Path to a Career in Cyber – Part 1
This lab would teach me that to work in the field of Cyber Security you need to start small. You need to figure out what you don’t know, lay out a plan for where you eventually want to be, and then put your head down and get to work.
- Certification Maps
- World of Cyber
- Cyber Career Map (my career as an example)
Before I get started, I want to say I am by no means an expert. This article is just based on what I learned from experience over the last 25+ years as my career has progressed in both IT and Cyber Security.
I believe my experience in having moved through multiple disciplines within the IT and Cyber Security fields gives me a unique perspective on the experience and insight a senior cyber security professional gains from having a broad range of IT knowledge. So with that said I plan to describe some of the tools and web sites I used to help me in my career and why I used them. Let’s get stated.
The main idea I want you to get from this diagram is that under the Cyber umbrella I have always felt there were five main fields of study. They are:
- Network Management
- Network Engineering
- Information Security
- Audit/Risk Management
- Application Development (not shown)
Please note that under each of these “fields of study” are sub–groups and inside these are numerous disciplines that one can delve into and find their passion. What’s important to note here is that there are plenty of disciplines to choose from. I know numerous people who, like myself, are multi–disciplined and have worked at times across several of the fields I have listed in this diagram.
I have found through my years of experience that many of the great Information Security professionals I have met were people who had also worked as application developers, network engineers, and security auditors etc. The key point I want to make to you is having experience in multiple fields gives you some context on how enterprise networks are designed and implemented and a better understanding of implementing security controls.
These controls that come from a selected information security or risk/compliance framework reduce the risk exposure of your organization and they are a key point for why properly implemented cyber security is crucial for an organization today to survive in the dynamic threat environment we currently face.
2. Now the second diagram shows what I like to call a “Cyber Career Map,” a map very similar to this is what I have used in the past to map out my career progression and it’s the tool I have used to mentor my teams over the last decade. What you should take away from this is if you work in this field of “Cyber Security” you should always be adding to your skills and your knowledge, whether it’s working on a new certification or taking a college class on something you find interesting. The field of Cyber is constantly changing, you will both update your skills and change with it or you will find a new field of employment – this field is not for the faint hearted so keep that in mind.
As you note from this second diagram it starts at the top, there are several basic certifications listed (Security+, Network+, CCENT). Under the basics certs, that someone starting in the field of Cyber Security would do first, are five headers:
- Security Engineer
- Network Engineer
- Information Security
- Professional Education
- Professional Growth.
How this diagram would work is after you have completed your basic certs at the top you would select an arm of the diagram, left for “Security Engineer” or right for “Network Engineer.” Over time as you work on your “Professional Education” you would continue to work on certifications listed under the section you selected and as you gain some experience, select a certification from “Information Security” to add to your growing knowledge of Information Technology.
I originally put this certification tree together to use as a visual map, which enabled me to see the flow of certifications in specific areas that I found interesting. It also would help me see the succession of classes, labs, job experience etc. I would need to work in a specific field or at a specific job level (Senior Network Engineer).
The map was a good reminder that as I perused www.dice.com looking for a specific job description and it stated you needed to be an “RHCE,” there were prerequisite certifications and experience I should work on first to eventually get to that level of skill if I expected to qualify for that job.
Once I found an interesting job I would access job boards like www.Monster.com or www.Dice.com and look for a job descriptions that matched the job I was interested in. Reading the description I would annotate the experience required and any required certifications. I would use this information as a blueprint to build my “Cyber Career Map” and then assess where I was currently on this map and what I still needed to complete if I wanted that particular job.
I found over time, as I educated myself on my career field, I would see particular skills become mandatory if you expected to work in a specific job and with this knowledge I would adjust my career map and reassess any outstanding skillsets or experience I was missing.
In conclusion, the main thing to keep in mind with all of the information I have provided is that starting on this path will take time, you will not be a cyber–security professional overnight. Many of you may already have some experience and education and you are looking to go to the next level. For that I say continue your education.
I would also recommend you get some hands–on experience in building some computers or networks (hardware or virtual), play with some operating systems, volunteer at some non–profits. Big thing to remember is don’t quit, make sure you go to some of the IT meetings at your local IT organizations and network with people there and ask for their advice.
Who would they recommend you go to for experience, how did they get their experience and training – these are questions you need to just keep asking until you find answers that are right for you, then adjust your Cyber Career Map and keep moving forward.
I hope this has been useful and it is of some value to you, take care of yourself and welcome to the world of Cyber Security!