My Expert Advice On Becoming A Cybersecurity Professional

My Expert Advice On Becoming A Cybersecurity Professional

The cybersecurity industry has so many opportunities but is in dire need of new talent. According to ISC2, there were approximately 2.8 million professionals in the cybersecurity workforce as of last November. We needed to grow the industry to at least an additional 4 million skilled professionals to close the skill gap. Cyber has been trendy and sexy since the early 2000s. We are still a relatively young profession. Nobody who is a leader in our field today started their career as a cybersecurity professional. Everyone has their own unique story.

I stumbled upon cybersecurity as an IT manager while preparing for the Microsoft Certified Systems Engineer (MCSE) program back in 2001. Microsoft had released a new track that allowed MCSEs to specialize in security. I loved security so much that I started thinking about working in the security field full time. Three years later, I enlisted in the U.S. Navy as an information systems technician, and I have focused on security ever since. Sixteen years later, I am now an information security leader in the tech industry and an information warfare commander in the U.S. Navy Reserve.

In the past decade, I have been asked by so many people from across America and worldwide (including Europe and Africa), mostly via social media, about ways to become a cybersecurity professional. I always tell them that whenever I hire security professionals, I focus on three things: experience, education and industry certifications.

Experience

I believe that experience is the most essential requirement for any job, including cybersecurity positions. There is no substitute for real-world experience. An aspiring member of the cybersecurity workforce must be willing to get experience, even if that means potentially making less money in an entry-level position or internship. The best job opportunities I recommend are working for a security consulting firm. To me, being a security consultant for a year is like having up to three years of industry experience because you are exposed to the technology used by several companies in different industries all at the same time. The opportunities for growth, learning and developing hands-on security skills in a short amount of time are incredibly high.

Education

Although this is not a showstopper, I believe it is vital for aspiring security professionals to have a science, technology, engineering or mathematics (STEM) degree from a four-year university, especially if they aspire to security leadership roles. Like I said earlier, everyone in this field has their own unique story. I have met security professionals who started their careers with a business or liberal arts degree. However, I believe STEM degrees would probably better prepare you to enter this field. This is more feasible today than when I entered the security field because there are unparalleled opportunities to get a security degree online. This brings up two points. First, if you already have a non-STEM degree, I do not recommend going back to college to earn a STEM bachelor’s degree. Instead, you should probably consider a STEM master’s degree. Second, more and more companies help their employees complete their degrees at night, on weekends or online. Take full advantage of any educational benefits your company may offer. Consider those benefits as part of your total compensation.

Certification

I believe industry security certifications can be beneficial when you start your career in this field. I highly recommend studying for CompTIA Security+. This exam covers all the basics of the information security domains and will certify your knowledge and experience. Earlier in my career, certifications had a significant impact in helping open doors of opportunities for me. The further along you get on your career path, the less important certifications are because your experience will speak for itself. The only caveat might be for the Certified Information Systems Security Professional (CISSP) certification, which remains the gold standard for our industry professionals. There are still many security leadership opportunities both in the U.S. government and in industry that will either require or prefer CISSP candidates.

The security industry is fascinating. Security professionals have to be lifelong learners while keeping abreast of new attack vectors and figuring out new ways to mitigate novel security risks. Work as a security professional is richly rewarding and tends to impact every single function of an organization. I believe a career in cybersecurity starts with on the job experience and is enhanced via formal education and relevant industry certifications, like CompTIA Security+ for beginners and CISSP for professionals with at least five years of experience in two of the eight security domains.

My final advice to newcomers is that you usually have to focus on hardcore technical security skills at first; however, as you advance in seniority, you must also focus on developing soft, business and leadership skills. Security is not just about technology; it's also about running a profitable business and dealing with people. A career in security is a fascinating journey. You must be flexible, teachable and a team player, and you must think of ways to add value to the organization.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Source: https://www.forbes.com/sites/forbestechcouncil/2020/11/24/my-expert-advice-on-becoming-a-cybersecurity-professional/?sh=52ca0acb2d91


要查看或添加评论,请登录

社区洞察

其他会员也浏览了