Pro tips for new cybersecurity professionals

The field of cybersecurity is an inviting one, says Randy Gross—and not just because it has over 700,000 open cybersecurity jobs in the US and needs you badly.

“The community among cyber operators and professionals is tremendously welcoming. It’s very collaborative. And honestly, I haven’t seen anything quite like it in my career,” Gross, CISO and chief innovation officer at the vendor-neutral certifying body CompTIA, told IT Brew.

In other words, you won’t find Nick Burns (“move!”) and other Help Desk hellraisers on today’s IT teams.

Take the response to the well-documented Log4J vulnerability—a collaborative defense and information-sharing effort from private companies, security pros, and government agencies alike. “People really wanted to work together to solve it; there’s no benefit to one person solving it. Everyone’s got to buy in,” said Gross.

Before buying in, however, a cybersecurity hopeful has to learn the game—and often prove their knowledge to employers through degrees and certifications like CISA, CISSP, or CompTIA’s CySA and Security+ badges.

In a short conversation, Gross offered some advice for infosec newbies and spoke about ways for rookies to pass the industry’s early tests.

This Q&A has been edited for length and clarity.

Do you have an example of the best demonstration of collaboration between professionals?

There’s a notion of information-sharing organizations in cybersecurity. They’re called ISACs (Information Sharing and Analysis Centers), or ISAOs (Information Sharing and Analysis Organizations). We have an ISAO that we operate on behalf of managed service providers.

But the ISACs are very well established and have been around for a decade or two. It’s a community of folks, usually in a particular vertical, and they come together, and they’re looking out for each other. So, vendor doesn’t matter. Company doesn’t matter. What matters is solving for the issue at hand and making sure we keep everyone safe.

What are the cybersecurity skills that are most in-demand today?

Because of the complexity involved and the different integrations available, cloud security is a very large and growing field. And then similarly, securing applications that are built in the cloud, as well as locally—enforcing not only the processes, and building out the processes, but building out tools to help automate, test, and do all the different regression activities in applications; those are really ones that I see [are] in high demand.

What advice would you give somebody who is just starting out in cybersecurity?

Let your curiosity take you to the areas you’re interested in. So, think about where you want to end up being. See if you can find someone—either you know them or a friend knows them—and talk to them about what the job actually entails.

We find consistently that people are successful entering the industry when they have direct personal contact with someone they may know or have met…Go look at job listings, see what people are actually asking for. Go look for CompTIA certifications, if you’re interested in that. Go look for other vendor certifications or vendor-neutral certifications...Doing the reverse sometimes on jobs can help. Let them tell you what you should be studying for.

What advice do you have for cybersecurity newcomers? Send your thoughts to [email protected].