Rick Deacon is co-founder of Apozy, a cybersecurity tech company he launched in 2012 that specializes in browser defense. Prior to that, he worked as a pen tester for several years. But while Deacon's background is now solidly in the "security veteran" category, the career actually began as a hobby for him years ago.
"I'm deeply familiar with how to go from nothing to something," says Deacon. "My background involves very little schooling. I started hacking in the sixth grade, slowly working my way up through opportunities discovered and chances given."
As Deacon's experience can attest, there are multiple ways to get started in cybersecurity. And while the well-publicized skills gap means the cybersecurity jobs market is often described as hot, with 0% unemployment, one only has to check social media to find complaints from entry-level security professionals who are having a hard time getting started.
What are some best practices for newbies and hopefuls to consider as they start down the path of a security career?
Network with Experienced Security Pros
It's tough right now with face-to-face opportunities off-limits and conferences on hold, but it is critical to find ways to interact with experienced security veterans who can offer advice and introduce you to opportunities. For now:
Once COVID-19 restrictions are lifted and conferences begin to start back up in person, be sure to attend and interact with people.
Find a Mentor
Those looking to get into the cybersecurity should seek mentorship from someone in the field with several years of experience, says Jon Helmus, manager of pentest community at Cobalt.io.
"With everything online, it is easier than ever to get mentorship from experts in the field who can help guide newcomers on a path to success," says Helmus.
Hands-on experience is so important when applying for jobs in security, and the initial way to get it is often with volunteer work or an internship. It can be at your current place of work or at one of the many conferences that take place throughout the year.
Get Certifications (They're Not Essential, But They Help)
A perpetually controversial topic, certifications are an element of the professional that are endlessly debated.
"When you're just getting started out with no prior experience, a certification can get you in the door," says Dr. David Brumley, CEO and co-founder of ForAllSecure and a professor at Carnegie Mellon University.
And while many employers might not necessarily require them, they can't hurt either.
"A mentor once told me about degrees and certifications, 'While they might not open any doors, they will make sure none are closed,'" says Jerry Gamblin, director of security sesearch at Kenna Security.
Figure Out Your Focus and Make a Plan
If you think you really want to get into a security-specific career after some time in IT, it's time to carve that down into a focus, SAS's Wilson says.
"There are many different areas of cybersecurity – build it, break it, protect it. With a variety of paths to choose, take time to research what you want to do," he says.
Deacon echoes Wilson. "In my opinion, people new to security need to understand the fundamentals of their particular niche - and pick one,” he says.
Once you have figured that out, design a plan for yourself that identifies goals for now, later, and several years from now, advises Helmus.
"Write out a short-term plan [one to two years], midterm plan [three years], and long-term plan [five to seven years]," he says.
Just Do It
The first step for those passionate about a career in security is to simply start working on it at home or current workplace, Deacon says.
"If you're in an IT role that isn't cybersecurity but is open to ideas, try shadowing the security folks and provide them with novel ideas where you can," he says.
In fact, many of the security pros The Edge spoke to for advice on getting started in security touted the benefits of a general IT background before considering a security specialization.
"My strong-held personal belief is that great security professionals start in customer support or help desk roles," says Gamblin. "It allows them to be hands-on with standard technology like desktop OSes, office tools, and helps them develop empathy for end users."Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio