Breaking Into Cyber
Welcome back to this week's Friday edition of 'The Encrypted Digest.' It's time to set the stage for our ongoing journey into the depths of cybersecurity. My goal? To give you honest, insightful, and actionable wisdom, peeling away the layers of industry jargon and buzzwords. Whether you're just stepping into the field or a seasoned professional seeking deeper insights, this is your key to unlocking a successful career in cyber. With each edition, we'll delve deeper into this dynamic domain, offering something valuable for everyone.
Let me cut straight to the chase with a brief intro about myself, ensuring you know I'm more than just another voice vying for your attention online. I'm a man whose career path may have had its twists and turns, but each one paved the way to a unique and enriching learning experience.
I kick-started my career as a humble Helpdesk Technician at a small, rapidly growing company. This role marked the beginning of a winding professional journey that led me through positions as diverse as IT Support, System Admin, Malware Analyst, Threat Hunter/Intelligence Researcher/Analyst, and even Consulting. I've even had a brief stint as an Installation Technician for a cable company - but that's a story for another day. Sprinkle in leadership positions within some of the above and here we are.
Every step of my career was punctuated by a persistent pursuit of knowledge. I hit several glass ceilings, faced peculiar employer situations, and even turned down some promotion offers for various reasons. But in each role, I actively sought to understand the core of my responsibilities, leading me to dabble in multiple roles and gain a holistic view of the industry.
Finally It's been a complex and challenging journey, but every obstacle has only deepened my understanding and ignited my passion for the world of cyber. Now, through 'The Encrypted Digest,' I'm eager to share these nuggets of earned wisdom with you all.
Now, let's dive into the heart of the matter: breaking into cyber. Whether you're a seasoned professional, an IT worker looking to transition, or a fresh college graduate, this question comes up often. You've probably seen it asked on websites, in news articles, and during conversations—it's everywhere. In this in-depth discussion, we're going to explore various perspectives and perhaps challenge some popular notions. So buckle up, this is going to be a comprehensive and, at times, controversial ride.
Breaking into cybersecurity. It's a complex realm, no doubt, but it's also one that offers tremendous opportunities. The cybersecurity industry can be intimidating for beginners. With complex concepts, high-stakes situations, and a plethora of jargon, stepping foot into the realm of IT and Cyber can feel like a giant leap. But remember, everyone starts somewhere, and it's the first step that matters the most.
There is an array of entry-level positions that can launch your career in cybersecurity. Roles like Security Analyst (SOC), Network Administrator, and IT Auditor provide more than just job titles; they offer foundational experience in the IT sector and an understanding of core security principles. Moreover, starting at positions like Help Desk and steadily working your way upwards is a viable and often beneficial pathway. These roles serve as essential stepping stones, giving you real-world experience and a deepened understanding of the cybersecurity landscape. It's crucial to remember, though, that 'entry-level' in cybersecurity often implies a pre-existing foundation in IT fundamentals—it's not always as 'entry-level' as it might seem in other fields.
However, here's a perspective you might find controversial and one I align with more: not every path into the cybersecurity industry requires a degree. With technology trends changing rapidly, it can be challenging for traditional degree programs to keep pace. Now, I'm not discrediting the value of formal education – it has its merits and can open many doors. But it's crucial to research your options thoroughly before investing in a degree.
Unfortunately, I've seen a number of graduates with computer science degrees struggling with basic fundamentals. They've invested their time and money, but lack practical, applicable knowledge. Allow me to delve deeper into this argument and steel man it for you below.
Pro-College Argument (Steel Man):
The primary argument for obtaining a college degree in cybersecurity is credibility. A degree often acts as a signal to employers that you have a broad understanding of the field and have invested time and energy into formal education. It can also open doors to internships and opportunities for networking, providing real-world experience alongside academic learning.
A degree program often provides a comprehensive curriculum covering a variety of topics within cybersecurity, ensuring graduates possess a broad foundational understanding of the subject. Students also get the opportunity to delve into specialized topics under the guidance of experienced professors. The curriculum frequently includes modules on ethics and law which are vital to understanding the broader implications of cybersecurity issues.
Moreover, college provides(Hopefully) an environment for critical thinking, problem-solving, and academic research – skills that are crucial in a fast-paced, constantly evolving field like cybersecurity.
