Where Do I Start? Many new cybersecurity professionals ask this one question more frequently as the need for cyber professionals are at an all-time high and companies are in dire need. The other question is: Do I complete a degree, certifications or just get going on job experience? Surprisingly who I’ve heard this from a lot is professionals wanting to make a career change into the Cyber field cause it either peeks their interest in one or two fashions. I get asked all the time from friends, family or the random stranger that you meet at the airport. This often brings up the other question “Where do I start?” “Do you know of any good training materials/ programs?”
I had the luxury of growing up with Atari 2800 or having to build my own computer/PC and running BASIC/Windows 3.0. While way more professionals started earlier than me, that’s where I started, and it will never change. What that did for me was provide the basics and understanding how computers talked to each other at an early age. While new professionals ask the above questions, it’s hard at time to just not recommend find your nearest time-machine and go back in time. But the lack of one makes it hard to sometimes give someone a good starting point without having to understand what they currently know. So with that in mind I always try to commend all three courses of action, but ultimately be their decision on where they want their carrier to go and lead them.
Cyber Security Degree
Obtaining a degree in Cyber Security or a field relatively close to IT is probably the best thing you can do, so long as your 18-24 and your starting right after high school. While many other professionals might disagree with me and thing strongly different, I see this being the best method to start fresh and on the right foot at an early age. Your young and have access to a vast array of knowledge to and conduct projects that either have sparked your interest or others.
I believe if you start here, your next pit-stop is certifications, as you’re tested-on theory and sometimes old practices that are no longer valid in the field. But I wouldn’t wait till you finish your degree when starting to get certifications, you should start looking getting the basic certification such as; Security+, CEH, CySA, Network+, CCNA, MCSA, GCIH, and GISP just to name a few. A more detailed list of certification can be found in my other post: IT Security Roadmap.
While this is the avenue that I took, it was mostly by pure requirements when I was trying to do an occupationally specialty change in the military. In an attempt to pursue a Warrant Officer commission earlier in my career I had to have certifications to make my package stand out amongst the people in my field, not a degree. While I believe I was highly knowledgeable in the cyber field many of the other security professionals that I knew asked me if I had the prestigious CISSP. At the time I had to decline, their response stuck with me, and that was if you get your CISSP any job you want is with us is yours. While I wasn’t in the best place to study for the prestigious CISSP, I was on a mission after that.
While first obtaining my Security+ certification and my CEH, having my CISSP has opened up many doors and allowed me be an expert in my field, but it didn’t come without cost or frustration. More in detail in “My CISSP Journey”; but this has taken my career to new levels but is coming to an end has a degree is what’s needed to move forward next.
What certifications should I take? – Read “IT Security Roadmap”
Perfect for what I believe is the person that is trying to find his/her rightful place in the arena of cybersecurity. For that individual that is trying to do a career switch or can’t stand learning in a classroom. This allows an individual to get hands-on experience right from the start, much like learning how to swim by jumping into the pool not from the shallow or deep end but right where you can barely tough. However, I believe this method has shortcomings in your career experience as you try and progress through the corporate ranks. As you probably noticed I said Corporate ranks, while it can be harder to get promoted in a corporate environment if you own your own cyber consulting firm self-promotion is all on your past success.
Owning your very own cybersecurity consulting firm is probably the best thing professionally, and it can be rather lucrative. However, it all depends on the name you make for your brand/ self. No one wants to seek cyber consulting services from a person/company that has a bad reputation. While many companies are willing to extend a vote of confidence out to new companies, ensuring you deliver on their expectations is necessary and that only comes with experience.
While there are many ways to get into the cyber arena, it ultimately comes down to what you believe is best and what you have access to. Many cyber professionals are self-taught and continue to be self-taught as they were part of the early generation of Commodore 64 and Atari 2800 days. I strongly suggest if you’re already in a mid-career to pursue self-education and certifications having the assumption you already having a college degree. If you are starting off fresh in life, college is the best place to start. For all my military counterparts out there, certifications I believe is the best way to go or get that degree depending on your current lifestyle or have a family to support. As supporting a family while in college is rather difficult, obtaining a couple of good IT certifications while in service is rather easy and can help you provide the lifestyle living you were accustomed to while in their service.