*This blog was originally published March 2018. It has been updated to address new ways to get started in cybersecurity.
As organizations and governments around the world are increasingly vulnerable to cyber threats and continue to get hacked, it might feel like we’re reading or hearing about cybersecurity in the news every day. As a result, there's a growing demand for people to be trained in cybersecurity to help defend against this increasing threat. In fact, a 2018 report by ISC(2) estimates there are almost 3 million openings globally. Additionally, the U.S. Department of Labor reports that occupations in this field are projected to grow 13% from 2016 to 2026, adding 557,100 new jobs in the United States alone. Cybersecurity is a fast paced, highly dynamic field with vast array of specialties to choose from, allowing you to work almost anywhere in the world, with amazing benefits, and an opportunity to make a real difference.
Have you considered a career as a cybersecurity professional, but weren’t really sure if you had the skillset needed for success? Don’t sell yourself short yet.
But Don’t I Need a Cybersecurity or Computer Science Degree?
Absolutely not. Many of the best security professionals bring non-technical backgrounds from english, pre-Med, or psychology majors to auto-mechanics, artists, and stay-at-home moms. Just like the famous saying, “Anyone can cook” from the Pixar movie, Ratatouille, so too can anyone get started in cybersecurity. Speaking as a history major who rode Main Battle Tanks for a living, I can attest to the notion that you canhave a successful career in cybersecurity, even if you bring a non-technical background to the table. In many cases, having a non-technical background can actually be an advantage in the industry.
How so? A dedicated passion to learn and understand how technology works goes a long way. Many people think cybersecurity is all about hacking into or breaking things, but cybersecurity is actually all about learning how technology (and people) work.
The key is not a technical background, but your willingness and desire to learn how technology works and to never stop playing. In addition, there are a growing number of fields in cybersecurity that do not focus on solving technical problems, but instead more human focused problems. These require softer skills, such as privacy, security awareness and training, governance, security communications, or cyber law and ethics.
Findings in the 2018 SANS Security Awareness Report showed that while there is a clear majority of awareness professionals stemming from highly technical backgrounds with a solid understanding of technology and human-related risks, they may lack some necessary skills to excel at implementing a program, such as strong communication. In fact, new fields and opportunities in cybersecurity continue to develop and expand, opportunities that did not exist five or even 10 years ago.
Undergraduate certificate programs like the Certificate in Applied Cybersecurity at the SANS Technology Institute offer a rapid pathway for college students and career changers who want to enter the cybersecurity workforce. No prior cybersecurity experience is required for that program and students gain the foundational skills need to enter the workforce in 7 to 18 months, studying online or at live weeklong SANS events held across the country and around the world.
Once you develop a deep understanding of how things work, the hacking (and defending) side easily follows. Even more exciting, you can learn how many technologies work directly from the comforts of home. For example, you can take classes online, build your own lab, or interact with others through the Internet.
Getting Started
In many ways, cybersecurity is similar to engineering or healthcare. There are so many different paths you can specialize in, from mobile device forensics and incident response to penetration testing, endpoint security or security awareness. In fact, the National Institute of Standards and Technology (NIST) has created a framework listing all the different jobs and opportunities in cybersecurity. If you are interested in learning about many of the different fields and specialties that exist, this is a great place to start exploring.
Don’t worry about what path you should take at first. Give yourself grace and time to play with and understand all the different technologies options. Over time, your interests will guide your path. (Interject Yoda voice here.)
To get started, I’d recommend you first get an overview of the basics. Here are some areas you can start learning, begin in whatever area you feel would interest you the most.
- Coding: Explore the basics of coding, which can help you understand markup language for creating web pages and web applications. Start with languages such as Python, Hypertext Markup Language (HTML), and Javascript. Not sure where to start? Consider online training such as Code Academy, Khan Academy, or grab any beginner’s book.
- Systems: Learn the basics of administrating a system (i.e. computers). The two most common systems are Linux and Windows. If the resources are available, I recommend you start with Linux first and learn how to administer Linux using the Command Line Interface (CLI), as opposed to the Graphical User Interface (GUI). Learning how to administer a Linux system from the command line, to include scripting, is an extremely powerful skill that will help you no matter what path you take.
- Applications: Learn how to configure, run and maintain common applications (computer programs), such as a webserver, database or DNS server.
- Networking: A network is a group of computers or devices that communicate with each other, to include capturing and analyzing network traffic. Learning how a network works is an invaluable skill. You don’t realize it, but you most likely already have a network at home. Think of all the devices connected to your home Wi-Fi network.
Not sure where to start with any of these four areas listed? Start by searching on Google or YouTube. There is no single site or resource where you can learn everything you need, so over time you will use a variety of different resources.
Start with the basics and grow over time (it takes years to really learn all this stuff). However, the skills you develop now in searching and learning from others are critical not only for starting, but a key part of your entire career.
Build a Lab / Hands-on Learning Environment
One of the best ways to learn all of the above is to set up your own lab at home. It's actually pretty easy, as you can create multiple virtual operating systems on the same physical computer at home, or setup up a lab online in the Cloud, such as using Amazon's AWS or Microsoft’s Azure. Do a quick search on Google or YouTube. There are numerous sites that can walk you through how to set up your lab properly.
Another option is to identify all the different devices on your home Wi-Fi network. Once you setup your lab or map your home network, start interacting with the different computers or devices and learn everything you can. Have a browser on one computer connect to a webserver you setup on another computer. Capture the network traffic from your house’s thermostat and decode what information you are actually sending to the Internet. The possibilities are endless. However, don't start hacking into and breaking things until you first understand the fundamentals of how these technologies work.
Learn from Others
The other key element toward launching your career in cybersecurity is to meet with and learn from others. Try attending a cybersecurity conference in your area. Just about every major city has several events a year. One of the best series of conferences is Bsides, which most likely has an event near you.
Can’t make it to a conference or looking for more interaction? Many cities have monthly cybersecurity community meet-ups. Once you attend one, your network and opportunities will flourish. You can also join online communities, however I highly recommend you attend an actual event and meet people face-to-face first. It’s the fastest way to spin-up your connections.
In addition, there are numerous cybersecurity professionals you can follow online and learn from. As you begin to learn what areas interest you the most, you will find experts in that field you can follow. Here are some thought leaders I follow on Twitter, for example:
In Summary
If you’ve always been curious about getting started in cybersecurity, don’t let your education or background determine your career path or limit your options. No matter what your background is, you bring something unique and special to this field, which we desperately need. As long as you have passion, and desire to learn, you’re on the right track. Never lose that desire to learn. Once you start to develop your skills and you begin to develop a network of people, trust me, the opportunities will come.
