Roundup: How to begin your career in cybersecurity

So, you think you might want one of the almost 770,000 open cybersecurity jobs, but you don’t quite know your way around the server room, or anybody in there for that matter.

Here’s a collection of advice from industry professionals about important first steps for cybersecurity hopefuls, like zeroing in on a specialty and reaching out to the experts.

Oz Alashe, founder and CEO, CybSafe: Cybersecurity is a really broad space. Saying you want to get into cybersecurity is like saying you want to get into medicine. What parts? Doing what? Where do you want to specialize? Which problems interest you the most? What kinds of people do you want to work with and help? Or indeed, what kinds of things do you want to get better at? And you can go as technical as you want to within the field. You can actually do some roles that are not technical in themselves, but of course, sit at the intersection of technology, such as…risk management, process control, [or] human cyber-risk management.

Allie Mellen, senior analyst, Forrester: Don’t be afraid to reach out to people in this industry. They will welcome you. And if you put in the work, then you will go very far here. I think the community is one of the things that has kept me in this industry and has helped me get to where I am. And so I can’t speak highly enough of reaching out…especially [to] some of the rock stars in this industry, and getting their perspective and their guidance.

Dave Trader, field CISO, Presidio: I wouldn’t take a really broad approach and say, “I’m gonna go get certified in cybersecurity,” and leave it in a very general term. Find out what you like: see if you like working with Active Directory, if you like working in cloud. See what aspects of technology you like, and then get very specific and prescriptive on what you go after for certifications in those areas…It’s great to know a lot about a little. And then you’ve got a specialty created in that field.

Omer Carmi, VP of intelligence, Cybersixgill: My advice would be to expand your skill sets, beyond the usual cybersecurity basics. Learn coding, preferably Python, so you can use API, because that’s where the trajectory is going. That’s where the industry is going. Maybe study another language. There is a lot of demand for anyone who speaks Chinese, Russian, Arabic, [or] Farsi.

Thomas Pace, co-founder and CEO, NetRise: Do things for the right reason. If you want to get into cybersecurity because you notice that the salaries are pretty good, which they obviously are, don’t get into cybersecurity…Do it if you’re intellectually curious about it, and you find it fascinating, and you find it fun, and you like the idea of protecting things, or you like the idea of breaking things to figure out how they work.

Kristen Bell, director of application security engineering, GuidePoint Security:

One of the beautiful things about our industry is that most people love to talk about what they do…Go to conferences. OWASP welcomes you, ISSA, ISACA, all of those. Get involved in the community, meeting people and creating networks and being able to ask questions…I started going to conferences and meeting people. I had “phone-a-friends” and a network to reach out to, and I think that’s tremendously helpful.

Do you work in IT or have information about your IT department you want to share? Email [email protected].