TRANSITIONING
FROM GENERAL IT TO CYBER SECURITY
As a cyber security expert, you will have
a huge range of career options across a wide
variety of industries (e.g. finance, government, retail, etc.). But IT security
is a specialist field. You’re unlikely to start your professional life as
a penetration tester or a security architect. So the question
remains – how do you get your foot in the door?
Start with this resource. It’s intended
to help anyone interested in transitioning from a non-security career. We’ve
included advice on choosing a starter IT job, tips on building your résumé and
ideas for gaining practical experience. We’ve also listed hard IT skills and
non-security certifications that will give you a solid grounding for the
future.
WHERE TO START
Career
Path Options
There is no one true path to working in
cyber security. People come at it from all angles – math, computer science,
even history or philosophy. Yet all of them share a deep and abiding interest
in how technology works. Security gurus say this is critical. You need to
know exactly what you’re protecting and the reason things
are insecure.
Train In General IT
To that end, many experts suggest that
you begin with a job, internship or apprenticeship in IT. This will verse you
in fundamentals such as administering & configuring systems, networks,
database management and coding. You’ll also get a sense of IT procedures and
real-world business operations.
Focus Your Interests
Because it’s impossible to be an expert
in all categories, employers also suggest you focus on an area (e.g. networking
security) and do it well. Think ahead 5-10 years to your “ultimate security
career” then look for starter IT jobs that will supply
you with the right skills. Sample career paths could include:
·
Exchange
administrator → Email security
·
Network
administrator → Network security, forensics, etc.
·
System
administrator → Security administrator, forensics, etc.
·
Web
developer → Web security, security software developer, etc.
Gain Practical
Experience
Finally, we recommend you gain as much
practical experience as humanly possible. Even if you’re not in IT, you can
accomplish a lot with self-directed learning and guided training.
Starter IT Jobs
IT jobs that can lead to cyber security
careers include:
·
Computer
Programmer
·
Computer
Software Engineer
·
Computer
Support Specialist
·
Computer
Systems Analyst
·
Database
Administrator
·
IT
Technician
·
IT
Technical Support
·
IT
Customer Service
·
Network
Administrator
·
Network
Engineer
·
Network
Systems & Data Analyst
·
System
Administrator
·
Web
Administrator
Trying to narrow your options? Make sure
your entry-level IT position will give you some security-related experience. If
this isn’t clear in the job description, you have an excellent question to ask
the hiring committee during your interview.
BUILDING
YOUR CYBER SECURITY RÉSUMÉ
The
Ideal Cyber Security Candidate
The ideal cyber security candidate has a
mixture of technical and soft skills. On the technical side, most employers
want proof that you are:
·
Grounded in IT fundamentals: e.g. networking,
systems administration, database management, web applications, etc.
·
Versed in day-to-day operations: e.g. physical
security, networks, server equipment, enterprise storage, users, applications,
etc.
For soft skills, they’re looking for
candidates who:
·
Know
how to communicate with non-IT colleagues and work in a team
·
Understand
business procedures & processes
·
Love
to solve complex puzzles and unpick problems
What
To List On Your Résumé
1. College Degree
Although it’s not always necessary to
have a college degree to land your first cyber security job, it’s bloody
useful. College teaches you important skills in communication, writing,
business and project management – skills you’ll appreciate in later years.
What’s more, a strong academic qualification will ease your way to management
positions. Some employers now demand proof of a bachelor’s degree before they
will consider candidates. Learn more about your options in Choosing a Cyber Security Degree.
2. Relevant Job
Experience
List any previous IT positions plus any
other work related to IT security. That includes volunteer work, internships
and apprenticeships. For government jobs, hiring committees
will be interested in any military or law enforcement experience.
3. Hard IT Skills
4. Professional IT
Certifications
Don’t have a beginner’s security certification like Security+?
Employers will still be interested to see if you have relevant IT certifications. Just be prepared to
back up these qualifications with proof of real-world experience.
5. IT Achievements
List any IT and cyber security
achievements that you think your employers will respect. These could include
Capture The Flag (CTF) standings, contest awards, training course certificates
and scholarships.
HOW
TO GAIN PRACTICAL CYBER SECURITY EXPERIENCE
Self-Directed Learning
·
Teach
yourself to code. (Experts recommend this again and again.)
·
Build
your own computer and security lab using old PCs, your own wireless router with
firewall, network switch, etc. Practice securing the computer and network, then
try hacking it.
·
Create
an open source project.
·
Participate
in cyber security contests and training games. e.g. Wargames, Capture the Flag
competitions (CTFs), etc.
·
Look
for vulnerabilities on open source projects and sites with bug bounties.
Document your work and findings.
Guided Training
·
Offer
to help your professor or employer with security-related tasks.
Networking &
Volunteering
·
Join
LinkedIn groups, professional networks and security organizations.
·
Connect
with peers playing CTFs and Wargames.
·
Collaborate
with a team (at work or in school) on a cyber security project.
·
Volunteer
to do IT security work for a non-profit or charity.
