The world of InfoSec is full of opportunities and challenges, but not everyone is ready to tackle them right out of school. There are universities that offer courses with a cybersecurity concentration. These courses touch various aspects of InfoSec, such as network security, cryptography, forensics, attacks and defenses, ethical hacking and more. This academic preparation is great but think of it as a starting point.
For rising professionals stepping into the world of cybersecurity, it is beneficial to gain practical knowledge on top of studies in universities. Create a lab environment, spin up some servers and secure them! A hands-on experience in a lab environment can help better prepare industry newcomers for a real-world scenario. You will be able to contribute and put forward your ideas to address the situation, which will help you grow professionally. Alternatively, you get to learn from your experienced peers. The internet has loads of free stuff to offer. For example, leverage online free CTFs (Capture the Flag) to break stuff, which can help you understand how to secure what you just broke. There are courses all over the internet that can help bridge knowledge gaps, and there are credentialing opportunities like ISACA® ITCA™and CSX programs through which beginners can learn cybersecurity fundamentals and advance their careers.
Furthermore, get in contact with the real world, know what vulnerabilities are coming out, and know what hackers are hacking. I would suggest reading through the news to get to know any new hacks that have just came out or any new CVEs. Some good reads could be The Hacker News or Krebs on Security by Brian Krebs. Moreover, one can engage with cybersecurity groups/organizations like ISACA and the SheLeadsTech program. These have an ample number of resources to learn and grow your careers. There are various events, webinars and podcasts that are organized by the organizations and can be leveraged.
It is important for professionals to understand what their area of expertise is and what role they see themselves in, in the next 3 to 5 years. Once you know which aspect of security you are comfortable with, you will need to do some research and get to know what skills are required for your desired role so that you can begin addressing those areas. For example, if you like to break into systems, try to develop skills of a penetration tester. Similarly, if compliance draws you, you could develop skills for a GRC profession. For someone who is unsure about the area of cybersecurity he or she is good in, I recommend gaining exposure to various aspects and evaluate what suits you the best, where your expertise falls and, most importantly, what interests you the most. This approach worked for me and I hope this will benefit other newcomers in cybersecurity as well.
Keep evaluating yourself and keep working toward filling any gaps that you might encounter. Ask your manager, superiors, professors or mentors for feedback. No matter what their feedback is, take it seriously and determine how it can position you for growth. Finally, set up a timeline for yourself to get to the finish line, and once you reach that finish line, don’t forget to evaluate yourself again. Then, take some time to look back on what you have achieved, keep setting new goals and strive to finish those in a finite timeframe.
Editor’s note: Find out more about ISACA® Information Technology Certified Associate (ITCA™) here.