Your Roadmap to Becoming a Cybersecurity Professional

A Guide for Aspiring Security Pros. Your First Steps as a Cyber Builder

😁 Welcome back to the "Cyber Builders" Substack, where we delve into topics about how you can navigate and shape your pathway into the fascinating world of cybersecurity. Today, we are diving into a topic related to aspiring cybersecurity practitioners:

“Where should I start in cyber?”

"Which facet of cybersecurity should I specialize in?".

I've often been asked these questions by college graduates or more experienced individuals who would like to join the cybersecurity industry. Some have a computer science degree and want to know more about cybersecurity. In contrast, others have been trained as historians, geopolitics experts or have mastered foreign languages like Farsi or Russian. I once met a product owner helping implement ERP software who wanted to get into something more meaningful.

Cybersecurity is attractive to many as it protects our freedoms, our democracies, and our families. It is all about ensuring our beloved ones are safe online and won’t be ransomed the savings they plan to use for something like studying or traveling.

Unfortunately, cybersecurity has long been associated with a certain stereotype of a male with a hoodie conducting security research or penetration testing. Penetration testing is testing a computer system, network, or web application to detect vulnerabilities that an attacker could exploit. However, this narrow view of cybersecurity fails to capture the vast array of skills and backgrounds necessary to create a truly inclusive and effective cybersecurity industry.

To all the people I spoke to, if they are attracted by cybersecurity, they are not interested in penetration testing jobs. Before asking for my advice, they went online and found no courses other than the "hack me" kind. Some even convinced themselves that it was the only first step.

As a community, we must help these aspiring new cybersecurity professionals find their way into the industry. We must recognize and celebrate each individual’s unique perspectives and skill sets. Let me guide you through that perspective, and I’d love your feedback in the comment section.👇

Before we dive in, may I ask a favor? Please share with two fellow Cyber Builders and see if we can grow this community exponentially.

Photo by Glenn Carstens-Peters on Unsplash

A maturing ecosystem

Cybersecurity has come a long way since the days of the lone wolf security technical expert, single-handedly guarding an organization's digital assets. The one-man shop has evolved into teams of dedicated professionals working together to protect against cyber threats. From risk analysts who design policies to security analysts who monitor and analyze network traffic to vulnerability management teams that proactively identify and fix weaknesses, each role plays a vital part in defending against evolving threats.

This maturing ecosystem also provides avenues for technical and non-technical roles. Alongside technically skilled professionals such as penetration testers, cryptographers, or incident responders, there's an equally crucial demand for non-technical roles involving policy development, regulatory compliance, and user education.

Moreover, there's a need for professionals with strong soft skills. Excellent communication skills are vital in effectively explaining complex security concepts to non-technical colleagues or clients. Analytical thinkers can uncover hidden patterns in data (“intelligence”) or understand a hacker's motive.

And we should remember there's a shortage of adequately trained professionals. Hence, the call to arms is loud and clear: The cybersecurity industry is not just looking for lone wolves anymore but an interdisciplinary army of cyber builders, each contributing their unique skills and perspectives.

It's an exciting time to be part of this change!

A More Inclusive Industry

An exciting wave of leaders pushes these new perspectives, championing the notion that there truly is a place for everyone. Olivia Rose, an influential figure in the cybersecurity community, is at the forefront of this movement. She firmly believes in driving a diverse and inclusive dialogue within the space.

Quoting her insightful words:

"Cybersecurity isn't exclusively for individuals with technology insight; it's as much about strategy and people skills as it is about understanding malware or crafting firewalls. The cybersecurity industry is ripe with opportunities tailored for technical experts, strategy intellectuals, and communicative ambassadors alike."

Olivia Rose advocates starting your career in cybersecurity with an introspection exercise. Understanding oneself is an essential first step before deciding on a career path in cybersecurity. What are your strengths? What tasks naturally excite you? Ponder over what you enjoyed as a child or teenager; it might help identify your aptitudes.

Introspection helps identify your natural inclinations toward being technical, strategic, or communicative. Consider what tasks naturally excite you and what strengths you possess. Do you enjoy problem-solving and working with technology? Or do you prefer strategic thinking and planning? You may excel at communicating complex information in a way that is easily understood by others. By reflecting on these aspects, you can gain valuable insight into what areas of cybersecurity may be the best fit for you.

The 3 Profiles of Cyber Builders

In cybersecurity domains, these personality types align well with three distinct profiles – technically inclined, strategic thinkers, and, finally, those phenomenal translators or ambassadors.

