How did you "break into" Cybersecurity as a career? (pun intended! 😀)
How did you get started? Did you begin with a career in military, start in the IT field or change your career from another path? Share your insight with others!
Starting out brand new or changing career paths is overwhelming.
At (ISC)² we want to help close the cybersecurity workforce gap of 2.7 million and establish a clear new pathway for the next generation of professionals to pursue a rewarding career in cybersecurity. (ISC)² has created a new entry-level cybersecurity certification.
Are you looking to start a career in Cybersecurity? Jumpstart your career and register for the entry-level certification that will prove to employers you have the foundational knowledge, skills and abilities necessary for an entry- or junior-level cybersecurity role. It will signal your understanding of fundamental security best practices, policies and procedures, as well as your willingness and ability to learn more and grow on the job.
Do you have advice for job seekers? Share your insight and post below! What else would you add to our page? How to Find a Cybersecurity Job
I got my start into cybersecurity while performing computer operator work. Computer Operators were not highly thought of in the IT world as most people just assumed that you "Pushed a series of buttons and reports printed out. Then you distributed the reports." While that WAS true, it did not encompass all of my duties. While it was not that difficult, I wanted more. I asked what jobs I could do extra, I looked for jobs not being done and volunteered to do them for free. I saw plenty of people around me say "When they pay me, THEN I'll do them." I quickly surpassed all of them as I was obtaining experience and resume building actions, while they waited to get paid first. Soon my resume was a lot better than theirs and I was promoted. Cybersecurity is all around you and I'm willing to bet there are things that are not being done in your organization that you could volunteer for to get experience. By volunteering to do these tasks, in addition to my normal tasks, I was able to get good experience and earn the trust of my bosses. This allowed me to take on progressively tougher tasks and earn even more experience. It took me 12 years to go from a computer operator to the CIO position.
Now I also had to move around in order to get promoted. My kids probably thought we were a military family as much as we moved around. I went where the jobs were and where the promotions were. This allowed for quick ascension up the career ladder. I still kept on looking for the undone tasks and took them on. I took on projects no one wanted. I led projects where no one wanted to lead. Doing this allowed me to have lots of experience to put on my resume.
I also learned on my own. I set up home networks. I bought used computers and did a lot of 120-day trial software. I learned to hack my own networks. I got a library card which gave me access to technology books online. I took responsibility for my learning. If work offered training, I took it. I asked around. If what I wanted to learn was in a different department, I asked if I could come down and practice with their tools. Most times they said yes.
A long post to say this. Absorb any learning you can and seek it out constantly. Do not worry about getting paid for it now. It will pay off for you in the future. I make 5 times what that original entry level job paid and only took me 19 years to do it. And I was taken off track for 5 of those years due to a family illness.
@CISOScott wrote:Absorb any learning you can and seek it out constantly. Do not worry about getting paid for it now. It will pay off for you in the future.
Very good advice. I'd also put this out there:
It is very hard to enter security cold. In some ways asking "how do you I start in security?" is like asking "how do I start being karate instructor?" I don't see security as a distinct field of study or even job skill. We don't have "system administration" separate from "secure system administration" for example. If you want to be a security professional, you first need to be a "student" in the sense of being willing to be taught by managers and also learn every chance you can. A lot of that gets back to @CISOScott's advice - forget job titles and salaries, focus on experience even if it is on your own or in a volunteer setting. Then at some stage, you start transitioning from student to teacher - you'll always be learning, but you are really not a "security professional" until you can teach others how to do things right and be able to communicate such things in a business environment.
In that regard, I almost look at "entry level security" as an oxymoron at best. Sure, I hire people for those job descriptions, but they're the same job that 20 years ago we may have called "systems assistant" or "IT analyst." Again, it's not the title; it's the experience.