There is a shortage of people with stellar cyber skills, and those new to the industry are sometimes left with more questions than answers. SecOps Hub is here to answer those questions by leveraging the security hive mind. Security professionals go to SecOps Hub to collaborate and learn from each other, and we want to learn from you!
How did you find your way into the cybersecurity industry? What were some of your greatest obstacles? Did you have mentors along the way, or were you on your own? To nurture young security talent, we’re compiling a collection of industry-specific career advice and personal narratives. Please take a few moments to answer the following:
Why cybersecurity?
How did you land your current role?
What is one piece of advice you wish you had when you first entered the field?
How did you get your first security job? Why did you pursue it?
If you were in another industry or career path before finding cybersecurity, what skills were you able to transfer over to your new role? How?
Are there any certifications you prefer from young security professionals?
What do you look for when interviewing a new security professional?
Idea sharing is just as (if not more) valuable as automated workflows. Everyone who shares an idea will be entered into a raffle to win an $100 Amazon giftcard.
Continuous challenges, highly relevant, 100% job security, and a chance to fight “bad people” from a desk.
How did you land your current role?
Recruited.
What is one piece of advice you wish you had when you first entered the field?
I am afraid I can’t just limit this to one piece of advice. Here are two equally important pieces:
If you aren’t “good with people” or don’t consider yourself a “people person”, get some help working around that, and accept the fact it may have to be a continuous part of your professional development for the rest of your life. The best security professionals are also excellent at dealing with people as well as tech and risk management.
Pick one of the 5-6 mainstream scripting or programming languages and get good at it. It doesn’t matter which one really. You may not always be able to use it where you work but you can fall back to it when necessary and being good at scripting or coding will help you in most any language. This won’t just make you more effective, it will help you cope with the current short-sightedness of the leadership at most orgs who won’t staff their security teams adequately because they are expensive: you will be able to do more if you can automate your job.
How did you get your first security job? Why did you pursue it?
I was asked to join the org’s security team by the manager of the security department. I learned later is was because I was helping out other sysadmins with security issues on internal discussion groups and forums, and was one of the few departmental admins requesting security reviews of my infratsructure from central IT.
If you were in another industry or career path before finding cybersecurity, what skills were you able to transfer over to your new role? How?
Pretty much software dev and IT for my entire career so can’t help much there. The people I know who have made the leap from other fields were able to do so successfully leveraging good communication skills and good task management skills.
Are there any certifications you prefer from young security professionals?
Generally no. In some specific cases like firewall admins I might prefer a candidate with a CCNA over an equally qualified candidate without one, but I never make certifications requirements for young security professionals.
What do you look for when interviewing a new security professional?
People who:
Can communicate with internal customers well
Explain technical and security problems without using jargon
Explain security and risk problems without using fear as a motivating factor
Understand basic principles of networking: TCP handshake, routing, CIDR
Go first to the command line or a script to work on solving a problem
Can demonstrate the understand the importance of documenting their work for others
Only after evaluating all of those things do I look at security skills: basic system hardening principles, incident response practices, etc.
Why Cybersecurity?
It is an incredibly exciting field filled with tons of opportunity. I can go home proud of my work at the end of the day and feel like I am really helping protect customers. Great work life balance as well.
How did you land your current role?
I was lucky enough to have a few years experience in the industry and had worked extremely hard to build my skills quickly. I used those skills a long with my people skills to land a great opportunity.
What is one piece of advice you wish you had when you first entered the field?
Learn everything you can. The more you learn, the more valuable you become to both customers and your employer. If there is a programming course coming up and you are not a programmer… take it anyway. As fast as tech is currently changing, we all need continual education to keep up.
How did you get your first security job? Why did you pursue it?
I was working in the hospitality industry when I met a Director for a large tech company. Over the course of a year or two, we became great friends and she eventually asked if I would consider things outside hospitality. I jumped at the offer!
If you were in another industry or career path before finding cybersecurity, what skills were you able to transfer over to your new role? How?
Relationship building is very important in most industries and I had built some great skills in hospitality. I was able to transfer that into Sales right away . All of my customer service skills remained valuable along with the ability to think quickly on my feet and respond to guests needs
Are there any certifications you prefer from young security professionals?
