n
nIn the second portion of thisnnblog series, we are sharing member stories from those with four to six years ofnexperience in cybersecurity. We asked members about their entry intoncyber from their first positions to today and what advice they have fornnewcomers. Do you have advice for incoming cyber professionals? Weigh innon the ISC2 Community conversationn“Hownto start a career in cybersecurity?”n
nnBrian Bresnahan, CISSP, Senior Security Analyst | United Statesn
nnPrior to migrating to a security role, I programmed voice and videonsystems for 15+ years. I also had extensive data center experience withngenerators, UPS, cabling, electrical design, network redundancy, fibernrings (SONET) and call routing for call centers. In my firstncybersecurity role I worked for a LEC and served in their Securityndepartment to detect toll fraud and network intrusion.n
nnMy advice for those interested in joining the cybersecurity field is tonapply your past experiences as they should relate to security becausensecurity encompasses multiple fields. Everything from writing to networkndesign, to legal issues. It impacts everything so, bring your backgroundnto a security role. Often “security people” lack legal backgrounds, orndon’t understand operations. You really need a broad understanding tonmigrate to security effectively. I had a strong operations backgroundnwhich enabled me to see consequences or lack of redundancy or securitynissues.n
nnWhen I think about my career transition, I think I would have gotten outnof operations sooner than I did and informed hiring managers that “I amnalready dealing with security today.” Do not underestimate pastnexperiences as they may relate to security as a field. All these fieldsnare related, and the motto is 100% true, “we all own security in ournorganizations.”n
nnGreg Reid, SSCP | Canadan
nnBefore a cybersecurity role, I had experience in some of the domainsnwhich made the transition easier. My first role was in insurance as anSystem\Network Administrator. In this role, I was responsible for: hownusers access our systems, implementing CA policies, disabling andnenabling user accounts, investigating risky sign-ins and hardening ournO365 tenant and systems. The role allowed me to utilize the conceptsnthat I had studied. Using these concepts in the real world allowed me tonsee the concepts in action, and the negative or positive impact they hadnto users and the organization.n
nnThe main advice I have is to do as much research as possible andnnetworking is key. You will create relationships with people who will benable to mentor you in the field. If I was starting over, I would maybencreate more networking earlier on. Cyber Security is a vast field; Inrecommend choosing one area and zone in on it. Be passionate about yournarea of choice and set aside time to learn something new every day.n
nnnNeal Caffery, CISSP | Chinan
nnBefore my first position in security, my experience came from developingnmy skills, reading and practice. I found my first cybersecurity role innShanghai as a security engineer. This position helped me to get to knownthe cyber security attack surface and attend the incident response andnthe DDOS attack response. These experiences gave me a lot of experiencenin network security and in SOC. My advice for those interested in cybernis to keep learning. Cybersecurity is a scope with rapid changes, andnyou have too much to learn. Keep practicing and trying. A lot of skillsnneed practice again and again, development is very important.n
nnnErik Nost, CISSP | United Statesn
nnI had no experience by title in my first security role, but everyone hasnsecurity responsibilities at some level and it turned out I had amplenqualifications. For instance, I oversaw MFA implementation for retailnlogins at two different companies and I regularly published consumernsecurity safety content on our websites. Security touches every businessnprocess, application and physical location of every organization andnthere are infinite areas of expertise, from appsec, to regulatory, toncloud infrastructure, to business continuity, it goes on.n
nnMy advice is to be an advocate for security in any role because it’snalways applicable. If you’re working in retail, learn about PCI. Ifnyou’re in healthcare, leverage your HIIPA knowledge. One example is linencooks are protecting human safety by following food safety protocols. Ifnyou aren’t sure, talk to the security team – they’re always looking fornadvocates and alliances in any organization.n
nnI was interested in the entire field of infosec, there is a lot tonlearn. But find what you’re truly passionate about and focus on that.nGeneralists are great but expertise in subject matter is also needed. Inrecommend leveraging all the free resources and training out there. Seenif your employer will pay for additional training but keep itnapplicable. Listen to podcasts, read blogs, and become involved innInfosec Twitter.n
nnIf you or someone you know is interested in taking the first stepntowards a career in cyber, visitnthe Hownto Get a Cybersecurity Job page on our website. In this virtualnguide, we lay out five components to ansuccessful cybersecuritynjob hunt.n
nnTo get your career started and prove to employers you have thenproblem-solving skills, strategic thinking and the drive to be ansuccessful cybersecurity professional, register fornnFREE Entry-level Cybersecurity Training + Certification Exam today!n
n