You don’t have a degree in cybersecurity or any certification yet but you want to start or switch your career into cybersecurity, can you still do it? Yes, you can! Depending on which cybersecurity domain you are interested in (Check out the exhaustive list of all cybersecurity domains here), there are different paths that can be taken to move into cybersecurity. Today, I want to share one of them, which may be helpful to any cybersecurity enthusiast.
I would suggest the first thing to do is to read about cybersecurity as much as possible. Get yourself familiarize with cybersecurity world. Start reading about latest cyber attacks that are happening, about the last data breach that happened, any new ransomware in the market? If possible, try going into details to have answers to
questions like how exactly attackers achieved their goals for a successful compromise, what exploit methods they used, what was their motive? You may not understand everything at first but the more you read, more the things will start making sense eventually.
To keep yourself updated with latest news on cybersecurity, you can subscribe to security websites, join security groups on LinkedIn, and follow the cybersecurity specialists and journalists on Twitter. Some of my favorites are GBHackers, The Hacker News, Information Security Community, Brian Krebs, Daniel Miessler, Kevin Mittnick, Katie Nickels, Rachel Tobac, and Troy Hunt.
I would also like to briefly mention about Mitre’s ATT&CK which in their own words is “A knowledge base of adversary behavior”. The information that is provided on this platform is huge and can be overwhelming but if we sincerely try to grasp what’s all there, it can help us a lot in long run.
Once you have prepared yourself that you can now understand all the common cybersecurity terms, attack lifecycle, adversary’s techniques and tactics, it is now about the right time that you start applying for the level 1 or entry level positions at SOC (Security Operations Center) jobs. They mostly include monitoring stuff and usually do not expect expert level of knowledge or experience.
Working in SOC, will give you an exposure to various security solutions and processes that are involved in handling a security incident. Having worked in SOC can open door to many other opportunities for you. Now, wouldn’t be the wrong time to consider preparing and appearing for a security certification as well. Having work experience in SOC and holding a security certification would definitely boost your career in cybersecurity and help you in promoting at your current organization or if you are planning for a job switch.
Lastly, I want to mention that throughout this entire process when we are trying to advance our career, it is very important that we do some networking, know people, meet them, talk to them, and find our mentors who can help us and guide us in the best interest of our career. Information Security Community is an awesome community and you will be surprised by how much people are willing to help each other out here. So, go ahead and ask for all the help that you may need and be an exceptional cybersecurity expert!
