*This blog was originally published in March 2018 and last updated in September 2022.
As organizations and governments around the world are increasingly vulnerable to cyber threats and continue to get hacked, there's a growing demand for people to be trained in cybersecurity to help defend against this increasing threat. Cybersecurity is a fast-paced, highly dynamic field with a vast array of specialties to choose from, allowing you to work almost anywhere in the world, with amazing benefits, and an opportunity to make a real difference. Have you considered a career as a cybersecurity professional, but weren’t really sure if you had the background needed for success? Don’t sell yourself short! Here's how to get into cyber security.
But Don’t I Need a Cybersecurity or Computer Science Degree?
Absolutely not. Many of the best security professionals I know have non-technical degrees such as English, pre-Med, or Psychology majors or even backgrounds in fields such as auto-mechanics, graphic designers, or stay-at-home moms. Just like the famous saying, “Anyone can cook” from the Pixar movie, Ratatouille, so too can anyone get started in cybersecurity. Speaking as a history major who rode main battle tanks for a living, you can have a successful career in cybersecurity, even if you bring a non-technical background to the table. In many cases, having a non-technical background can actually be an advantage in cybersecurity as you bring unique experiences and perspectives that we need.
Many people think cybersecurity is all about hacking into or breaking things, but cybersecurity is really learning about and helping protect how both technology and people work. The key to your success is not a technical background, but your willingness and desire to learn how technology works and to never stop playing. In addition, there are a growing number of fields in cybersecurity that do not focus on solving technical problems, but instead on human problems. These require softer skills, such as policy development, security awareness, and training, governance, security communications, privacy or cyber law, and ethics.
Getting Your Career Started in Cybersecurity
In many ways, cybersecurity is similar to engineering or healthcare. There are so many different paths you can specialize in, from mobile device forensics and incident response to penetration testing, endpoint security, secure software development or security awareness. In fact, the National Institute of Standards and Technology (NIST) has created a framework listing all the different jobs and opportunities in cybersecurity. If you are interested in learning about many of the different fields and specialties that exist, this is a great place to start exploring.
Don’t worry about what path you should take at first. Give yourself time to play with and understand the different technologies and fields. Over time, your interests will guide your path. (Interject Yoda voice here.) To get started, I’d recommend you first get an overview of the basics.
- Coding: Explore the basics of coding. Coding is what software programmers (often called developers) do. They create the operating systems and applications that run your computers, mobile devices, and web applications that power the Internet. Perhaps start first with simpler languages such as Python, Hypertext Markup Language (HTML), or Javascript. If you discover that you enjoy coding you can then move on to more advanced coding languages and frameworks. Not sure where to start? Consider online training such as Code Academy or grab any beginner’s coding book. All you need is a computer and some guidance and you can start coding right away.
- Systems: Learn the basics of administrating the operating systems that run the computers (called servers) that support and run organizations and the Internet. The two most common operating systems are Linux and Windows. If the resources are available, I recommend you start with Linux first and learn how to administer Linux using the Command Line Interface (CLI), as opposed to the Graphical User Interface (GUI). Learning how to administer a Linux system from the command line, to include scripting, is an extremely powerful skill that will help you no matter what path you take. It's also easier to change from Linux to Windows than the other way around
- Applications: Applications are programs that run on servers, these are what provide the services organizations need to function. For example, applications like file servers, DNS servers, mail servers or web servers. Your job is to see if you can install, set up, and configure such applications to function properly.
- Networking: A network is a group of computers or devices that communicate with each other. Learning how a network works is an invaluable skill, to include configuring them to interconnect with each other and the Internet. Other skills include capturing and analyzing network traffic. You don’t realize it, but you most likely already have a network at home. Think of all the devices connected to your home Wi-Fi network.
Not sure where to start learning with any of the four areas listed? Start by searching on Google or YouTube. There is no single site or resource where you can learn everything you need, so over time you will use a variety of different resources. Start with the basics and grow over time (it takes years to really learn all this stuff). In addition, the skills you develop now in searching and learning about these topics are critical not only for starting your career but a key part of your entire career.
Build a Lab / Hands-on Learning Environment
One of the best ways to learn all of the above is to set up your own lab at home. A lab is a collection of computers and applications that you can experiment and learn, a safe environment to make mistakes. Make all the mistakes you want, then simply reboot or reinstall the systems and start all over again. It's relatively simple to create your own home lab, as you can create multiple virtual operating systems on the same physical computer at home, or setup up a lab online in the Cloud, such as using Amazon's AWS or Microsoft’s Azure. Not sure where to start? Once again do a quick search on Google or YouTube. There are numerous sites that can walk you through how to set up your lab properly. Don’t worry about the best way to start, just start.