Further Steps
·
Run
a background check on yourself to see if there are any existing red flags, then
determine what you can do to address them. Security is a sensitive field and
employers are looking for ethical candidates.
USEFUL
IT SKILLS & CERTIFICATIONS
Hard IT Skills To
Cultivate
While you’re building your cyber security
résumé (see above), work on developing
hard IT skills like the ones listed below. These are often in high demand by
employers. Since technology is always subject to change, we also recommend you
consult your colleagues, mentors and/or professors for the most up-to-date
advice.
Operating Systems &
Database Management
·
Windows,
UNIX and Linux operating systems
·
MySQL/SQLlite
environments
Programming &
Coding
·
C,
C++, C# and Java
·
Python,
Ruby, PHP, Perl and/or shell
·
Assembly
language & disassemblers
·
Regular
Expression (regex) skills
·
Linux/MAC
Bash shell scripting
Networks
·
System/network
configuration
·
TCP/IP,
computer networking, routing and switching
·
Network
protocols and packet analysis tools
·
Firewall
and intrusion detection/prevention protocols
·
Packet
Shaper, Load Balancer and Proxy Server knowledge
·
VPNs
Specializations
Thanks to the nature of their job and
industry, security experts usually end up specializing in a specific area of
interest. For example:
·
Cisco
networks
·
Cloud
computing
·
Microsoft
technologies
·
Wireless
·
Database
modeling
·
Open
source applications
·
Cryptography
And so on. To gain extra experience in
these areas, you can volunteer for tasks at work, collaborate with a mentor
and/or invest in self-directed learning and guided training.
Helpful Non-Security IT
Certifications
Before you get too deep into security-focused certifications, check out the
following IT credentials. You’ll often spot these acronyms on the LinkedIn
profiles of security professionals. However, we’d be the first to state there
are plenty of others out there. Ask around or visit security message boards to
decide which ones are worth the investment.
A “go-to” certification for entry-level
network engineers and specialists working with Cisco routers and network
systems. CCNA certificate holders have proven their ability to install,
configure, operate and troubleshoot medium-size routed and switched networks.
This qualification is on par with CCNA Security, which emphasizes core security
technologies, confidentiality, the availability of data/devices and competency
in the technologies that Cisco uses in its security structure. Experienced
Cisco engineers can aim for the higher level Professional and Expert levels.
CompTIA A+ is one of the most common baseline
certifications for IT professionals, especially IT support specialists and
technicians. The exams cover the maintenance of PCs, mobile devices, laptops,
operating systems and printers.
A+ is required for Dell, Lenovo and Intel
service technicians and recognized by the U.S. Department of Defense. Many
folks follow it up with Network+ and Security+.
The second in CompTIA’s trinity of
qualifications (which includes A+ and Security+). Network+ is an
ISO-17024 compliant certification that tests a professional’s knowledge of data
networks. This includes building, installing, operating, maintaining and
protecting networking systems.
Network+ fulfills U.S. DoD Directive
8570.01-M and is held by nearly half a million people worldwide. It’s often
recommended for network administrators, technicians and installers.
ITIL certifications focus on ITIL best
practices. Foundation is the basic level and the ITIL credential most
frequently seen on job requirements.
The exam tests candidates in key
elements, concepts and terminology used in the ITIL service lifecycle,
including the links between lifecycle stages, the processes used and their
contribution to service management practices. If your company is using ITIL
processes to handle their services to internal/external customers, then
Foundation is worth considering.
Anyone working with Microsoft
technologies should take a close look at the Microsoft
Certificate Solutions Associate (MCSA)and the expert MCSE. You must complete
the MCSA before tackling the MCSE.
Widely respected in the industry, MCSE
demonstrates a professional’s ability to build, deploy, operate, maintain and
optimize Microsoft-based systems. For the MCSE, you can choose one of nine
certification paths, including Server Infrastructure, Private Cloud, SharePoint
and more.
PMP is aimed at mid-level project
managers. Candidates without a bachelor’s degree must have at least five years
of project management experience (7,500 hours leading and directing projects);
bachelor’s degree holders must have at least three years (4,500 hours leading
and directing projects).
Successful PMP holders have demonstrated they
have the experience, education and competency to handle project teams. It’s not
a “must-have” by any means, but it can certainly help you zip through the
résumé screening process and proceed into discussions about salary.
Interested in becoming a Linux expert?
Take a look at RHCA, probably the most challenging qualification in the Red Hat certification program. To attain RHCA
status, Red Hat Certified Engineers (RHCEs) must pass at least 5 exams and
demonstrate their skills in performance-based tasks. Beginners should consider
the RHCAS and the CompTIA Linux+ certification.
VCP5-DCV is expensive, but probably worth
it if you’re interested in virtualization. To obtain this foundation-level
certification, candidates must demonstrate hands-on experience with VMware
technologies, complete a VMware-authorized training course and pass an exam.
This proves a certificate holder’s ability to install, deploy, monitor, scale
and manage VMware vSphere environments.
Once you have the VCP5-DCV, you might
wish to consider more advanced levels of VMWare
DCV certification. In addition to data centers, VMWare also offers
credentials in the cloud, end user computing and network virtualization.
