School Is in Session: 5 Lessons for Future Cybersecurity Pros

Opportunities in the field continue to grow — and show no signs of slowing down.

Chris Jacob, VP, Threat Intelligence Engineering at ThreatQuotient

October 6, 2022

4 Min Read
Knob with the word "skills" underneath it
Source: Andreas Prott via Alamy Stock Photo

The number of top universities and colleges across the US offering degrees in cybersecurity is now in the hundreds, and well-known college ranking services track the top programs. However, when those of us whom many consider "old timers" started in this industry, cybersecurity wasn't an option in higher education. Many of us grew out of the "break it to see how it works mentality" and didn't even realize we were setting ourselves up for a career in a field that would explode — and shows no sign of slowing down.

New opportunities for learning cybersecurity at some of the world's top educational institutions are a game changer. But don't stop there. Here are some additional ways to advance in your career and improve your skills:

  1. Don't be afraid to start your career at the help desk. Learning how to troubleshoot issues correctly and deal with upset customers gives you a solid foundation as you move up the ranks and into other areas of cybersecurity. In my hiring practice, I've found that someone who has worked in support brings an important, specific skill set that starts with listening and empathy. When a customer calls, they are likely distraught, feeling vulnerable, unable to explain exactly what the problem is, and counting on you to help. Being able to adapt on the fly to a situation, put the caller at ease, and then work with them to identify the underlying issue, are skills you will find of value throughout your career. And let's not forget about decision-making skills. I don't mean always making the right decision but, more importantly, the ability to make a decision, knowing it can always be corrected later if it turns out to be wrong. That's part of the troubleshooting process, and an important leadership capability as well.

  2. There's unique value in on-the-job training, even if that job is not in cybersecurity. There is a noticeable difference between someone who learned by doing versus someone who learned by taking a class. I started in the military, so many people assume my training was in cybersecurity. But my entry into information systems in the military came about more because I was one of the very few people into computers at the time and less from training. I was actually trained as a diesel mechanic, which, as it turns out, provided me with skills that I credit for my success in cybersecurity. Everything I did was grounded in the ability to follow proper troubleshooting methods: breaking systems down into subsystems and working smaller problems to help identify and correct larger ones. Repeated training to avoid confirmation bias while troubleshooting comes in handy in any number of areas, from testing, quality assurance (QA), and product development to threat hunting, investigation, and incident response.

  3. Find good mentors. You might think this is a chicken-and-egg situation: How do you find a mentor when you're trying to break into a field? But remember, a mentor doesn't have to be someone working in cybersecurity. Think about the non-technical skills that are extremely helpful in cybersecurity and then get creative about where to find someone you connect with who would be a good role model. Also, there's nothing to say you can't have more than one mentor.

  4. Baseline technical and cybersecurity skills can be self-taught. There number of online courses have skyrocketed over the past two years, making it easier to study on your own and complete important baseline certifications. Some of the certifications designed for anyone at any age looking to move into cybersecurity include CompTIA Security+, ISACA Cybersecurity Fundamentals, and (ISC)2 Systems Security Certified Practitioner (SSCP). Entry-level certifications like these offer a great way to test the waters and see if the field of cybersecurity excites you before spending significant time and money to apply and enroll in a full degree program. If you decide cybersecurity is for you, what you learn can give you a leg up in future classes and help you narrow down your area of concentration. It will also make you a more attractive candidate for internships, so you can get that all-important on-the-job training I mentioned.

  5. Identify your customer. Everyone has a customer. No matter what kind of role you are in and at what type or size of organization, you are always doing something for someone. Understanding that and identifying who your customer is and what "product" you are delivering to them will help you prioritize your time and effort to meet their needs. This perspective also helps guide your interactions with that individual or group and build strong relationships that can pay you (and your organization) back in spades.

With more than 714,000 cybersecurity job openings currently across the US and a significant gap in qualified workers, there's never been a better time to explore the field and see if it's a good fit for you. Hopefully, these tips will help you make the most of your educational journey and set you up for success longer term.

About the Author(s)

Chris Jacob

VP, Threat Intelligence Engineering at ThreatQuotient

Chris Jacob currently serves as Global Vice President, Threat Intelligence Engineers, at ThreatQuotient, and has over 15 years of experience in information security, including serving as Battalion Information Systems Coordinator during his time in the Marine Corps, and had leadership roles at SourceFire, Fidelis Cybersecurity, and Webroot.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights