Last week we spoke to over 500 youngsters about cybersecurity. We supported Ada Lovelace Day, TeenTech and the Bank of England Industry Led Cyber Schools Hub launch; and a common question we were asked, as always, was ‘what’s the best route into the industry?’. Now technically speaking there isn’t a right route, however in this blog post we’re going to give you some tips for enhancing your enthusiasm and supporting you as you transition into the industry.
We like to think of the cybersecurity industry as a paintbrush (bear with us!). The paintbrush itself represents the industry as a whole, whilst every strand of hair is a different career path and opportunity (there really are loads!). The industry is dynamic and fast paced and therefore is not just reliant on those with technical skills. If we think about the rate at which things are becoming interconnected, cybersecurity careers will be available in nearly every organisation sooner or later. Whether you work in legal, HR, training, education, finance, health, transport, fashion, sport, film or music there is going to be an increasing need for cybersecurity professionals in these fields – and many more.
Below we’ve outlined some key areas to consider when thinking about joining the cybersecurity industry at any age!
Speak to people
The industry is full of really fantastic people who are supportive of those who are curious about the industry. Don’t be afraid to ask people for advice or ask how they got into the industry; you’ll probably find that 9/10 times it’s not how you’d think!
Attending events is a fantastic way to get a feel for the industry, events range from technical to non-technical and are held across the world. There are many events held locally within the UK such as Defcon meet-ups, local Bsides conferences and clusters such as Cyber Cheltenham, just get on google and find your closest one. If you’re closer to London, events such as DC4420, 44Con, Ladies of London Hacking Society and Infosec are also great. Events enable you to not only network with individuals but also gives you an opportunity to keep up to date with key themes and conversations that are prevalent within the industry. Many community conferences open call for presentations (CFP’s), meaning you can submit an idea to speak at the conference about. If you’re new to conference speaking, there are often ‘rookie’ and ‘lightning’ tracks which often have shorter speaking slots to a smaller crowd, and some will link you up with a mentor to support you. It may sound an intimidating thing to do, but it’s a great way of showing people what interests you and where your passion for cybersecurity lies. It’s also great for raising your profile and adding to your CV!
If you’re still studying at school there are some fantastic initiatives run across the country. All of these focus on supporting the next generation of cyber professionals with knowledge, experiences and industry engagement. Have a look at the following: NCSC Cyber Schools Hub, TeenTech, CyberFirst Girls Competition, Innovate<her>, Tech Partnership, Cyber Security Challenge, Cyber Discovery, Cyber Centurion and STEM Ambassadors.
Work Experience, Internships or Voluntary work
Now when we say make sure you have work experience, that isn’t because you won’t be offered a job without it, it is about ensuring you’ve explored the different roles, sectors and organisations that are available in the industry. Time and time again when we ask people to name roles within the industry they struggle, and this is due to there being so many. Take some time to do the correct research and get some exposure. You’ll probably think you want to do one thing, and leave knowing you want to do something totally different within the industry.
Enhancing your technical ability
If a technical career is what you are looking for there is a vast range of roles within the industry some of which include:
- Security engineer: In this role, you would test the network for vulnerabilities, monitor for security breaches, and develop security plans and policies. You would also mount an incident response in the event of any security breaches.
- Cryptographer: As a cryptographer, you would analyse, decipher, and perhaps even develop encryption algorithms. The goal of these encryption algorithms is to secure data. The idea is: even if a hacker steals the data, they wouldn’t be able to read it due to the encryption lock.
- Malware Analyst: Here, you would stay up to date on the latest viruses found in the wild. Your job would also be to help develop software that would fight or defend against these new viruses.
- Penetration tester: As a penetration tester, you become a hacker; however, you will be an ethical one who must follow strict rules governed by the agreements your company has with a client company. Every action you execute will be documented. Companies hire penetration testers because they want to make sure malicious hackers cannot exploit their networks.
We’d also recommended taking part in capture the flag games on ctftime.org, this is a great place to find upcoming free events. Bug Bounties such as Hacker1 and Bugcrowd are also worth checking out to enhance your technical level, and they are great fun! The site Cybrary is a great resource for free online training and tutorials. Finally don’t forget about YouTube, it is a fantastic resource with a huge amount of free content available.
