As an information technology educator, and cybersecurity trainer, speaker and blogger, I am often asked how to get into a cybersecurity career, or how difficult is it to get into a cybersecurity career. Here’s what I can tell you.
You will almost in all cases need to start your cybersecurity career in a general information technology role, and work in that capacity for three to five years. Many colleges are offering bachelors and masters degrees in Information Security and similar educational tracks, but my experience, and the feedback I get from peers, is that cybersecurity is only open to people with strong experience in general IT and networking, and a proven interest and aptitude for security work. Even with a degree in hand, expect to start in an entry level job and work your way up.
Certifications can help. Especially the CompTIA A+, Network+ and Security+ triad. Maybe the EC-Council Certified Ethical Hacker (CEH). But even with a security certification, you will still need lots of practical experience. I’ve seen some schools offering their own home-brewed certifications, and my opinion is that these are crap. Get only industry recognized certifications.
It might take you a few years to get a job in cybersecurity, but the process would be to get an entry level certification like the CompTIA A+, get an entry level computer support job, and never pass up an opportunity to work on anything security related, even installing and configuring anti-malware software is better than no experience.
Work on the CompTIA Network+ and Security+ certifications. Plan to do a lot of outside reading on cybersecurity. Buy some books. Read some blogs. Some of my favorite blogs on this subject are : krebsonsecurity.com, schneieronsecurity.com, wyzguyscybersecurity.com (I write the last one)
Join one or two cybersecurity professional associations such as (ISC)2 or ISSA and start attending meetings. You will learn new and important issues about security, but more importantly, you will meet people who are already in the business you want to be in. They can help you get there, they may be able to refer you into an interview opportunity.
Get your LinkedIn profile set up to announce an interest in cybersecurity, and start to document your progress in this field by keeping your profile current as you advance through your certifications. If you do it right, 3 years of focused effort might just get you there. If you are looking for education, a technical school or college will be more than adequate. You DO NOT need a degree, unless you want one for some reason, or your end goal is to get into senior management roles (CIO, CISO).
Make sure your own technology world is fully secured. You can get experience by hardening your home network and personal gear. Use a password manager, set up two-factor authentication, learn how to detect and defend against phishing emails and social engineering. Share you learning with others, get on the platform and offer free cybersecurity informational and training classes.
Good luck on your new career. Hope to see you when you get there.