you’d likely be digging into systems, data, tools, and networks a lot more with the aim to technically prevent, detect, and respond to cyber threats. Finally, like any industry, company culture and leadership plays a critical role in the success of the business, making the senior leadership domain very important.
Pick a career development path or, better yet, mix it up
There are so many ways into security. I know people like me who studied it in school and got in. I know people who were once nurses, biologists, historians, law enforcement officials, lawyers, and more who now work in the cyber security space. There isn’t really a preferred path. The truth is that the majority of the people who are leaders in cyber security today don’t have formal education backgrounds in the disciplines because it simply didn’t exist a few years ago.
With that in mind, below are a few options for building your path.
Consider diverse paths into a cybersecurity career
1. The formal education route: Today, more schools are offering degrees in cyber security. I ended up getting a master’s degree in Information Security from the University of Houston and a Ph.D. in Security Engineering from the University of Colorado that really helped catapult my career in cyber. If you want to take the education route, look into programs at various schools, read reviews, and determine if that’s an investment you can and want to make.
2. Alternative program/training route: If a formal degree isn’t an option or desire for you, there are also technical programs that are surfacing to help people fast track their careers in cyber security. Below are a few examples, but there are tons of others. Do your research:
3. The self-taught route: Leverage Google to do research on the industry. There is a lot of free information online regarding cybersecurity. When I wanted to build my expertise, I used them all. For example, the greatest hackers aren’t just learning how to hack in school. Many of them are self-taught. The same can apply to other domains as well. You can read content online, set up your own lab, and try teaching yourself about the industry. One challenge to keep in mind is that while many companies are progressive and focus more on competency than credentials, many still have stringent degree and certification requirements. This doesn’t mean that hope is lost. It means that first, you need to make sure you are really good at what you do. Secondly, you need to seek out progressive companies that are open-minded about qualifications.
4. The certification route: There are cybersecurity certifications that can help you build your credential pool and skill set, whether you’ve chosen any of the paths above. Some examples include CISSP, Security+, CEH, and CISM, and tons of others.
5. The hybrid route: Lastly, there is the hybrid route. I’d say this is the path that I took and probably the best option. Doing a mix of formal education, self-taught learning, technical trade classes, and certifications allowed me to learn as much as possible about the industry and grow at a faster pace. Doing so gave me exposure to so many different domains of cybersecurity, and it allowed me to discover what I loved in the industry quickly. Once I found that sweet spot, I began to excel even more because I loved what I was doing and got pretty good at it.
Unconventional paths to experience
A big challenge in cyber security is that it’s such a high-risk area that companies tend to prefer people who have done the work before. It’s a Catch 22 because there aren’t enough experienced professionals without jobs to fill that need.
What it means for people early in their careers is that having a degree or certification helps, but experience talks! I got creative to solve this problem for myself by always interning or working full-time in cyber security while learning at the same time. I did this by shadowing professionals, doing internships, apprenticeships, and more. I also volunteered to do cybersecurity projects for non-profits and startups who were more willing to take a chance on me while I built up experience.
No matter what industry or path you are transitioning from, these are great ways to start building up experience.
Building a career in cybersecurity can be extremely rewarding. With the right exposure to the various domains and career paths, along with a creative strategy for building up experience – you’re well poised to succeed!
Frequently asked questions
To pursue a career in cybersecurity, you need a strong foundation in computer systems and networks, along with skills in areas such as programming, risk management, and information security. Some essential skills include knowledge of operating systems, networking protocols, cryptography, vulnerability assessment, incident response, and security frameworks. Strong analytical and problem-solving skills, attention to detail, and a continuous learning mindset are also crucial.
While a degree in computer science, information technology, or a related field can be beneficial, it is not always a strict requirement. However, certain certifications are highly valued in the cybersecurity field. Examples include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), and CompTIA Security+. These certifications validate your knowledge and expertise in specific areas of cybersecurity, and they can enhance your job prospects.
Gaining practical experience in cybersecurity is crucial. You can start by setting up a lab environment to practice different techniques and tools. Participating in capture-the-flag (CTF) competitions and online cybersecurity challenges can also help you develop practical skills. Additionally, consider seeking internships, volunteer work, or part-time positions with organizations that offer exposure to real-world cybersecurity scenarios. Building personal projects, contributing to open-source projects, and engaging in bug bounty programs can further showcase your abilities.
There are numerous online resources and courses available to learn about cybersecurity. Some popular platforms include Coursera, Udemy, edX, and Cybrary. Specific courses like “Introduction to Cybersecurity” by Cisco Networking Academy, “Cybersecurity Fundamentals” by IBM, and “The Complete Cyber Security Course” by Nathan House are highly recommended. Open-source resources like OWASP, NIST publications, and the SANS Institute also provide valuable cybersecurity knowledge.
While proficiency in multiple programming languages is beneficial, certain languages are commonly used in cybersecurity. Python is highly recommended due to its versatility and extensive libraries for security-related tasks. Additionally, knowledge of languages such as C/C++, Java, PowerShell, and scripting languages like Bash or PowerShell can be valuable for tasks like reverse engineering, exploit development, and automation.