Starting a Cyber Security Career
People often ask, “What do I need to do to get into cyber security?” The requests are continuing to come in now that Obama says the Federal Government will need something like 200,000 more cybersecurity professionals in the next few years and ISACA says there is a global need for 2 million cyber security professionals by 2019!
It is no wonder so many people in Information Technology roles and others, are looking to get into cyber security. This means many people are going to need some help augmenting their current skills or help getting started.
The first thing I recommend for people is to do a survey of the current jobs out there and determine a direction you want to go. For some reason, people outside of the IT field think all IT jobs are the same. To them, if you are in IT you can configure a firewall, code a website, deployed workstations, develop applications, or set up an entertainment system. However, the required knowledge and skills vary greatly across the spectrum of IT jobs. For example being a good PC technician does not mean you can code a website. The knowledge and skills necessary for a web developer and the knowledge and skills necessary to be a PC technician are quite divergent (although there may be varying levels of overlapping knowledge and skills). Because the knowledge and skill necessary can be quite different in IT and cybersecurity job roles, it is important to find out where you want to be in the end first.
Luckily this shortage of cyber security professionals has stimulated the government to act and come up with the National Initiative for Cybersecurity Education which has outlined the necessary knowledge and skills for a career in cyber security. More to come on this in a later blog.
Once you know where you want to go or the type of role you want you can then start looking into education paths. You should match the needed knowledge and skills for the IT or cybersecurity role you want with the necessary training. You can use online training, college courses, or on the job training to gain the necessary knowledge and skills. You just need to make sure the training will help you gain the knowledge and skills necessary for the role you wish to pursue.
Next, you need to verify you have the knowledge and skills necessary for the role you are pursuing. This can be done with professional certifications like CompTIA, Microsoft or Cisco certifications. Basically to get a professional certification you need to go to an organization that offers certifications and take an exam that is designed to test your level of knowledge and skills for a particular technology or group of technologies.
The other option is to get a degree or certificate from an education institution. Normally I would say go to college to get a degree or certificate (a certificate is different than a certification). However, with the rise of Massive Open Online Courses (MOOC) offering certificates, nano degrees, or Micro Master degrees, this is quickly become a viable option to the traditional college curriculum.
Once you have the knowledge and skills, you will want to add experience to your resume. You can get this by starting with an entry level job or by getting into an internship. If you are already in the IT field, it may be easier to make the transition to cyber security than if you are from a different career altogether. However, depending on your previous career, if you are a career changer, there may be skills and knowledge you have that can transfer over. Good examples would be management, leadership, risk management, or project management skills.
Summary
Figure out the career path and job role you want
Determine needed knowledge and skills for that job role
Obtain the needed knowledge and skills for that job role
Demonstrate you have the needed knowledge and skills for that job role
Side Bar
What is the difference between a degree and certificate? People typically get a degree once they have completed a specific set of courses or research. The curriculum for the degree is designed to meet the general skill requirements for a particular field of study. Certificates are generally less exhaustive than a full degree and often focus directly on a narrow field of knowledge or skill set. Nano degrees or Micro Masters are more marketing terms for what colleges have traditionally called certificates. In the job market generally degree hold more weight for your career than do certificates. However, not every employer values a degree at the same level. Nor should they, a Bachelor's degree in Computer Science from 1976, without continuing education, is virtually useless in today's job market. A current certificate in a field of computer science is more valuable than a degree in computer science that is no obsolete.
What is the difference between certification and a degree/certificate? A certification is typically an industry recognized credential. Some certification has requirements such as years of experience. When you apply to take the exam or sometimes after you take the exam, you may be asked to verify any of those requirements. However, once you have taken and passed the exam, you are given a certificate that says you have been tested and passed. There is no need to take classes to take the exam.
In the IT market generally, and of course this rule varies from employer to employer, certification has a bigger impact on your career than does a degree.
Stay Tuned
More blog posts coming on vendor neutral verse vendor specific certifications, cyber security certifications, and other certifications coming soon.