Many employers, particularly larger corporations, often require a bachelor's degree for cybersecurity roles or even promotions to an extent, so having a degree may increase job prospects and lead to higher starting salaries as well as career longevity.
Against-College Argument (Steel Man):
On the flip side, the argument against obtaining a college degree in cybersecurity is centered around the rapidly changing nature of technology and the high cost of a degree.
The technology landscape is fast-paced and what's relevant today may be obsolete or phased out before one graduates or simply just outdated. As a result, some believe that the traditional academic structure might not keep pace with these changes. Real-world experience, internships, or vocational training can provide up-to-date, practical knowledge and skills that are immediately applicable in the workplace.
In terms of cost, a college degree can be expensive and may lead to significant student debt. Many positions in the cybersecurity field do not necessarily require a degree, and the financial investment might not always yield a high ROI.
Moreover, to a degree the cybersecurity industry places an elevated value on certifications like Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+. These certifications, along with hands-on experience, could be a more cost-effective and timely route into the field.
Overall, the choice between going to college for cybersecurity or choosing a different route depends on individual circumstances, including financial resources, time commitment, learning style, and career goals. It's a complex decision with no 'one-size-fits-all' answer. Just remember there is not a single threat actor out there who stops and goes, “Woah guys hold up! We need a degree or applicable certificate before we exploit! Pack it up!”. Moreover, it's important to mention that I've had the privilege of collaborating with highly skilled and proficient individuals from both walks of life—those who've pursued formal education and those who haven't.
Back to it though. To make the industry more accessible, it's also critical for education and training programs to offer clear, progressive pathways. Starting with foundational IT and security concepts and building up to specialized areas of cybersecurity, these programs can guide you in your journey, one step at a time.
And let's not forget about resources readily available at your fingertips! Online forums, webinars, newsletters (like mine), and networking events are excellent ways to learn more about the field, connect with professionals, and stay updated on the latest industry trends and threats.
In conclusion, while cybersecurity may seem daunting at first, with the right resources and a determined spirit, you can successfully navigate your way into this exciting field. And remember, as with any journey, it's the journey itself, not the destination, that matters the most. So take that first step, embrace the challenges, and start your cybersecurity journey today.
Closing
Before we wrap up, I'd like to leave you with a bit of advice. Remember, there's no need to master every aspect of cybersecurity all at once. I didn't fully grasp this until my seniors and experience instilled it in me. Start by picking a topic that genuinely intrigues you - be it learning GO, understanding Governance, Risk, and Compliance, or delving into incident response procedures and what a SOC does.
The depth and breadth of knowledge you gain when driven by genuine interest tends to be more significant than those merely seeking financial gains. Yes, money is a motivator, but what truly sets you apart is your relentless pursuit of knowledge.
Sure, I can train anyone to write proficient KQL (Kusto Query Language), Splunk queries, or even Threat Hunt methodology. But will your curiosity stop there? Will you leverage your interpersonal skills to connect with team members, understand their challenges, and learn from their experiences? Or will you remain complacent? It's your attitude and approach towards constant learning that will define your career trajectory in cybersecurity.
Friday Fun
Still with me? Awesome, let's take a breather from all the insights above. Feel free to connect on the brand new Twitter page - currently sitting pretty with a grand total of zero followers (hint hint).
Now lets unwind with a tale. The Tale of the First Computer Virus
Ready for a little cyber nostalgia to kick-start your weekend? Let's wind the clock back to 1971, to the birth of the first ever computer virus. Named "Creeper", it was an experimental self-replicating program, the first of its kind, that infected mainframes on ARPANET (the precursor to the internet).
But here's the twist - instead of wreaking havoc, Creeper simply displayed the message, "I'm the creeper, catch me if you can!" To catch and remove this playful digital menace, the first antivirus, named "Reaper", was born. A fascinating start to the eternal cat and mouse game in the world of cybersecurity, wouldn't you say?
Remember work is work, do something different this weekend to refresh yourself. Spend time with loved ones! Go to your local hardware store and build something for yourself nothing fancy. Write a letter for yourself to read in the future about something you can improve for yourself right now. Find a new hobby you know nothing about, and explore. I’m currently interested in learning how to build a motorcycle, and sailing. Feeling lost hit the twitter up, and I’ll give you a topic to explore.
That’s a wrap! Hope you enjoyed, and stay tuned for next weeks topic, “Essential Skills and Tools for Starting a Cybersecurity Career.”
Later,
Omniscient Raven