Interested in learning more about cybersecurity? Whether you’re considering specializing in the field or want to round out your current job skills through courses and certification, this article will provide tips and resources to help you get started.
Talent and Gender Gaps
Cybersecurity is facing an increasingly severe talent gap. “The estimated current cybersecurity workforce is 2.8 million professionals, while the amount of additional trained staff needed to close the skills gap is 4.07 million professionals, according to (ISC)2. The data indicates a necessary cybersecurity workforce increase of 145% globally,” says Help Net Security.
The field suffers from a severe gender gap as well. According to Andra Zaharia, “A report by Cybersecurity Ventures states that women make up 20 percent of the cybersecurity workforce, while an (ISC)2 study using different criteria pegs the number slightly higher at 24 percent. Even though the percentage of women in cybersecurity has increased since 2013—when women represented just 11 percent of the industry workforce—there is clearly still a gender gap.” These gaps and disparities, along with a recent increase in cybersecurity attacks, make this the perfect time to acquire the skills you’ll need for a career in cybersecurity.
Focus on Fundamentals
There are many ways to acquire the skills that will put you on a cybersecurity career path. As Brian Krebs of KrebsOnSecurity points out, many computer security professionals don’t have computer-related certifications or university-level degrees but instead “got into security because they were passionately and intensely curious about the subject, and that curiosity led them to learn as much as they could—mainly by reading, doing, and making mistakes (lots of them).”
That is not to say that such degrees are unimportant. They may in fact be required by certain organizations, but, Krebs says, they “should not be viewed as some kind of golden ticket to a rewarding, stable, and relatively high-paying career.”
So, before committing to an extensive course of study, take time to consider the skills that will be most valuable. That same KrebsOnSecurity article highlights the most useful skills for cybersecurity based on a survey conducted by SANS Institute:
The survey asked respondents to rank various skills from “critical” to “not needed”. Fully 85 percent ranked networking as a critical or “very important” skill, followed by a mastery of the Linux operating system (77 percent), Windows (73 percent), common exploitation techniques (73 percent), computer architectures and virtualization (67 percent), and data and cryptography (58 percent).
This emphasis on fundamentals is key. As Krebs says, “mastery of networking is a fundamental skill that so many other areas of learning build upon. Trying to get a job in security without a deep understanding of how data packets work is a bit like trying to become a chemical engineer without first mastering the periodic table of elements.”
For another view of necessary skills, you can look at the various requirements of trusted certification exams. For example, the LPIC-3 Enterprise Security certification lists the following high-level objectives, with details within each category:
- Host Security
- Access Control
- Network Security
- Virtual Private Networks
The GIAC Security Essentials certification lists 31 objectives, including (but not limited to):
- Access Control & Password Management
- Contingency Plans
- Defense in Depth
- Endpoint Security
- Incident Handling & Response
- Linux Services: Hardening and Securing
- Linux: Monitoring and Attack Detection
- Malicious Code & Exploit Mitigation
- Network Device Security
- Networking & Protocols
- Virtualization and Cloud Security
- Vulnerability Scanning and Penetration Testing
- Wireless Network Security
To start learning, pick a topic that interests you, and then dig more deeply. Krebs writes that if you want to master common vulnerability and exploitation techniques, for example, resources include toolkits like Metasploit and WebGoat, custom Linux distributions like Kali Linux, and free tools like Nmap, Nessus, OpenVAS, and Nikto.
Additionally, security conferences not only provide valuable training sessions but also offer essential networking opportunities to meet others within the cybersecurity community. The following conferences comprise a small sample of events to consider:
- Black Hat
- DEF CON 28
- InfoSecurity Europe
- OWASP Global AppSec
- RSA Conference
- USENIX Security Symposium
- 35+ Initiatives to Get More Women into Cybersecurity
- Cyber Seek Interactive Career Path
- Cybersecurity and IT Career Development Platform
- Cybrary Career Development
- Hacker101 Web Security Class
- Offensive Security
- SANS Information Security Resources
- SANS SelfStudy Online Training Program
- SecLists.Org Security Mailing List Archive
- What to Tell Young People of Color About InfoSec Careers
If you're ready to find a job, check out the open positions at: SysAdmin JobHub.