In my article “What is Cybersecurity?” I discuss how cybersecurity came to be, where its etymology came from and which specialties contributed to this.
In this post, I’ll be discussing what many people tend to ask me and others in this field “do I require a Cybersecurity Degree or Certification?”. For which I’ll say: “Do you know anything about Cybersecurity?”.
If you ask any company that works with cybersecurity professionals such as cybersecurity firms or highly regulated institutions, they will show you a list of requirement that could seem daunting. Treat this more as their wish list than actual requirements.
Every company has different needs. They can’t hire every single person with the same skills. There has to be a balanced set of skills to complement each other.
Therefore, for every level of experience and job description, there is a different set of certifications and requirements that a candidate must meet for that position to be filled.
What to do if you lack the required experience?
To begin your cyberpath the right way, I suggest you build your own cybersecurity lab. You need to know the basics of what makes and breaks a system before you get knee deep into the waters. For this purpose, I laid out the basics of “How to Setup Your Own Cybersecurity Lab” which will help you get the tools and set the goals for how and why you should do this. I also provide a page with a list of the tools that cybersecurity professionals, myself included, use and where to get those tools. You can check these tools in my “RECOMMENDED TOOLS” page located in the Main Menu on the top.
Cybersecurity requires being creative with hands-on practice to understand the basics. No amount of degree or certification will help you if you don’t have a basic level of understanding about how a system works. To do this you need to build and break a system. This will help you understand how a system works and detect any vulnerabilities this system has.
This is what I do and cybersecurity professionals do as well to keep ourselves with updated knowledge. I build my own servers via my hosted VPS and in my local Lab. This way I can test vulnerabilities depending on the target and the goal.
Don’t be afraid of making your first move to get your cybersecurity lab up and running by following my suggestions. This is the way I get updated with new information, also this is how I can safely practice with vulnerabilities I read on the news. The key here is to build virtual systems you can later dispose of if messed up.
Where you can acquire the basic knowledge
There are several ways to begin acquiring the knowledge. You can enroll in a community college or a cyber boot camp training.
Community colleges tend to be more up to date with their curriculums when it comes to technical information and they can provide a more hands-on experience by creating alliances and partnerships with local companies for internships. I know this because when I was managing my own IT Division for a Fortune 500 company I was one of the companies that provided such internships.
These students were placed by me to work on projects that required a level of expertise no other “regular” job candidate could fulfill. Sometimes I ended up hiring them for full-time positions.
There are companies that provide cyber boot camps courses. Most of these “pop-up” training courses are funded by private companies that are looking for specialists that they can’t find easily as usually happens with other job positions due to the level of specialty it requires.
Look for Facebook or in your local newspaper marketing promotion for these courses in your local area. Also, you can enroll in online courses from colleges.
In my experience as an IT Manager, the best thing you should do to acquire the required knowledge that will provide you with a strong foundation to take the certifications is to enroll in Pluralsight. This is a website that will provide you with training resources to help you understand in detail the certifications you are looking for and will guide you on how to understand and pass the test for the certification you are looking for. Enroll into Pluralsight to be trained for the certifications that companies are looking for.
The best skill required from someone looking to get into the Cybersecurity field is research. Show your commitment to yourself first by researching what I just indicated above and develop the curiosity to keep learning as this field requires to keep yourself updated with the trends according to your area of interests.
Curiosity is a must to keep evolving and developing yourself in this field.
A good place to start your research regarding any cybersecurity-related subject is at www.feedspot.com under the cybersecurity section. In here you’ll find the best of the best of blogs that publish about anything from the latest news to advice on the professional matter of cybersecurity. You can feel confident about the fact that these websites are well researched and chosen by its high-quality contents.
A strong foundation for cybersecurity requires having an understanding and hands-on practice for the technical skills according to your area of interests.
I can’t emphasize enough how important this is. You can acquire the basics of cybersecurity by enrolling in a local community college that offers hands-on practical skills for specialties such as Desktop Repair, basics of Computer Sciences, Programming Languages, Network Configuration, etc… Make sure to enroll in local colleges that already have established alliances with local companies where you can do internships. Having a title means nothing if you don’t have the hands-on experience, and internships offer this critical aspect.
By enrolling into a community college that offers courses like the ones I mentioned before and enrolling into Pluralsight would lay the foundation for when studying to take the certifications and help acquire some level of experience that most companies look for when hiring a candidate for a cybersecurity-related position. The certifications that companies are looking for are, but not limited to A+, Security+, Network+, Linux+, CISSP, CCNA, and many more…
This is just a sample list. There are many more depending on how deep you want to get into an area.
Certifications I recommend for an entry-level Cybersecurity Specialist
For beginners, I suggest you go for the first 4 on the list which are A+, Security+, Network+, and Linux+. It will provide the foundation to understand what cybersecurity is about and will open the doors for an entry-level position.
A cybersecurity specialist works to protect the information system by protecting the PC hardware (A+) / Applying standard security protocols and operating procedures (Security+) / Data and information transmission and interconnectivity (Network+) / and in some cases manage and administer dedicated servers that require knowledge in Linux (Linux+).
Having your own virtual lab will allow you to keep practicing everything you learn to study for these certifications.
Read “How to Setup Your Own Cybersecurity Lab” for more information.
Do I need to learn a programming language?
I also recommend getting familiar with at least one programming language. In my line of work, I’ve seen C++, Python, and Ruby with Python being the most used among the InfoSec community. I’ll recommend Python as the one you should go for as it provides most of the security modules to test and practice and also because is the most widely used.
Also, because most of the modules for testing are written in Python and readily available for you to download and start using them as-is or customize it as you see fit.
You don’t need to become an expert in any language, but you need to know how to use it if you decide to become a security specialist. You will appreciate knowing how to write your own scripts on demand to perform tests on any system.
One such example is when testing for vulnerabilities of a specific system and collecting any data resulting from your investigation. Imagine that you perform the same routine for different customers (or for the company you work for), instead of manually having to recreate the steps, just automate them. Is a time saver.
Hackers and crackers know this. They (or we?) know that if something works consistently, then it’s worth automating it.
Cybersecurity is a holistic field. This means that many people from different background make this field as diverse and powerful as it can be.
I hope this provides you with an understanding of where to begin your research and take your first steps toward gaining exposure to cybersecurity.
by Edgar Vera, MS Cybersecurity