Starting Your Career in Cyber Security

A year ago, I wrote an article entitled Starting Your Career In Information Technology. As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up, designed to give an idea of what cyber security has become for me after I transitioned to it from networking.To begin, I was self-taught. I started out as a system administrator and IT manager. Later, I went to college to learn about Cisco and network architecture. Eventually, I found myself looking more and more at the following question: “Well, now that I’ve deployed that network, what happens next?”Differences between IT & ISThere’s a huge difference in the skill sets required for the technology field, information technology (IT), and information security (IS or cyber security).Below, I’ve generalized three typical departments you may find in an office:Cyber Security Consultants: Their job is to remain on top of the latest technology advances, be aware of the world news in both technology and general subjects, and constantly ask “what’s next?” Often research and development also fall here.Internal Cyber Security: Internal cyber security is required to keep on top of news/world events just as consultants do, but additionally, they help to maintain the IT infrastructure and strengthen the human firewall.Technical Support: These are people who provide support to users for when technology malfunctions, standard builds and more.The importance of separate departmentsCyber security is a vast subject, covering many different types of tasks and skills; you may know a bit of each topic, but you cannot master everything. We all have different skills and learn in different ways; we are motivated separately and enjoy different aspects of technology. This factor is what enriches cyber security.“If you do what you love, you’ll never work a day in your life.” –Marc AnthonyI’m sure you’ve heard this quotation before. This, to me, applies greatly to cyber security and even information technology. As techs, we often are found playing around with gadgets and get excited over the next best thing. We also enjoy attending or speaking at conferences because our hobby tends to be what we do.The reality is that cyber security is a lot of hard work; it can be long hours at the office and require many spur-of-the-moment decisions. To balance these demands, you must have foundational knowledge along with an ability to adapt to each situation quickly. The best techs I know do what they do because they enjoy it.We all come into cyber security from different backgrounds. I came through network architecture while many others came from application development or web development. But what’s the best way to enter Cyber Security?

do your ccna or network+ everything you do going forward will be based on that foundation.— Joseph S (@MiddleSiggy) February 27, 2017I agree with building foundations. You need to understand the basics to be able to create complex solutions. Please be aware that networking isn’t the only way to get into cyber security.#CyberSecurity is a massive bucket that means different things to different companies. A lot of Security is done in IT.— equus ex machina ♘ (@lnxdork) February 27, 2017Just like in software development, you need to consider cyber security regarding how it applies to every aspect of the business, from architecture to deployment, from sustaining the infrastructure to deciding on the standard build of users experience.At my work, cyber consultants, internal cyber, IT ops, risk and compliance, and partners all work together closely when making decisions on what direction to go in. The internal cyber awareness program is designed with users in mind, focusing on their motivators and teaching skills that they can apply directly to their jobs.Your job is not to look after your users. It is to help your users to look after themselves.— ʎɐʍuoɔ ʍǝɹpuɐ (@AndrewConway) February 27, 2017I love this quote. Truly, it covers what I want you to take away from every training experience; every interaction with me and my team, every part of my job. Our users are the cyber defense team. They’re our human firewall, a role which our techs share.Working together, we can all make our jobs and lives better by understanding what the threats are and knowing that each of us is responsible for making our environment secure. Our job as cyber security is to be supportive to users, so they can feel safe asking questions and thereby feel motivated to learn.I wanted to learn more about snmp and monitoring, so I wrote an app to monitor various statistics from my systems and graph them— Mike Saunders (@hardwaterhacker) February 27, 2017Learning all kinds of different systems was a significant factor in my transition to a security role.— Mike Saunders (@hardwaterhacker) February 27, 2017Learning for me is hands on; when I wanted to learn Python, I built a lab Network Configuration Management system that reads in SysLog to track all config changes on my lab environment.

Leave a Reply