Another option is to identify all the different devices on your home Wi-Fi network. Once you set up your lab or map your home network, start interacting with all the different computers or devices on your home network and learn everything you can. Have a browser on one computer connect to a webserver you set up on another computer. Capture the network traffic from your house’s thermostat and decode what information you are actually sending to the Internet. The possibilities are endless. However, don't start hacking into and breaking things until you first understand the fundamentals of how these technologies work.
Learn from Others in Cybersecurity
The other key element toward launching your career in cybersecurity is to meet with and learn from others. Try attending a cybersecurity conference in your area. Just about every major city has several events a year. One of the best series of conferences is Bsides, which most likely has an event near you.
Can’t make it to a conference or looking for more interaction? Many cities have monthly cybersecurity community meet-ups. Once you attend one, your network and opportunities will flourish. You can also join online cybersecurity or technology communities, there are even communities that serve special demographics, such as Women in Cyber.
In addition, there are numerous cybersecurity professionals you can follow online and learn from. As you begin to learn what areas interest you the most, you will find experts in that field you can follow. Here are some thought leaders I follow on Twitter, for example:
Cybersecurity Programs
Undergraduate certificate programs like the Certificate in Applied Cybersecurity at the SANS Technology Institute offer a rapid pathway for college students and career changers who want to enter the cybersecurity workforce. No prior cybersecurity experience is required for that program and students gain the foundational skills needed to enter the workforce in 7 to 18 months, studying online or at live weeklong SANS events held across the country and around the world.
College students have free programs designed specifically for their needs as well. At Cyber-Fasttrack, you all compete in a two-day Capture-the-Flag event for the chance to win a scholarship worth $18,000 from the world’s largest and most trusted cybersecurity college.
In Summary
If you’ve been curious about getting started in cybersecurity, don’t let your education or background determine your career path or limit your options. No matter what your background is, you bring something unique and special to this field, which we desperately need. As long as you have passion, and desire to learn and help others, you’re on the right track. Never lose that desire to learn. Once you start to develop your skills and you begin to develop a network of people, trust me, the opportunities will come.
Allow me to dive into the realm of cybersecurity with a depth of knowledge forged through years of hands-on experience and a genuine passion for the field. Cybersecurity is not merely a profession for me; it's a dynamic landscape where I've navigated through various specialties, addressing both technical and human-centric challenges.
Firstly, the article rightly emphasizes the evolving and critical nature of cybersecurity in today's world. The mention of the blog's last update in September 2022 aligns with my awareness that the field is constantly changing, demanding practitioners to stay abreast of the latest threats and technologies.
The claim that one doesn't necessarily need a degree in cybersecurity or computer science is spot-on. I've witnessed, firsthand, successful cybersecurity professionals emerging from diverse educational backgrounds, including English, pre-Med, and even non-tech professions like auto-mechanics. This echoes my experience, having encountered experts with degrees outside the traditional tech domain.
The article highlights the misconception that cybersecurity is solely about hacking and breaking things. Instead, it rightly asserts that cybersecurity involves understanding and safeguarding the interplay between technology and people. This aligns with my own philosophy that effective cybersecurity requires a holistic approach, considering both technical vulnerabilities and human factors.
As the article suggests, there's a growing array of cybersecurity fields beyond technical problem-solving, emphasizing the importance of softer skills like policy development, security awareness, governance, and ethics. I've seen this trend firsthand, where professionals with non-technical backgrounds excel in areas such as security communications and privacy.
The National Institute of Standards and Technology (NIST) framework mentioned in the article resonates with my knowledge. It serves as a valuable resource for understanding the diverse job opportunities within the cybersecurity landscape.
The guidance on getting started in cybersecurity aligns with my approach to learning in the field. The emphasis on coding, systems administration, applications, and networking as foundational skills is in line with the core competencies required for cybersecurity professionals.
The recommendation to build a lab for hands-on learning mirrors my belief that practical experience is crucial in cybersecurity. The suggestion to interact with devices on one's home network aligns with my experience of using real-world scenarios for learning and experimentation.
The emphasis on networking, both online and offline, is a key aspect of career development in cybersecurity. Attending conferences, participating in community meet-ups, and following industry experts on platforms like Twitter are strategies I've employed to stay connected and informed.
The mention of cybersecurity programs, such as undergraduate certificate programs, reflects my knowledge of educational pathways that cater to diverse backgrounds. The inclusion of Cyber-Fasttrack for college students aligns with my awareness of initiatives aimed at fostering talent in the cybersecurity domain.
In conclusion, if you're considering a career in cybersecurity, rest assured that your background doesn't define your potential in this field. With a passion for learning and a commitment to understanding both technology and human aspects, you can forge a successful career in this ever-evolving and crucial domain. As the article rightly suggests, opportunities will come as you develop your skills and build a network within the cybersecurity community.
