Introduction
Breaking into cybersecurity is more than learning a body of knowledge it is about learning to become a cybersecurity professional by learning and participating in the activities of the profession. This post will focus on cybersecurity as a community of practice and how one learns to become a member of the cybersecurity community.
A community of practice consists of three fundamental characteristics: a domain of knowledge, which defines the boundaries, a community of people dedicated to the domain; and shared practice which people are practitioners with a common set of knowledge, skills, and abilities.
Practitioners start at the periphery of the community as a newbie and participate in the activities of the community. These newbies learn the ropes from the full practitioners in the community and earn the respect and trust of its members. The community will recognize the members as full participants as they grow, mature, and learn the knowledge, skills, and abilities required to be successful.
What is Cybersecurity?
Cybersecurity is a practice of computing/information technology that uses people, processes, and technology to protect and defend organizations from hackers. It is a foundational skill for everyone in the computing discipline today. It is also a specialty skill also. Cybersecurity professionals are able to defend, protect, and secure an organization\’s technology infrastructure whether it is hardware, software, operating systems, coding, or networks. Also, it is not just about securing the organization but also making employees aware of how they can protect themselves and organizations from attacks.
Cybersecurity Career Outlook
According to CompTIA, a cybersecurity specialist will earn a medium salary of $98,342 with an annual growth of 25%. There are 165,000 annual job postings. (Source) The cybersecurity practice will continue to grow into the future.
Keys to Getting into Cybersecurity
Another area of disagreement is whether or not someone with no computing background can start as a cybersecurity specialist. If you are really good, maybe but you will have to pay your dues first as an IT support specialist and an IT networking specialist first. That is not a bad thing and usually, if you are good you can move into cybersecurity roles quickly.
Employer requirements to enter the cybersecurity workforce are as follows:
- Bachelors Degree
- Certifications
- Experience
- Technical Skills
- Soft Skills
Bachelor\’s Degree
Depending upon who you talk to, there is disagreement on whether a degree is required or not. But, working with employers every day, there is still a preference for a bachelor\’s degree. Even if you were lucky and landed a job without one you will still need one over the long haul.
Certifications
To get into cybersecurity security, the minimum certification needed is Security+. The more certifications you have the better but don\’t sacrifice the needed technical skills over certifications. Skills are weighted heavier than certifications. You do not want to be a paper tiger, which is what people are called with certification and no technical skills.
Technical Skills
Over the 30+ years of working and teaching in the computing field, I still believe you need a strong foundation in hardware, software, operating systems, networking, and cybersecurity. If you build a solid foundation then it is easier to learn the higher-level skills needed as your career progresses. I have been the hiring manager and I find the candidates with the foundation and the ones who paid their dues who started as IT support specialists are much more valuable than the ones who tried to skip those foundational skills. Those with a cybersecurity degree with a strong foundation struggle because they don\’t know the core of what computing is about.
Soft Skills
The soft skills needed to be successful today in cybersecurity are communication (oral and written), collaboration (teamwork), learning to learn, problem-solving, and others. A cybersecurity professional\’s job is to work with customers to solve their problems. Not every problem requires a technical solution. In a lot of cases, it is a people and process issue. The cybersecurity professional requires strong community and collaboration skills.
Demonstrating Skills and Experience
Employers are increasingly looking for candidates who have demonstrated skills and experience. If you follow my community of practice framework, recall that newcomers to the profession must be recognized by community members as cybersecurity professionals for them to become practitioners. How does one do that?
There are a couple of ways:
- Participate in Cybersecurity Internships
- Working in an internship gets you to start participating as a member of the cybersecurity community. You will learn from the experts by observing and working with them. Usuallly, these interships are critical to a new graduate\’s success.
- Participate in Cybersecurity Red Team – Blue Team Competitions
- Over a couple of days and some months, teams practice and compete in a simulated security operation center environment. They learn how to do computing tasks, protect the network and its devices, and learn how to recover from hacks. I am finding these types of experiences to invaluable to someon trying to earn their recognition as a practicing cybersecurity professional.
Employers want proof that what you put on your resume you actually know and how to do.
Characteristics of Aspiring Cybersecurity Professionals
If I had to describe the characteristics that a candidate for becoming a cybersecurity professional needs to have, I would suggest the following ideas:
- Puts knowledge into action
- Participates in activities of the community through conferences, associations, and user groups
- Work on project and competitions to gain experience
- Read periodicals, magazines, blogs, and web sites of the cybersecurity industry
- Works on certifications required
- Experiments with new technologies
- Asks lots of questions and researches to find answers
Google and other search engines are the friends of cybersecurity professionals. Use them often. Most troubleshooting issues can be found with solutions if you do the research.
Conclusion
Learning to become a cybersecurity professional is more than just getting a degree. It is continuous learning and participating in the cybersecurity practice. It is about gaining the knowledge, skills, and abilities to be successful. It is about earning certifications to certify your knowledge. It is about participating in internships and/or cybersecurity competitions to validate your skillsets. It is about being recognized as a cybersecurity professional.
Thank you for your time reading this post! Please provide me comments on whether you agree or disagree with me. I am always willing to have a conversation.