n
nWe recently asked our membersnwho volunteer tonengage with the ISC2 blog about their entry into cyber and what advicenthey have for those interested in joining the field. These stories helpnus see a few unique career trajectories and how they are navigatingnentry and gaining experience in the cybersecurity industry. In part onenof this blog, we are sharing members with three years or less ofnexperience in cybersecurity.n
nnDo you have advice for incoming cyber professionals? Weigh in on thenISC2 Community conversationn“Hownto start a career in cybersecurity?”n
nn Rishipal Yadav, Senior Cybersecurity Specialist n| Indian
nnI found my first position at a college placement fair. I began workingnas a software engineer building a digital security platform. My mainnrole was to design the backend for secure authentication andnauthorisation for mobile apps. It was more of a software developer job,nbut I had to learn a lot about security concepts to be able to designnand develop systems.n
nnWhile working as a software engineer, I cleared GSEC and became annAssociate of ISC2. My first security role is the one I hold now, SeniornCyber Security Specialist at Cyble, a dark web monitoring and cybercrimenmitigation company based in Atlanta. I had about two and half years ofnexperience as a software engineer when I started my first cybersecuritynjob. I found this job through LinkedIn and my first job andncertifications helped me land it. In my current role, I have thenopportunity to work in all the security domains like Risk Management,nNetwork Security, Secure Software Development, Software Testing, UsernAwareness, etc. I read about these domains when I was preparing for mynCISSP exam, but this role allows me to implement the concepts innreal-life and in a challenging environment.n
nnMy advice to someone starting in cyber is to begin as a generalist,ndon’t start with a trending niche. Learn the basics of everything underncybersecurity purview, find your interest and then become a specialist.nDon’t study for the certification just to pass the exam, understand thenconcepts. Remember certificates get you an interview, a deepnunderstanding of foundation, passion and willingness to learn get younthe job. Connect with people who are already in the field, people arenwilling to help you to get ahead in your career. Just connect with themnand politely ask them for guidance. Do not be scared of a title. If younwant to reach out to a CISO, just reach out. If you want to talk to anVP, just reach out. Don’t be afraid to reach out to people, and morenimportantly, do not be afraid of applying for that job whosenqualification criteria you do not match, just apply.n
nnI was cautious of job descriptions when I first started looking forncyber positions. I did not apply to roles just because I did not checknall the boxes. No one can check all the boxes. The recruiters arenunderstanding enough even if you do not meet one or two requirements. Asnper my experience, what they are looking for is someone with a strongnunderstanding of basics, a passion for security and a willingness to bena lifelong learner.n
nn Hannah Suarez, SSCP, Information Security Officer n| Germanyn
nnPrior to my first information security job, I had experience in thendomains of networking/communications security, systems/applicationsnsecurity, auditing and cryptography. I had no cyber security degree ornactive certifications and gained contacts via the industry throughnnetworkingnand sharingnmy thoughts and work.n
nnMy first contractor position was to set up log management and logncollection within a secure environment encapsulating Windows, virtualnmachines and databases. In this role, I learned that the field could getnextremely specialized. This position meant learning a lot about thensecurity events in general and a lot of in-depth learning of thenspecific Windows-based security events to monitor. That work also helpednme start to gain an understanding that security needs to be able to worknwith other departments, such as legal or HR, in order to be applicablenthroughout the organisation.n
nnWhen I first started freelancing, my rate was low. One of the hurdles tonentry as a freelancer was learning how to properly set a rate, invoicenclients, etc. During this time, it was hard to set aside a budget to paynfor my own certifications because of the cost and time. I ended upngetting book bundle offers for reading and relying on free resources tonlearn. I also looked out for free workshops, for example when a learningncentre wanted to trial out their all-day DevSecOps workshops, I signednup.n
nnI was self-employed for personal reasons, but if I could change mynapproach to entering cyber I would seek my first full-time cybernposition within a company. I would also try to see if there were anynmore particular cyber security domains that would interest me early on,nas in the beginning I wasted my own money on certification programs, notnISC2 related, and I ended up not pursuing that particular domain.n
nnKimThanh Liauw, CISSP | United Statesn
nnPrior to my first role in cybersecurity, I had seven years of ITnexperience, where I started from the bottom up, from IT SupportednCoordinator to Support Specialist. I was with NTS when the IT Directornsaw my drive to be in security and he promoted me to InformationnSecurity Administrator. I already had a small understanding of the fieldnprior to holding the position as I graduated with a B.S. in InformationnSecurity. However, thanks to holding the position, I was able to leadnand work with consultants on cloud implementations, which opened up mynknowledge more on cloud security.n
nnMy advice for those starting out is not to be afraid to start from thenbottom of IT. You can’t do security if you don’t understand the basics.nIt takes time to understand and really get the full grasp of how thingsnare interconnected. I still don’t know everything, and I don’t thinknanyone does. However, you need a foundation to build on.n
nnI would not change anything about the way I transitioned into cyber, itnhelped me get the position without having connections or ancertification. I encourage you to keep researching and keep learning.nSecurity and IT are constantly evolving. When you stop learning, younwill become out of date and will not be able to secure the environment.n
nnIf you or someone you know is interested in taking the first step towardna career in cyber, visitnthe Hownto Get a Cybersecurity Job page on our website. In this virtualnguide, we lay out five components to a successful cybersecurity jobnhunt.n
nnTo get your career started and prove to employers you have thenproblem-solving skills, strategic thinking and the drive to be ansuccessful cybersecurity professional, register fornnFREE Entry-level Cybersecurity Training + Certification Exam today!n
n