Starting with Techies….

For individuals drawn towards technical details and problem-solving, potential roles encompass penetration testers (or pen testers), red team members (offensive security professionals), blue team members (defensive security professionals), forensic analysts, incident responders, security operations center (SOC) analysts, or network architects. These “technical” roles are at the heart of cybersecurity practices where hands-on keyboard and coding experience merge with analytical prowess.

Then Strategist Thinkers…

On the other hand, if you're naturally drawn to strategic thinking - figuring out how to progress from one point to another- then governance, risk management, and compliance (GRC) roles might suit you better. Similarly, policy writers, auditors, and any position involving roadmaps of organizational policies perhaps lean more towards this archetype — those focused on future planning for better risk mitigation and compliance with regulatory bodies.

Finally, Business Communicators!

The last group comprises ambassadors whose skill is eloquently translating complex jargon-filled information into business-centric language, which justifies the need for implementing specific security measures. These individuals effectively represent the teams behind all these complicated controls while integrating security within business functionalities.

How to start in Cyber

If you read that post so far, you might wonder, “How should I start?”.

Firstly, it's important to note that starting a career in cybersecurity doesn't require choosing just one specific area. The categories mentioned in this article are simply guides for the different types of roles and responsibilities that exist within the industry. Mixing and matching different skill sets and interests is possible to find a career path that is right for you. For example, someone who excels at strategic planning within a GRC team may still benefit from understanding the basics of penetration testing.

One thing I like about cybersecurity is that it thrives on cross-functional collaboration. Technical teams can learn why specific legislations or compliance requirements are essential, and risk analysts can infer implications tied to particular technical detections.

Cybersecurity is also a field where self-learning and experimentation can help you grow faster and find your next position. Numerous resources are available on the web to kickstart that process, and all you need is a computer or a tablet.

Daniel Kelley maintains the cybersecurity swipe file and a roadmap to transition to cybersecurity.

1000+ Free Cybersecurity Resources Swipe File

A Roadmap To Your First Cybersecurity Job

The cybersecurity swipe file is a comprehensive collection of resources to help you navigate the vast world of cybersecurity. With over 1000 valuable resources, it is designed to provide you with the tools you need to stay up-to-date with the latest developments in the field. Daniel Kelley's file has something for everyone, whether you are just starting your cybersecurity journey or looking to expand your knowledge. It includes a variety of resources such as websites and blogs to follow, online courses and certifications to level up your skills, books, podcasts, documentaries to expand your knowledge, and communities and forums for connecting with like-minded individuals and experts.

For those targeting a technical job, "Cybersecurity Roadmap to your First Job," by Kelley, emphasizes the importance of diligence, perseverance, exploration, practical application, networking, and enthusiasm in the cybersecurity industry. Embarking initially as a personal interest, Kelley utilized forums to understand various aspects of the field without any specific goal. He emphasizes learning and understanding fundamental areas such as hardware properties, operating system information, programming fundamentals, network concepts, and web application security before choosing a specific path.

Finally, consider the value of certifications and online courses available on the web. One helpful resource is Coursera's "Cyber Security Career Paths," which highlights different positions in the industry:

• Entry-level cyber security jobs involve starting as an IT technician, help desk staffer, or junior security analyst.

• Engineering and architecture involve building defense systems and helping set up IT and security architecture for your organization.

• Incident response involves monitoring your company's networks and working to fix vulnerabilities to reduce losses in case of a breach.

• Management and administration offer a great platform for excellent communicators who want to work as program managers, helping structure, plan, and schedule cybersecurity programs. Those with leadership skills may eventually become CISOs.

• Consulting is more of a career path than a position. It could involve consulting in engineering and architecture, incident response, or management.

• Penetration testing is ideal for those who enjoy challenges and want to use their technical skills every day to try to hack into existing systems and defenses put in place by a company.

Conclusion

The world of cybersecurity is vast, multifaceted, and inclusive. There isn't a single path leading to success; everyone's journey is inherently unique and fueled by individual interests, expertise, and aspirations.

So go ahead! Explore! The vast universe of cybersecurity awaits! Your perceived limitations should not dissuade you from embarking on this journey, as there is space for EVERYONE under its colossal umbrella. Your unique perspective may just be what's needed next!

Stay tuned for more insights from our next blog post on "Cyber Builders.”

Laurent