How to look and feel the part as a Cybersecurity Professional
When people are new to the field of Cybersecurity, they want to show up and present themselves as the "go-to" person from day one. Everyone wants to impress their head boss, their supervisor, and their co-workers but we can't always be the number 1 worker on day one. We can look the part with clothes that display a kinship to those who know how to troubleshoot and solve those difficult problems, but without the skills to back up that "cool" look, we are just sitting pretty and will be exposed.
Because there are a shortage of cybersecurity professionals, almost 3 million per ISC(2) 2018 report, we can easily get in to the game, but how does one actually be qualified for the part? A positive attitude will definitely get you in the door, but if you don't have any experience, some form of education or certification to prove you have the basics are required. The following steps are my recommendation for becoming a knowledgable professional in the field of cybersecurity:
1. Start with understanding IT. If you can become a help desk technician, you can better understand what the customers are experiencing and when you step up the ladder, those experiences are critical to problem solving later in your career. You can also start with CompTIA and get your certification in A+ and Network+. Additionally, if you are performing IT help desk services in a Microsoft environment, get your Microsoft Technology Associate (MTA).
2. Take the next step and get skilled in security. After you have gotten your feet wet and learned the tricks of the trade, you can level up and get higher level certifications. Now you can pursue your Security+ for CompTIA and your Microsoft Certified Solutions Associate (MCSA). If you work in a Cisco environment, or just want to get networking savvy, you can pursue your Cisco Certified Network Associate (CCNA) and the certification is always updating so verify with cisco.com for the latest certification requirements.
3. Determine your specialty. At this stage, you now have experience under your belt and can decide what type of specialty career path you want to pursue. In the beginning it is great to be generic and broad in learning, but as time goes on you need to pick a niche that you can focus in on and become the expert. If you want network security, you can pursue a certification as a Cisco Certified Networking Professional for Security (CCNP Security). If you want to become a security analyst you can pursue your CySA+ certification from CompTIA.
4. Management or Technician, you decide. The final stage is where you make the call if you are having fun digging into the systems and tracking everything down or do you want to step up to the management environment. Either choice is a good one if it makes you happy. Personnel at this level usually have the experience required to pursue a Certified Information Security Manager (CISM) from ISACA or Certified Information System Security Professional from ISC(2). There are other security certifications such as CompTIA's Advanced Security Practitioner (CASP) or EC-Council and their wide range of security professional certifications. At this stage you are leading teams to maintain a Security Operations Center (SOC) either as a group or team lead or overall manager.
Those are my perspectives of what to pursue if you want to get in the know with currently valued qualifications to be a Cybersecurity Professional. There are a vast range of tools and capabilities you could learn along the way from your peers as you work your way up. Staying positive and keeping an open mind will work wonders for showing you what is possible for you to achieve. There are additional trainings and websites that provide key information to keep you informed along the way. My recommendations for organizations/resources to follow are Krebs on Security (krebsonsecurity.com), CrowdStrike (crowdstrike.com), FireEye (fireeye.com), Kaspersky (kaspersky.com), and PaoloAlto's Unit 42 (unit42.paloaltonetworks.com). If you are more of an audio leaner or a beginner, listen to The Cyberwire (thecyberwire.com) and they will dip your toe into the world of Cybersecurity and expose you to all of the resources listed above.
That's all from me for today, good luck getting started!