School Is in Session: 5 Lessons for Future Cybersecurity Pros

Don't be afraid to start your career at the help desk. Learning how to troubleshoot issues correctly and deal with upset customers gives you a solid foundation as you move up the ranks and into other areas of cybersecurity. In my hiring practice, I've found that someone who has worked in support brings an important, specific skill set that starts with listening and empathy. When a customer calls, they are likely distraught, feeling vulnerable, unable to explain exactly what the problem is, and counting on you to help. Being able to adapt on the fly to a situation, put the caller at ease, and then work with them to identify the underlying issue, are skills you will find of value throughout your career. And let's not forget about decision-making skills. I don't mean always making the right decision but, more importantly, the ability to make a decision, knowing it can always be corrected later if it turns out to be wrong. That's part of the troubleshooting process, and an important leadership capability as well.

There's unique value in on-the-job training, even if that job is not in cybersecurity. There is a noticeable difference between someone who learned by doing versus someone who learned by taking a class. I started in the military, so many people assume my training was in cybersecurity. But my entry into information systems in the military came about more because I was one of the very few people into computers at the time and less from training. I was actually trained as a diesel mechanic, which, as it turns out, provided me with skills that I credit for my success in cybersecurity. Everything I did was grounded in the ability to follow proper troubleshooting methods: breaking systems down into subsystems and working smaller problems to help identify and correct larger ones. Repeated training to avoid confirmation bias while troubleshooting comes in handy in any number of areas, from testing, quality assurance (QA), and product development to threat hunting, investigation, and incident response.

Find good mentors. You might think this is a chicken-and-egg situation: How do you find a mentor when you're trying to break into a field? But remember, a mentor doesn't have to be someone working in cybersecurity. Think about the non-technical skills that are extremely helpful in cybersecurity and then get creative about where to find someone you connect with who would be a good role model. Also, there's nothing to say you can't have more than one mentor.

Baseline technical and cybersecurity skills can be self-taught. There number of online courses have skyrocketed over the past two years, making it easier to study on your own and complete important baseline certifications. Some of the certifications designed for anyone at any age looking to move into cybersecurity include CompTIA Security+, ISACA Cybersecurity Fundamentals, and (ISC)2 Systems Security Certified Practitioner (SSCP). Entry-level certifications like these offer a great way to test the waters and see if the field of cybersecurity excites you before spending significant time and money to apply and enroll in a full degree program. If you decide cybersecurity is for you, what you learn can give you a leg up in future classes and help you narrow down your area of concentration. It will also make you a more attractive candidate for internships, so you can get that all-important on-the-job training I mentioned.

Identify your customer. Everyone has a customer. No matter what kind of role you are in and at what type or size of organization, you are always doing something for someone. Understanding that and identifying who your customer is and what "product" you are delivering to them will help you prioritize your time and effort to meet their needs. This perspective also helps guide your interactions with that individual or group and build strong relationships that can pay you (and your organization) back in spades.