Tips for a Building a Cyber Career

I’ve been working in the technology and cybersecurity industries for years now. During these years I’ve worked in a variety of roles. Cybersecurity is such a rapidly changing discipline, and one that I believe is widely misunderstood. I’d like to offer the benefits of my experience so far to provide some tips on building your career in cybersecurity.

1. Spend time learning about the opportunities that are available

When I was at school, I knew very little about cybersecurity. I had IT lessons, and I was naturally technically-minded, but "cybersecurity" wasn't a big?thing?back then. It was never presented to me as a career option, and so I never knew how broad and interesting the industry was.

When people hear that I work in cybersecurity, they always automatically assume I’m a coder or hacker. I'm?not?(just because personally it never interested me). Unless you're planning on becoming a designer/developer/hacker/security architect then you don't?need?to know how to code (but if you're interested in it then go for it - more knowledge can't hurt!). People mistakenly believe that cybersecurity is all about coding, hacking and other technical aspects, but in reality there are so many varied opportunities in the industry. Aside from the technical roles, there are also:

• Governance Roles
• Risk Management Roles
• Compliance Roles
• Education, Training and Awareness Roles
• Policy Development Roles
• Sales Roles

Just to name a few, but there are more!

It’s important to find out where your interests lie, and to find a career that suits your skills and passions. If you're already working within an organisation - maybe approach your local cybersecurity team and ask about opportunities, or ask if you can shadow someone. If you're looking to get more info on the industry, try networking and reaching out to other peers in the industry for advice and guidance. Cybersecurity offers something for everyone, so you need to find the right role for you.

In terms of my own journey, I began my technology career in technical support, fixing IT equipment for a university. It was in this role that I developed an interest in malware, and after doing my own personal research I decided that I'd like to get involved in cybersecurity. Shortly after, I secured an entry-level role working in incident management and protective monitoring. It was very technical and hands-on, which gave me some valuable skills, but I soon realised I wanted to learn about other security domains, not just the technical side. I needed to get some experience in risk management, assurance, governance and policy. So I moved into security assurance roles, working in governance, risk management and compliance. At the same time, I upskilled with professional qualifications, including CISSP and CEH. By this point, I'd amassed a breadth of knowledge across the various security domains; this combination of experience, skills and qualifications enabled me to make the move into security management with Capgemini.

2. Don’t let preconceptions stop you

As both a young person and a woman, I've found that sometimes preconceptions and unconscious biases do work against me. I won't deny that I?have?had to work harder to prove my worth and my skill; it has taken longer to do. However, once I gained that acknowledgement and respect, it stayed. If anything, my story shows that it?is?possible to develop a successful cyber security career, despite any preconceptions or biases that may try to stand in your way.

The cybersecurity industry is still very male-centric. This is slowly changing as the industry becomes more inclusive, but it still has a long way to go. I think it’s so important when exploring career opportunities that you find a company whose values and beliefs are compatible with yours. It's important to me that the company I work for encourages a positive and inclusive culture. I am very lucky in the sense that Capgemini have supported me greatly; they've stood by my decisions and backed me all the way. I was given the chance to prove myself, to show that I knew what I was talking about and show my clients that I could benefit their business with my solutions and advice.

3. Keep learning – and ask questions

I’ve always been eager to learn and to expand my knowledge. I studied an English degree from home while working full-time in technical support. Later, I went on to do a Masters degree in Philosophy whilst working. My degrees have nothing to do with my work, but I studied them for my own personal interest. I’ve also attained many professional qualifications within my roles to support my career. I am someone that loves to learn new things every day.

Fortunately for me, cybersecurity is such a fast-moving, ever-changing industry that it demands constant learning. The threat landscape is constantly changing. You need to keep up to date with the latest trends and developments (whether that's through personal interest, self-study or certifications). But also be prepared to ask questions and seek out expertise; to tap into people with different skills and knowledge. It’s the perfect working environment for someone like me who enjoys learning and developing their knowledge. So if you enjoy learning, and you enjoy a challenge...then it's a career worth considering!

It's also worth mentioning that no matter how long you've been in the industry, or how much you've studied, you will still never know everything about cybersecurity. Seasoned cyber security professionals are still learning something new?every day.?Anyone who says otherwise is quite frankly na?ve. I personally love the challenge and the continued learning.

4. Get involved and stay abreast of developments

As I said above, cybersecurity is such a dynamic industry and the threat landscape is changing everyday...that's why it's so important that you stay abreast of developments in the industry, whether that's through:

• Articles/Blogs
• Conferences
• Podcasts
• White Papers
• Vendor Reports
• Webinars
• YouTube/Other Videos

and more!

It’s important to get involved and share your enthusiasm for cybersecurity. Go to conferences, join networking groups, support training and development programs, build your own profile, volunteer and help people to understand what cybersecurity is all about. It’s such a misunderstood area - security does not just involve the technical aspects. Security is also often seen as a barrier (particularly in organisations where the security posture is poor) but we are actually here to?enable not disable.?We are here to?find solutions, to?create workarounds that suit everyone; solutions that are secure, of course, but which won’t cause problems further down the line. As security professionals we often have to tread a fine line between building good relationships and being the person to put their foot down when necessary to protect the security of an organisation. So, the more we can do to raise the profile of cybersecurity, and to improve communication and understanding, the better.

5. Love your job

Last but not least...make sure that you enjoy whatever you choose to pursue - it really makes a difference. If I had to sum up what I love about cybersecurity, it’s the fact that I have an opportunity to make a massive difference in my role. Every day I am seeing real, tangible results when I help organisations improve their security posture.