Cybersecurity Career 101: How to Start from Scratch
In this article
With a strong employment outlook and proliferation of online training resources, starting a cybersecurity career has never been easier. Cybersecurity analysts are responsible for monitoring computer infrastructure and information systems to ensure they are protected from cyber threats. They do this using a multi-pronged approach designed to deter, detect and de-escalate a cyberattack:
- Installing and maintaining cybersecurity controls (a measure that companies deploy to prevent, detect and counteract cybersecurity threats)
- Perform penetration testing (a type of ethical hacking) to test an organization’s existing cybersecurity defenses
- Monitor an organization’s networks and report breaches in security
- Create contingency plans and business continuity plans (BCP) as a framework for how to contain and counteract a cyberattack
- Perform incident response in the event of a security breach by performing a forensic investigation to determine the nature of the threat (which usually involves malware or ransomware)
Cybersecurity professionals can find work in virtually any industry, from aerospace to healthcare. Whenever sensitive information is transmitted over a computer network, cybersecurity measures are needed to protect the system from being infiltrated by those who want to commit identity theft or compromise a system to extract a ransom.
1. Determine whether a cybersecurity career is right for you
Cybercriminals are constantly evolving new tools and strategies, so cybersecurity analysts must stay informed on the latest technologies in order to mount a strong defense. They must also advocate for security best practices within their organization and work collaboratively with different business units. If you’re employed by a software company, this could entail meeting periodically with project managers to ensure security measures are accounted for in the software development life cycle. In a retail environment, you’ll work closely with the finance and legal departments. A penchant for teaching yourself new technologies, programming languages, and the latest industry trends is an indispensable quality for a successful cybersecurity career.
“People who are in IT tend to be Type A—they need to be constantly challenged with new problems to solve, new products to test and implement,” said Mark Adams, a cybersecurity professional and subject matter expert in Springboard’s new Cyber Security Career Track. “This is one of the few fields where you’re actually able to do that.”
Choosing a career path
The ability to move laterally between industries is one major advantage of a cybersecurity career. While each organization has its own approach to cybersecurity, some industries are more high-security than others due to regulatory requirements. For example, HIPPA regulations that protect patient data necessitate a higher investment in cybersecurity protections among healthcare organizations compared to companies in the oil and gas industry. Someone who works in banking and financial services will be exposed to a greater variety of cybersecurity products than a professional employed in the education sector.
Moving from a high-security industry to a sector that is relatively lax is easy, says Adams, and doesn’t necessarily require specialized industry knowledge—the main difference being the number and scope of controls you oversee as a cybersecurity analyst.
“Ideally, whatever you end up doing, it’s going to be largely the same no matter where you go. The difference is going to be in how heavily regulated it is.”
2. Get the necessary cybersecurity education and skills
While there are many subdisciplines in cybersecurity career paths, such as network security and risk management, many jobs share a common technical foundation. Generally, a bachelor’s degree in computer science, programming, or engineering is a minimal requirement for an entry-level cybersecurity analyst job.
Those without a background in computer science can substitute this by completing a cybersecurity bootcamp, although some companies will still require a bachelor’s degree (even in an unrelated field) for liability reasons.
“If something bad happens and the company gets sued, a lot of times opposing counsel will accuse them of not hiring competent people,” Adams explains. “In order to preempt that, they will say ‘you need a four-year degree to work here’.”
Springboard’s Cyber Security Career Track teaches you the in-demand skills employers are looking for, with 50 labs, 30 assignments, and one capstone project to showcase your skills to employers. At the end of the course, you’ll sit for the CompTIA Security+ exam, a global certification that validates the baseline skills necessary to pursue a cybersecurity career.
Some companies may also require a master’s degree and several years of network experience for mid-to senior-level positions. If the job posting requires familiarity with a specific technology stack, such as Amazon Web Services, Cisco, or Azure, you may need an industry certification to qualify.
Choosing the right certifications
With the advent of cloud computing and increasingly sophisticated cyberattacks, generalized programming or cybersecurity skills alone won’t get you as far in your cybersecurity career. Industry certifications show you have expertise in a specific area, such as network administration, or familiarity with the products and services of a particular vendor. In a recent survey, the International Information System Security Certification Consortium (ISC)² noted that a degree and certifications were often a major factor in hiring.
Certifications can be vendor-agnostic or vendor-specific. For example, CompTIA’s Security+ certification, which is vendor-agnostic and included with Springboard’s Cyber Security Career Track, shows you have the baseline skills necessary to perform security functions in IT security using a range of cybersecurity tools.
