It’s no secret that there is an overall industry challenge to find the right cyber security talent. Some make the argument that there is a skills ‘shortage,’ while others say that the skill is there, but there is a communication gap between employers and recruiters that aren’t putting out the right job descriptions for those trying to enter into the cyber security field. While there are many theories and opinions on the ‘why,’ Cyber Security Hub (CS Hub) recently focused on how to help.
As a media organization providing coverage on the cyber security community, sometimes the best way to help is to bring awareness to the situation at hand. And so, the first step in doing so was to write about the abundance of certifications available to the cyber security community by looking at it from a simple Google search lens, followed by digging into some tangible data:
See Related: “Utility Of Cyber Security Certifications”
Next, CS Hub tapped into the expertise of those executives in the cyber security trenches with very different background and opinions. The end result? While interview answers covered the gamut of the certifications landscape, all participants could agree that certifications are best if used as a baseline:
And finally, while on a recent interview with a well-known professor and author in the industry — his advice to me was “interview a student or someone who is going through the cyber security job search process.” And so, I found Katia Dean — a cyber security blogger who is currently navigating the career path herself — who also offered best practices based on her personal journey:
This journey has now brought us to a recent and simple ask to the industry through social media. We posed the question:
“What is your #1 piece of advice you would share with a new cyber security professional?”
While we weren’t exactly sure what the results would bring, we felt the advice given was worthy of sharing. So, without further adieu, here is what your peers had to say:
- There is more power in team than in me/my/I … cyber security is a team sport.
- Always know your disaster recovery plan … hoping you never have to use it.
- If you are not asking the right questions, ask more. Always ask questions until you understand.
- Some say cyber security is a break even business … breaking even is a win!
- Scan — mitigate — scan – repeat.
- Overachieving is a lost art … practice it!
- Get up and walk — go talk to people in the business. When you go out and talk to people you develop rapport and can become a trusted advisor.
- In a battle of 1,000 attacks you might prevent, stop and win 999 times. No one cares. But everyone cares about you loosing the one and only time. Accept this.
- Approach your work with a ‘beginner’s mind.’ Never assume you know.
- Learn *NIX and build yourself a lab with OS tools.
- Certs don’t make you an expert, but they measure knowledge at a point in time on the material for the cert.
- Stay grounded and humble.
- Find others to teach and to learn from.
- Be above reproach with regard to ethics.
- ALWAYS keep learning, and always expand into areas that are not strictly security-related.
- Learn to script well.
- Enjoy the challenge.
- Do it for the love and the $$$ will follow.
- Be true to the art more than the science, it’s always a one-off!!!
- Read, read, read… There is an overabundance of resources at your disposal and almost every tool out there you’ll come across has “help” documentation built into it. Take the time to understand how the tools work and familiarize yourself with them — they’re there to make you more effective at your job and will not do the job for you. Master reading and learning, and never stop the learning process. Getting into cyber security is not an end goal, it’s just the beginning of a career-long commitment to educating yourself and keeping your mind sharp in an industry that is ever-changing.
As we oftentimes hear the phrase ‘people, process, technology,’ and sometimes other key words are added such as ‘culture’ … the order of those words never change, and it always starts with ‘people.’ Every enterprise is first dependent on its people, while the processes and tools are brought in later to help reinforce the business. So, while some of these pieces of advice are very broad and generic, it may be worth reiterating from time to time. And then there are those cyber security-specific tips that are so valuable to those entering the field, like “breaking even is a win!”
On a recent TF 7 Radio episode, Host George Rettas said, “Everyone is going to have a bad day in cyber – it’s how you react to that, how prepared you are, will define you as cyber security professional.” As the next generation of cyber security hopefuls is entering the field trying to define who they are in the industry, CS Hub shares the aforementioned advice from CISOs and executives already embedded in the business to help them with their goal: “To leave the industry a little better than they found it.”
See Related Event: “Cyber Security Digital Summit – Spring 2019”