Getting Started in Cybersecurity: Advice for the aspiring diverse cybersecurity candidate

Happy New Year and Welcome to 2023!? As we all continue to pivot and adjust to ongoing economic challenges one thing remains clear; the cybersecurity industry continues to be a dynamic field filled with promise and opportunity. I personally believe that an increasing focus on diversity and inclusion is one of the ways to close the talent gap.? Being a DEI advocate in cybersecurity and technology means that women and people of color are always asking me, “How do I break into this field?”? I welcome these questions and I spend time with anyone who asks, providing strategic and tactical advice on just this topic so I thought I would consolidate some nuggets in this article. Students, those in mid-career and anyone who aspires to join this field should steady themselves for an uphill battle, but the rewards are generous and it makes the journey well worth the investment of time and effort.??

Where to Begin?

To be certain, there is no singular path to entering the field of cybersecurity.? If you talk to 10 existing industry professionals you will likely be presented with 7 different pathways into this industry.? The number of diverse backgrounds and pathways actually creates a little bit of the confusion for those aspiring to enter the field.? It leads many to assume they should immediately begin training themselves on skills like coding or making what outsiders believe to be obvious choices to enter a field cloaked in the aura of having an invisible velvet rope. It's a component of the larger subject of computer science and surely it requires you to know how to code, right?? Well, maybe in some domains or sub-fields, but not all of them.??

The team at ISC2 long ago identified the cybersecurity core domains to consist of Security and Risk Management; Asset Security; Security Architecture and Engineering; Communications and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; and Software Development Security.? Whew, that’s a mouthful.? Here’s the takeaway from the listing of domains; there are lots of ways to get into the field because there are several areas which have their own levels of expertise, but like a recipe that requires some finesse you need to bring several ingredients to a simmer, which can be challenging and especially daunting for those on the perimeter of the industry.?

Get started with an overview of the domains, take one or two introductory courses (most of which are available for free on a few training platforms) and see what peaks your interest.? Look for additional training that provides the deeper dives into your selected area of interest and get to it! My simple guidance is to just start.

Educate Yourself

The field of cybersecurity is filled with complexity, emphasizing the need to get and stay educated on issues relevant to the industry.? If you are seeking opportunities to enter this industry you have to spend some time studying and exposing yourself to the material.? If you were to conduct a survey among industry professionals on the importance of degrees and certifications you will likely get a myriad of responses, so I will take a stand here.? Get certifications!

In my estimation, industry relevant certifications coupled with real life experience can result in building solid foundational pieces to a good and rewarding career.? There are a number of excellent cybersecurity training platforms and industry certification leaders you can rely on to provide outstanding training.? If you Google "cybersecurity certifications" the usual suspects eventually emerge; SANS, ISC2, ISACA, CompTIA and there are several platforms, as stated, where you can get started supporting your objectives, like Cybrary or Coursera.? This list is not exhaustive and there are plenty of others, to include vendors and cybersecurity product makers who have created compelling, challenging and useful training programs for their products.? Get going; study, learn and grow!

Networking

I am one of the people who will tell you that next to the grit and resilience you possess there may be no other ingredient more important than your network.? If you are a quintessential introvert, like me, maybe you just don’t feel like you can do this or you are extremely intimidated by the prospect of simply reaching out to industry veterans.? But let’s be clear, if you are unable to create a network of security professionals and others connected to this industry you will not succeed.??

You must learn to cultivate a network of cybersecurity professionals.? I recommend joining one of the many non-profits or groups supporting diversity in cybersecurity.? In my estimation, inclusion in one or more of these groups tends to be the best way to begin building your network in the field. I had the benefit of joining Cyversity early in my cybersecurity career and am continually thankful for the connections, relationships and opportunities provided to support the industry.? There are other groups; find your tribe; join them, BE ACTIVE and outwardly support their goals and objectives.

Use the available networking platforms like LinkedIn; follow and connect with industry execs and others.? You would be surprised how many people will respond to blind outreach and provide you with some calendar time to pick their brains.? As a senior leader I spend time each week speaking with those who have reached out simply to have a conversation.? I am definitely not an outlier in this regard.? Reach out to leaders, listen to what they have to say and then execute.

Seek Mentors and Advisors

You might think the subject of mentoring would fall within networking, but I believe it deserves its own separate callout.? Mentors can play a key role in your professional development and help to position you, either directly or indirectly, to benefit from available opportunities.? My recommendation would be to create a “bench” or “council” of advisors.? Get away from the image of the old sage mentor who seems to be able to both provide advice and open doors.? These wizard-like advisors exist, but they are not plentiful.? You may never have a single mentor who can advise on all things.? What you can do is seek out a deep bench of advisors from?whom you seek advice and counsel from time to time.? This is the approach that I have taken and it works.?

How do you find a bench of mentors?? Cyversity has a strong mentoring program and combines elements of deep and experienced mentors with a number of opportunities to engage.? You should also consider directly asking industry professionals to aid you in your journey; sometimes this just amounts to asking for the ability to have a conversation from time to time.? Ask for a 30-min call once per quarter from each of your mentors; compile the advice and guidance and then exercise some good decision-making.??

Get Experience - Start Your Journey

Lastly, how many of you have been told you need some experience in order to get an entry-level job?? Seek and apply to internship and scholarship opportunities, both paid and unpaid.? Thankfully, there are several leading technology providers and public sector opportunities being posted all the time in an effort to close the talent gap in cybersecurity.??

The role of the public sector cannot be underestimated.? If you are looking to start with an employer who will invest in your development and learning there are likely no better suitors than our public sector employers.? The need for cybersecurity expertise is as present in the public sector as any other industry, if not more.? Every state, county, city and the massive U.S. federal government all have technological systems that need protecting.? There are few employers who actually budget training and development as judiciously as the public sector.??

Folks are always looking for the quick win and quick turn-around and are sometimes turned off by the prospect of working in the public sector.? But I’m here to tell you that if you are looking for a way to launch a career in cybersecurity and are looking for an employer to invest in you there are few employers with as many opportunities for entry level development as the U.S. Public Sector.? I was privileged to begin my cyber journey as a Special Agent in the Federal Bureau of Investigation.? Here’s a small snapshot of my personal journey.? Get online, apply, learn and start your journey.

#cybersecurity #diversity #leadership #careers #certifications #cyversity #mentoring #networking #publicsector

MK Palmore is a senior leader in Google Cloud’s Office of the CISO, a retired FBI Special Agent, a member of the Cyversity Board of Directors and a veteran of the U.S. Marine Corps.