Having come from an industry outside cybersecurity, I am not as concerned with certifications. I know those can be worked up to and knocked out over time. What I look for the most is motivation and drive.
What do you look for when interviewing a new security professional?
I am really looking for a strong work ethic personally. We can teach you the skills, but you have to be hungry to learn. The transition is not easy by any means and I want to be sure they will have the drive to get there.
Why cybersecurity?
Before I went to college I didn’t know what to do with my life or study. I took a few courses in Linux and Java programming and it sparked my interest for IT and computers. It wasn’t until I competed for the National Cyber League that I really became interested in cybersecurity.
How did you land your current role?
While working my way to a college degree I was a long time technical support agent troubleshooting modems, routers, gateway-routers and Internet or computer issues. I did this for 3 to 4 years until I graduated and landed a job a month after. My degree was in Computer Information Systems emphasis Cybersecurity. On the side I would compete in the National Cyber League and try to gain as much exposure to security.
What is one piece of advice you wish you had when you first entered the field?
Cybersecurity is not what you think it is.
How did you get your first security job? Why did you pursue it?
It’s not really my first security job but it’s given me valuable work experience. I’m currently in a college hire rotation program where I rotate between different teams within our IT department. I’m currently working with the Information Security and Compliance team and helping out in Vulnerability Management, IR and Compliance.
If you were in another industry or career path before finding cybersecurity, what skills were you able to transfer over to your new role? How?
I don’t think I’ve found cybersecurity quite yet. However, I’m learning that cybersecurity isn’t all about the technical knowledge and is about how you deliver a product to a person or consumers either internally or externally. You also need to do deliver an effective process with the solution in order to please the customer. Something I’ve been taught by my mentor.
Are there any certifications you prefer from young security professionals?
I personally don’t have any certifications yet and I think I’m going to keep it that way for another year or so. I’m really new to the industry and I want to get as much experience as possible.
What do you look for when interviewing a new security professional?
I’ve never interviewed anyone but if there is one thing I’ve learned while being on this security team is the greatest thing I don’t have is all the security knowledge that takes years to develop. So I would ask someone, what is something new you would like to try with security?
Why cybersecurity?
– Its an ever evolving, changing and diverse industry. TTPs, attacks, malware, actors all change constantly. This keeps the “game” exciting to continue learning. I’ve always felt there is an endless amount of skills and knowledge to obtain due to the changes in technology, how people use that technology and several other variables that introduce new landscapes, attack surfaces and methods for actors and intruders to get in.
How did you land your current role?
– Got lucky through a Recruiter
What is one piece of advice you wish you had when you first entered the field?
– Learn and soak up as much as you can from your peers and self learning. The best way to learn is to observe how multiple people do a certain task or job.
– There is no one way, always ask questions, even if they annoy people…
How did you get your first security job? Why did you pursue it?
– By accident. Applied for Network Management and got put on the Cyber Network Defense team instead. Once I dug in, I never looked back, and wondered why I hadn’t pursued it originally.
If you were in another industry or career path before finding cybersecurity, what skills were you able to transfer over to your new role? How?
– Managed a Golf Course Retail Shop/Bar, not much transferred, in a technical sense, other than general troubleshooting skills. Although with that said, I did learn invaluable customer service skills that have helped me succeed along the way that you just don’t learn anywhere else IMO. Being in Retail/Customer Service offers an opportunity to learn patience and methods of response to difficult questions/situations that many times carry over into Cyber when dealing with vendors, customers, co-workers or management.
Are there any certifications you prefer from young security professionals?
– Entry level certs: Security+/Network+ (CompTIA), GSEC (GIAC), ECSA/CND (EC-Council)
What do you look for when interviewing a new security professional?
– Drive, eagerness to learn and interest in the field. Do they keep up with trends in the industry? Do they read/look for knowledge and information outside of their job scope? Do they have any broad knowledge across multiple disciplines where its an indication they want to learn as much as possible? Most stuff in this industry can be easily taught to at least get a new employee up to speed, but if they’re not interested or have any kind of passion for the information they are learning, it makes teaching difficult.