On the other hand, vendor-specific certifications tend to be associate- rather than entry-level and are best for when you already have a cybersecurity career and wish to specialize in a specific technology stack. Note that a vendor-specific certification only qualifies you to work with companies that use that particular vendor’s network products. In this case, deciding which certification to obtain depends on which vendor’s products are prevalent in your organization’s IT infrastructure. Often, companies will reimburse the costs associated with taking the exam. Some high-security government or military agency jobs will also require you to pass a security clearance to work with classified information.
Get To Know Other Cybersecurity Students
Practice your skills
While formal credentials speak volumes, the best way to differentiate yourself for a cybersecurity career is by teaching yourself as many peripheral skills as you can, says Adams, who went from working on an IT help desk to becoming a network administrator early on in his IT career by teaching himself cybersecurity fundamentals. In fact, the availability of free tools and free trials for paid software applications has made it so easy for cybersecurity students to practice their skills outside of traditional coursework that those who don’t are at a disadvantage.
“The guy or girl that is really big on GitHub and Hack the Box and is doing a ton of work on their own to practice their skills is raising the bar for everybody else,” he adds.
For example, Microsoft Azure offers the use of over 25 of its services free of charge for 12 months, while Amazon Web Services offers a free tier for 750 hours of usage per month or 5GB storage, with no expiry date. Another great place to test your skills is in a virtual lab. A virtual lab is a simulated environment that incorporates cybersecurity vulnerabilities and defenses such as malware, databases, firewalls, encryption standards, and so on. You can use a system like VirtualBox to create your own virtual lab, where you can build and test various security defenses.
Build your technical skills
Foundational technical skills for a cybersecurity analyst include knowledge of information systems, network security, and cryptography, the ability to write scripts using Python, and perform penetration tests to assess the effectiveness of your cybersecurity defenses. You also need to understand the architecture, administration, and management of operating systems, as well as networking and virtualization software.
Entry-level cybersecurity jobs don’t require programming skills, but being able to write and understand code becomes more important as you advance in your career and become more specialized. For example, a penetration tester needs to find weaknesses in the source code and figure out how to exploit them, while an incident responder has to scan the source code for malware when investigating a security breach. Recommended programming languages to learn include C, C++, Python, and Java.
3. Get your cybersecurity resume and portfolio in order
Cover letters tend to be of little import when it comes to applying for a cybersecurity job, says Adams, who has experience as a hiring manager. What’s more important is that your resume shows practical experience. An analysis by CV Compiler found that just 48% of the tech giants included a field for a cover letter in their online application forms, likely because of the vast number of applications they receive. Startups and mid-sized companies tend to include it more often (65% and 55% respectively).
A technical resume must highlight relevant skills that allow a recruiter to make the connection between the skills you have and the requirements for the role. Instead of providing a dry list of technologies and programming languages you know, list specific functions you know how to execute. For example, detecting threats by drawing out a basic network architecture with its IPS/IDS and firewalls to find anomalies. Or creating a plan to defend against a cross-site scripting (XSS) attack.
While internships are a great way to show off any practical experience, you also need to show that you’re willing to take the initiative and learn new technologies on your own. Adams recommends trying out Hack the Box, a virtual environment where you can practice your penetration testing skills, and using GitHub to show off cybersecurity tools you’ve written yourself.
“When interviewing for a job, the people who separate themselves from the rest of the pack are the ones who tell me that they have a GitHub account that they maintain versus the ones who’ve never written any scripts and don’t know PowerShell,” says Adams, referring to a task automation and configuration framework from Microsoft, which can be used to automate almost any task in the Windows ecosystem.
Having practical experience with penetration testing will help you perform better in job interviews, where you might be asked to look at telemetry data (information about a device and how it’s configured), identify the source of a security breach, and propose a solution. Adams says it’s important even for entry-level candidates to be familiar with incident response, like escalation procedures and triaging, so they can at least talk through their thought process, even if they don’t know the right answer.
“At least be able to tell me how you would filter out the noise and get to what you’re really looking for even in layman’s terms,” he says. “I don’t care about the right answer. If you give me the right answer, great, but I want to know how you think through a problem.”
Since you’re here…
Breaking into cybersecurity doesn’t take a Trojan Horse. Our Cybersecurity Bootcamp lasts just six months, and we’re the only program promising a job after graduation. Since there’s an urgent need in this field, we’re beaming out tons of freebies to entice you. Try our free cybersecurity learning path and this free course on cybersecurity certifications. Join in—there are plenty of jobs to go around!