Blog

Breaking into a Cyber Career

  • Post author:
  • Post category:Uncategorized

Breaking into any field in tech is a difficult barrier to break. Whether it is an entry level software engineer or a career in cyber security. I will address a few methods that one can pursue to break into the industry.

What do you want?

Its an acceptable part of society to get into college immediately after high school. At this point in our lives, we may feel certain that we know what we want as a career. Without any experience in that area, its hard to be 100% certain that the career we want for the rest of our lives will make us happy when we get there. Whether or not you are jumping into college or changing fields mid-career (like I did!), Its important to do this research prior to making such a significant change in your life. You can do this by reaching out to individuals in that role, relatives, obtaining certificates and internships.

What Specific Role in Cyber Security Do You Want to Pursue?

There are so many roles in security that you may not know right away. I’ve attempted to break it down a bit here.

  1. Product Security – Security done on a specific product. This will involve application security (if your product has software), Network security (secure communications), and incident response. This will have you invested in a specific product such as a medical device, aerospace part, etc. throughout the entire SDLC. You will likely need experience in that industry if you want to pursue this path.
    _____
  2. Application Security – The process of making applications more secure (typically web). There are many subsections of application security and you may only work on certain aspects of the SDLC (such as pentesting or code review). Learning to read and write code is not always required!
    _____
  3. Network Security – I think SANS has the best definition, “The process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure. Network Security Engineers create a secure platform for computers, users and programs.”
    _____
  4. Security Operations Center – is to monitor, prevent, detect, investigate, and respond to cyber threats 24/7. However, If you do pursue a career in this area, be aware that its possible to get a call anytime.
    _____
  5. Vulnerability Management – Identifies and assesses vulnerabilities in IT systems including computers, networks, software systems, information systems and applications.
    ____
  6. Threat Hunter – Per CompTia, are IT professionals who proactively find cybersecurity threats and mitigate them before they compromise an organization. It is a newer extension of cybersecurity that neutralizes advanced threats that might evade the SOC.
    _____
  7. Endpoint Security  – Practice of securing endpoints of user devices such as desktops, laptops, and mobile devices from being exploited.

There are many other roles but these are a few considerations!

Breaking into the Industry

Now that you know what you want, how do you start by obtaining an entry level job?

The answer will vary on the specific role you are interested in. Many people will tell you that you will have to start in a lower level help desk role, but that is not always the case!

I began my career in Software Configuration Management, which is actively involved throughout the SDLC. I was very vocal during requirements and design of a product and worked along side security often. They had an understanding of what I could bring to the team from the get-go. When I reached out to them for an open position, they welcomed me into a product security role. As much as I loved working on the team, I enjoyed Application security (web applications) the most and continued with that specialty at another company.

If you are already in a technical role, try to add cyber security into the existing role. If you are a software engineer, research security requirements. A website designer? Focus on your security posture. If you are a technical writer, ask security for documents. These things are great to add to your resume. They also get you noticed by the security team.

If you are not in a technical role, obtain certifications. Sure, there are security degrees…but a great boss I once had told me that Universities cannot keep up their curriculum with the industry. They are adequate for foundational knowledge, but certifications are what recruiters and managers look for. You will find on LinkedIn that most security professionals actually do not have Cyber Security Degrees. (I myself have a degree in Behavioral Science and Data Analytics).

Is it harder to break into the field as a female?

No. It’s not. Actually, in some ways it’s easier because of the lack of female representation.

Once, you are in the field, there are instances where it may be harder to be heard. Remember to be confident and vocal. Additionally, if you are a high performing female, be sure to stand up if you believe that you deserve a raise or promotion. Prepare a portfolio or list of achieved goals to quickly present to upper management. If you feel like you are not being paid what you deserve, there are a couple of resources you can use for guidance (Check out the Women’s Society of CyberJutsu below) and if this is something you are passionate about, check out the Pay Equity Now Foundation.

As Demi Moore stated in G.I. Jane, “Just treat me the same. No better, no worse.”

Wishing you all luck and success!

Other Resources

Women’s Society of Cyberjutsu

Spearheading Your Security Review

CySA+ Certification Review

Resume Tips

About

About