Whether you’ve already established yourself in the IT field and are looking to expand or you’re just beginning in IT, careers in cybersecurity are ripe for the picking.
In truth, this is unfortunate for the many millions of individuals, local governments, and businesses of all sizes who have been targeted by cyber criminals. The cybersecurity field is growing simply because there’s an increased demand to quell these attacks and get those affected back online and in control of their systems and data as quickly as possible. According to Will Buchanan, President of Philantech3 Consulting, the industry is “facing a massive shortage of people needed to fill these roles.” So, starting out now is perfect timing.
If you are interested in beginning a career in cybersecurity (or are switching focus from another area of IT), here are some key steps that experts in this field recommend taking.
#1 – Get involved in industry groups and associations.
Industry groups and associations can help you get to know the cybersecurity industry, including nationally and internationally accepted practices and knowledge.
Because this field is ever-changing, it’s crucial to stay up-to-date on the constantly fluctuating state of affairs. Cyber hackers are always developing new tactics and malware, and you must stay abreast of these advances so that you can prevent hacks for your clients and so that you know how to handle them when they do occur.
Aligning with a group or association is a great way to do this.
According to Don Baham, President of Kraft Technology Group, LLC, here are four groups to consider joining (all have both local and national/international chapters):
- InfraGard has a heavy focus on cybersecurity and is partners with the FBI in protecting national security.
- International Information System Security Certification Consortium (ISC2) features local chapters throughout the nation and acts as the Certified Information Systems Security Professional (CISSP) governing body when it comes to certification.
- Tied to ISC2 is the Information Systems Security Association (ISSA), which offers training and study preparations for ISC2 certifications, although no certifications of its own.
- ISACA focuses on the development and adoption of the world’s leading and most-accepted information system practices. They have recently started putting more focus on cybersecurity.
#2 – Pursue relevant certifications.
Several of the above associations and organizations offer certifications that can improve your knowledge and skill-base and legitimize your place in the industry. As you seek employment in the field or begin to build your own brand, having these certifications will set you apart from the herd and improve your likelihood of gaining and retaining work.
Buchanan recommends the following certification tracks (and says you should begin as soon as possible):
- CEH (Certified Ethical Hacker)
- CISM (Certified Information Security Manager)
- CompTIA Security+ and/or CISSP (Certified Information Systems Security Professionals)
#3 – Focus on client needs.
Scott Blumin of Scoja Technology Services says that, “Many who work in the cybersecurity field are glorified resellers with no real understanding of the client requirements. Rather, they … say they are aligned with the customer, but they are really promoting their own solutions.
He recommends looking past the one-size-fits-all solutions and focusing on what the client actually needs (which, incidentally, they may not even understand). Additionally, it’s important to pay attention to compliance requirements such as FINRA, HIPAA, GDPR, etc. as many IT service providers miss these altogether.
#4 – Gain experience.
This one’s tough. As with many industries, it can be difficult to break in without experience, yet in order to gain experience, you need to break in. Quite the conundrum.
If you’re still in school (high school, tech college or university), however, looking for internships in IT security is a good place to start. Otherwise, internships or apprenticeships may be available for others, depending on your current certifications and knowledgebase.
#5 – Have desire and passion for the industry.
Wil Buchanan is an employer in the field of cybersecurity, and he has a solution for you if you don’t have experience in the industry. According to Buchanan, “It’s difficult to find people with the type of experience that we are looking for (3-5 years of dedicated cyber security work). Without experience, the next thing that we look for is desire and certifications.”
In other words, if you don’t have any (or many) certifications quite yet and you’re still working on gaining experience, just having and cultivating a true desire and passion for cybersecurity can be a great advantage.
Remember: Even if you don’t yet have experience in the IT industry or the cybersecurity field itself, it’s still possible to break into a cybersecurity career. Use these tips to get yourself started.