Certifications come in all different shapes and sizes so it’s important that you pick the one that interests you; SANS, OSCP, CEH and CompTIA are good staring points for courses. Other online courses include pentesterlabs.com, immersivelabs.com, HackTheBox and the pentester academy.
You don’t need a degree to enter the cybersecurity industry, period. Some of the best individuals in the industry do not have cybersecurity degrees behind them. Your attitude and enthusiasm to learn is so much more important.
Apprenticeships are a fantastic route into the industry whilst enabling you to build up hands on industry knowledge, your local college is a good starting point for enquiring about apprenticeships. You’re also now able to study up to a degree-level apprenticeship which is fantastic! If you have work experience in a company, or you’ve connected with them, do not be afraid to ask if they take apprentices or would like too.
However, if you do want to consider university to help you gain a better understanding, it’s worth looking at degrees that have been certified by the National Cyber Security Centre.
The Human Side of Cybersecurity
Technical or non-technical, it is important to have professional skills to help you succeed within the cybersecurity industry. Key skills include: Problem-solving, communication, analytical thinking, collaboration & teamwork and attention to detail. Problem-solving and communication are thought to be the most difficult skills to find within the cybersecurity industry. Cognitive diversity is more important as technical skills can be taught. Your mindset and how you apply yourself to the industry are extremely important.
Within the human side of cybersecurity there are many roles you could consider, these include but are not limited to: awareness raising, training and education, OSINT, social engineering, business development and marketing. Similarly, to technical roles, it is important to be active within the cyber community. Don’t be afraid to speak at events, write blog posts, speak on podcasts and share your thoughts on successes within the industry. Networking is a fantastic way to help your transition into the industry.
No matter what your age or technical ability, the cybersecurity industry is bursting with exciting opportunities. Our advice to you, take the plunge, go to a local event, connect with some of the fantastic professionals within the industry and find out more about this incredibly dynamic industry.
If you know of any additional resources that should be mentioned during this blog please get in touch.
Update: Virtual Events for 2020
The COVID-19 pandemic has meant that many face-to-face events planned for 2020 have been postponed or virtualised. Virtual events are a great way for you to still engage with the cyber security community and learn something new. We’ve put together a list of some of the free to access events, some which have already happened (but you can access the recordings), and some that are up and coming. Check them out below:
- Chatter Overflow (episodes 1-4): not technically an event, but a resource you might find helpful! Chatter Overflow is our video series aimed at people who are new to cyber security, considering a career in the industry or would just like to know more. Check out the next episode, which we'll be sharing on 11 August at 13:30 on our YouTube Channel.
- Cyber Cheltenham: The Changing Scene of Cyber: This event explored how the UK and international cyber security ecosystem is innovating and expanding. Speakers included LORCA, Capita, Cyber Central and NCSC. I was delighted to help organise and speak at this event and have had some great feedback!
- Cyber House Party: This event celebrated the UK cyber security industry and included panel sessions reflecting on 2020, and update from NCSC, the next generation, tech vets, the next big hack and CISO car crash.
- RSA Conference Asia Pacific and Japan: RSAC 2020 APJ is Now On Demand! Three days of keynotes and 60+ sessions across 10 tracks are now available for you to watch at your convenience.
- RSA Conference San Francisco: This conference took place before many places locked down, but if you missed it you can catch up on talks. Dr Jessica Barker gave a keynote talking about the psychology of fear and cyber security, which you can watch here.
- DEF CON – August 6-9 2020: You can look forward to a new online Mystery Challenge, remote Capture the Flag events, villages, contests, and even a remote movie night. The DEF CON Forums are being used to coordinate this event.
- Ladies of Cheltenham Hacking Society: This launch event of LCHS features a talk from Lockheed Martin Cyber Kill Chain from a special guest speaker as well as the opportunity to network. For more Ladies of Hacking Society meet ups, check out their website.
- OPCDE Live Stream Sessions: OPCDE refers to opcode, short for operational code. These sessions aim at promoting innovative cyber security research.
- Tactical Edge 2020: The Tactical Edge event covers a multitude of important cybersecurity topics, from the importance of awareness to privacy to third party risk to adversarial emulation.
- Check out this website of infosec conferences for other ideas of events, including when and where your local Bsides will take place.
If you want more inspiration and advice on how to start a career in cyber security, check out our video of cyber security professionals sharing their top tips.
Other great resources to look at include: