11 answers
5
Questions
Updated
2765 views
How to get into cybersecurity?
Hello, I’m a college student and I’m currently looking into a career path in cybersecurity. I recently took a computer science course at school and was intrigued with the skills I developed in that course. I was hoping you could answer the following questions:
What degree route you took to get into cyber security?
What degree you have?
What school you went to and how you passed the GCIH exams?
What position did you start off with and where you’re at now?
Login to comment
11 answers
Updated
Doc’s Answer
Mariela most modern businesses have incorporated cyber security solutions into their operations to increase efficiency. In general, administrative, accounting, marketing, communication and clerical tasks in companies are being performed on digital platforms. This shift has notable advantages, including speed, usage of few paper resources, and effective collaboration between employees. As a result, numerous enterprises have managed to increase their productivity and revenue, and reduce losses related to common inefficiencies. On the other hand, the use of IT for the management of company data and processes presents a significant risk for businesses. There are numerous threats which can compromise the digital platform. In simple terms, corporations and organizations with IT are frequently attacked by hackers and other malicious characters. This often leads to loss of critical data, business continuity compromise, financial expenses and loss of customer trust. This field is focused on detecting, preventing and managing the threats on digital platforms. The responsibilities also encompass setting up security measures and performing regular monitoring of network activities. Although a bachelor's degree can open doors to advanced roles, a two-year degree equips students with the practical skills and certifications needed for immediate employment. Many companies are prioritizing hands-on experience over advanced degrees, making this an accessible entry point into a lucrative field.
2-YEAR ASSOCIATE DEGREE
✅ INFORMATION SECURITY ANALYST — An information security analyst is an IT specialist who helps organizations protect their systems from external security risks. They install firewalls to prevent cyber attacks and investigate viruses and hacking activity to determine a computer system's vulnerabilities. After identifying and fixing security concerns, information security analysts monitor their company's systems and regularly update security software to protect the system against future attacks. They may also provide training and instruction to company employees about network safety protocols.
✅ CYBERSECURITY ANALYST — Cybersecurity analysts focus specifically on identifying and resolving digital security concerns. Their work typically involves preventing cyber attacks by analyzing a network's security and the safety of devices connected to a company's network. They establish procedures employees can use to prevent malware, virus infections, hacking and other security concerns and work quickly to resolve issues if they arise. Cybersecurity analysts try to recognize breach attempts before enough time has passed and then secure the system against the potential threat.
4- YEAR BACHELOR'S DEGREE
✅ SECURITY ARCHITECT — A security architect’s primary role is to review systems, evaluate existing security measures, and make recommendations to boost safety. This role also involves conducting thorough research, planning, and creating robust security architectures capable of surviving cyber attacks. Security architects also test computer systems and networks, fix bugs, and perform system upgrades.
✅ NETWORK SECURITY ENGINEER — At the forefront of protecting digital infrastructures, Network Security Engineers are among the most sought-after professionals in cybersecurity. Network Security Engineers are responsible for designing, implementing, and maintaining the security measures that safeguard an organization's computer networks. Their role involves constant monitoring of network traffic for suspicious activities, responding to security incidents, and staying updated on the latest network security threats and technologies. To excel in this critical role, you'll need to develop a robust set of technical and analytical skills.
GCIH EXAM PREPARATION
The GCIH exam includes 6 books covering essential topics for the exam and a final book focused on the Capture the Flag (CTF) challenge. Additionally, there are 2 Workbooks that cover exam-specific labs. Upon completion of the course, two crucial optional tasks remain: 2 Free Practice Tests (resembling the actual exam) and an optional CTF challenge. It is highly recommended to take the practice tests as they simulate the exam structure, highlighting areas of strength and improvement. CTF challenge will help you to really understand the concepts covered throughout the book, as well as for CyberLive questions that come in the Exam.
Hope this was helpful Mariela
2-YEAR ASSOCIATE DEGREE
✅ INFORMATION SECURITY ANALYST — An information security analyst is an IT specialist who helps organizations protect their systems from external security risks. They install firewalls to prevent cyber attacks and investigate viruses and hacking activity to determine a computer system's vulnerabilities. After identifying and fixing security concerns, information security analysts monitor their company's systems and regularly update security software to protect the system against future attacks. They may also provide training and instruction to company employees about network safety protocols.
✅ CYBERSECURITY ANALYST — Cybersecurity analysts focus specifically on identifying and resolving digital security concerns. Their work typically involves preventing cyber attacks by analyzing a network's security and the safety of devices connected to a company's network. They establish procedures employees can use to prevent malware, virus infections, hacking and other security concerns and work quickly to resolve issues if they arise. Cybersecurity analysts try to recognize breach attempts before enough time has passed and then secure the system against the potential threat.
4- YEAR BACHELOR'S DEGREE
✅ SECURITY ARCHITECT — A security architect’s primary role is to review systems, evaluate existing security measures, and make recommendations to boost safety. This role also involves conducting thorough research, planning, and creating robust security architectures capable of surviving cyber attacks. Security architects also test computer systems and networks, fix bugs, and perform system upgrades.
✅ NETWORK SECURITY ENGINEER — At the forefront of protecting digital infrastructures, Network Security Engineers are among the most sought-after professionals in cybersecurity. Network Security Engineers are responsible for designing, implementing, and maintaining the security measures that safeguard an organization's computer networks. Their role involves constant monitoring of network traffic for suspicious activities, responding to security incidents, and staying updated on the latest network security threats and technologies. To excel in this critical role, you'll need to develop a robust set of technical and analytical skills.
GCIH EXAM PREPARATION
The GCIH exam includes 6 books covering essential topics for the exam and a final book focused on the Capture the Flag (CTF) challenge. Additionally, there are 2 Workbooks that cover exam-specific labs. Upon completion of the course, two crucial optional tasks remain: 2 Free Practice Tests (resembling the actual exam) and an optional CTF challenge. It is highly recommended to take the practice tests as they simulate the exam structure, highlighting areas of strength and improvement. CTF challenge will help you to really understand the concepts covered throughout the book, as well as for CyberLive questions that come in the Exam.
Hope this was helpful Mariela
Thank You Rob. How wonderful that no one need wait a single moment to improve the world.
Doc Frick
Updated
Johnny’s Answer
Hi Mariela,
There are some good answers here on becoming a cybersecurity analyst, but I wanted to give some insight on a different path which I took, and that is becoming a software engineer with a focus on cybersecurity. Depending on what you enjoyed learning in your computer science course, it could be a path to consider if you find it interesting to build software that is secure and resilient to today's cybersecurity threats.
In my case, I did a B.S. in Computer Science, and the classes I found the most helpful were the standard core CS classes such as data structures, algorithms, computer systems and architecture, operating systems, and networking. My school only offered one class in computer security, which was of course very relevant. It focused on topics such as cryptography, secure coding practices, and vulnerabilities. Some go on to do a Master's or even Ph.D., but that is largely up to the individual's interests. The goal is to build a general foundation for software engineering, with emphasis on how security interacts with software systems and architecture.
Outside of schoolwork, you can also take a look at resources online such as Capture The Flag challenges, breakdowns of recent software vulnerabilities, and talks at security conferences. It is important to gain a deep understanding of the attack techniques so that you learn how to build software to defend against them.
Once you begin your career, look for jobs that let you focus on building secure software, and let your manager know that is where your interest lies. Ideally, your manager can pair you with a mentor who also focuses on security to show you the ropes. From my experience, software engineers with security expertise are highly sought after given the importance of cybersecurity threats. Skills to focus on include threat modeling, incident response, CVE and vulnerability mitigation, and secure software development lifecycle.
Software engineering and cybersecurity go hand in hand, and can make for a rewarding and lucrative career. If that sounds interesting to you, I wish you all the best!
Take computer security classes, along with other core CS classes such as data structures, algorithms, computer systems and architecture, operating systems, and networking
Research online about vulnerabilities, security talks, and Capture The Flag challenges.
Look for job opportunities to work on security and build relevant skills.
There are some good answers here on becoming a cybersecurity analyst, but I wanted to give some insight on a different path which I took, and that is becoming a software engineer with a focus on cybersecurity. Depending on what you enjoyed learning in your computer science course, it could be a path to consider if you find it interesting to build software that is secure and resilient to today's cybersecurity threats.
In my case, I did a B.S. in Computer Science, and the classes I found the most helpful were the standard core CS classes such as data structures, algorithms, computer systems and architecture, operating systems, and networking. My school only offered one class in computer security, which was of course very relevant. It focused on topics such as cryptography, secure coding practices, and vulnerabilities. Some go on to do a Master's or even Ph.D., but that is largely up to the individual's interests. The goal is to build a general foundation for software engineering, with emphasis on how security interacts with software systems and architecture.
Outside of schoolwork, you can also take a look at resources online such as Capture The Flag challenges, breakdowns of recent software vulnerabilities, and talks at security conferences. It is important to gain a deep understanding of the attack techniques so that you learn how to build software to defend against them.
Once you begin your career, look for jobs that let you focus on building secure software, and let your manager know that is where your interest lies. Ideally, your manager can pair you with a mentor who also focuses on security to show you the ropes. From my experience, software engineers with security expertise are highly sought after given the importance of cybersecurity threats. Skills to focus on include threat modeling, incident response, CVE and vulnerability mitigation, and secure software development lifecycle.
Software engineering and cybersecurity go hand in hand, and can make for a rewarding and lucrative career. If that sounds interesting to you, I wish you all the best!
Johnny recommends the following next steps:
Updated
Qisa’s Answer
Hi Mariela,
Thanks for reaching out with your question! There are many ways to get into cybersecurity, and each person's path is unique. My journey was definitely not the usual one.
In school, I wasn't sure what career to choose, so I studied Communications and Business Administration. These degrees gave me a wide range of skills, including some tech knowledge, which turned out to be very helpful later.
Here's my advice: take time to discover what work you truly enjoy. Think about what excites you in computer science or tech, and also what doesn't. Knowing both will help you find your way more clearly.
I attended a state school but stayed curious and got involved in groups like Women in Tech and tech conferences. These experiences helped me network, learn more about the industry, and find where I fit best.
For instance, I found out that while I'm good at deploying technology, my real strength is working with people and helping teams improve their security practices. Now, as a Customer Success Manager, I focus on achieving results while staying updated on the latest cybersecurity trends to support my team and clients.
Although I haven't taken the GCIH exam yet, I'm working on my CompTIA Security+ certification to keep building my technical skills.
You're doing great by exploring your interests early—this curiosity will take you far. Good luck on your journey, and don't hesitate to try different paths before finding the one that suits you best.
You can do it!
Thanks for reaching out with your question! There are many ways to get into cybersecurity, and each person's path is unique. My journey was definitely not the usual one.
In school, I wasn't sure what career to choose, so I studied Communications and Business Administration. These degrees gave me a wide range of skills, including some tech knowledge, which turned out to be very helpful later.
Here's my advice: take time to discover what work you truly enjoy. Think about what excites you in computer science or tech, and also what doesn't. Knowing both will help you find your way more clearly.
I attended a state school but stayed curious and got involved in groups like Women in Tech and tech conferences. These experiences helped me network, learn more about the industry, and find where I fit best.
For instance, I found out that while I'm good at deploying technology, my real strength is working with people and helping teams improve their security practices. Now, as a Customer Success Manager, I focus on achieving results while staying updated on the latest cybersecurity trends to support my team and clients.
Although I haven't taken the GCIH exam yet, I'm working on my CompTIA Security+ certification to keep building my technical skills.
You're doing great by exploring your interests early—this curiosity will take you far. Good luck on your journey, and don't hesitate to try different paths before finding the one that suits you best.
You can do it!
Jen Lee
Managing Partner & General Manager, Retail & Consumer Goods @Microsoft
2
Answers
Updated
Jen’s Answer
Hi Mariela, some thoughts:
1. Degree Path
Most professionals start with a Bachelor’s degree in Computer Science, Information Technology, or Cybersecurity. If your school offers a cybersecurity concentration, that’s a great option. Focus on courses in networking, operating systems, and programming, as these are foundational skills.
2. Certifications
While degrees are important, certifications often carry significant weight in cybersecurity. For beginners, I recommend starting with CompTIA Security+, then progressing to certifications like Certified Ethical Hacker (CEH) or GIAC Certified Incident Handler (GCIH) later. GCIH is more advanced and typically pursued after gaining hands-on experience.
3. GCIH Exam Preparation
Passing GCIH usually involves practical experience and formal training. Many professionals prepare through SANS Institute courses and hands-on labs. Before tackling GCIH, build a strong foundation with entry-level certifications and real-world practice.
4. Career Starting Point
Common entry-level roles include:
Security Analyst
SOC Analyst
IT Support with a security focus
From there, career progression often moves toward Security Engineer, Architect, Manager, and eventually leadership roles like CISO.
Additional Tips:
Seek internships in IT or security early.
Practice on platforms like TryHackMe, Hack The Box, or CyberStart.
Join professional communities such as ISACA or (ISC)² for networking and resources.
1. Degree Path
Most professionals start with a Bachelor’s degree in Computer Science, Information Technology, or Cybersecurity. If your school offers a cybersecurity concentration, that’s a great option. Focus on courses in networking, operating systems, and programming, as these are foundational skills.
2. Certifications
While degrees are important, certifications often carry significant weight in cybersecurity. For beginners, I recommend starting with CompTIA Security+, then progressing to certifications like Certified Ethical Hacker (CEH) or GIAC Certified Incident Handler (GCIH) later. GCIH is more advanced and typically pursued after gaining hands-on experience.
3. GCIH Exam Preparation
Passing GCIH usually involves practical experience and formal training. Many professionals prepare through SANS Institute courses and hands-on labs. Before tackling GCIH, build a strong foundation with entry-level certifications and real-world practice.
4. Career Starting Point
Common entry-level roles include:
Security Analyst
SOC Analyst
IT Support with a security focus
From there, career progression often moves toward Security Engineer, Architect, Manager, and eventually leadership roles like CISO.
Additional Tips:
Seek internships in IT or security early.
Practice on platforms like TryHackMe, Hack The Box, or CyberStart.
Join professional communities such as ISACA or (ISC)² for networking and resources.
Updated
Sean’s Answer
hey Mariela. That is so awesome that you are interested in a career in cyber security. As a late career person (been doing cyber security for over 20 years) my answers might not be typical but that's what's great about cyber security, you can come at it from lots of directions. I have colleagues who have theater and art degrees who are some of the best cyber practitioners. One of the reasons for this is that, like most careers, it's also about story telling and human interaction. I can't tell you how many times "security" and "culture" intersect.
For me:
I don't have a college degree and never really had any formal schooling. I received my CISSP 10+ years ago and it was mostly just to say "I did it". Cyber security is about always being curious and always learning and this constant change is one of the things that attracted me to cyber in the first place. It's never dull and it's never the same.
I hope this is helpful and I wish you the best of luck!
For me:
I don't have a college degree and never really had any formal schooling. I received my CISSP 10+ years ago and it was mostly just to say "I did it". Cyber security is about always being curious and always learning and this constant change is one of the things that attracted me to cyber in the first place. It's never dull and it's never the same.
I hope this is helpful and I wish you the best of luck!
Teklemuz Ayenew Tesfay
Electrical Engineer, Software Developer, and Career Mentor
517
Answers
Updated
Teklemuz Ayenew’s Answer
Even though I'm not yet a cybersecurity professional, my BSc in Electrical and Computer Engineering gives me a strong base similar to computer science. This opens up many career paths like cybersecurity, AI engineering, software development, IT support, and database administration. With this background, I understand the journey to becoming a cybersecurity expert and can share helpful advice. In many computer science programs, you can start focusing on cybersecurity in your junior or senior year, depending on your college's options. Some schools even offer early electives in this field.
To begin a career in cybersecurity, start with certifications like CompTIA Security+ and move on to more advanced ones like GCIH or eJPT as you gain experience. Practical skills in networking, operating systems, Python scripting, cloud security, encryption, incident response, and threat intelligence are crucial. Use tools like Wireshark, Nmap, Burp Suite, and Kali Linux, and practice on platforms like TryHackMe, Hack The Box, OverTheWire, and CyberDefenders. Get involved in Capture The Flag competitions, hackathons, and join cybersecurity clubs and meetups. Online communities like Reddit’s r/cybersecurity, r/netsec, Discord servers such as The Many Hats Club, and LinkedIn groups are great for learning, networking, and finding opportunities. Internships or volunteer roles are excellent for gaining real-world experience. Work on scripting, log and malware analysis, understanding security frameworks, and staying updated with new threats. Focus on mastering basics first, building practical skills as you progress, and preparing for advanced certifications and jobs by your senior year. Keep your curiosity alive, continue learning, and develop deep, practical expertise beyond just theory.
To begin a career in cybersecurity, start with certifications like CompTIA Security+ and move on to more advanced ones like GCIH or eJPT as you gain experience. Practical skills in networking, operating systems, Python scripting, cloud security, encryption, incident response, and threat intelligence are crucial. Use tools like Wireshark, Nmap, Burp Suite, and Kali Linux, and practice on platforms like TryHackMe, Hack The Box, OverTheWire, and CyberDefenders. Get involved in Capture The Flag competitions, hackathons, and join cybersecurity clubs and meetups. Online communities like Reddit’s r/cybersecurity, r/netsec, Discord servers such as The Many Hats Club, and LinkedIn groups are great for learning, networking, and finding opportunities. Internships or volunteer roles are excellent for gaining real-world experience. Work on scripting, log and malware analysis, understanding security frameworks, and staying updated with new threats. Focus on mastering basics first, building practical skills as you progress, and preparing for advanced certifications and jobs by your senior year. Keep your curiosity alive, continue learning, and develop deep, practical expertise beyond just theory.
Updated
Marcin’s Answer
Hi Mariela - there are some fantastic answers here, I would just like to offer my perspective and path, especially as it was a bit less traditional than described.
Think of cybersecurity just like another industry - our company needs engineers, sellers, marketers, finance leaders, and operations people (among others!) I would first focus on making sure that you are positioning yourself to do what WHAT you want.
When I joined, I made sure to emphasize my skills and strengths, while it was obvious from my background that I don't have a traditional cybersecurity background. I made sure I was a fit for the team and that I would learn the industry fundamentals as soon as possible, with my prior roles helping demonstrate that I could absorb and learn about new industries.
Be curious, open to try and help with anything, and focus on WHAT you want to do and you'll be happy with your future cybersecurity career!
Think of cybersecurity just like another industry - our company needs engineers, sellers, marketers, finance leaders, and operations people (among others!) I would first focus on making sure that you are positioning yourself to do what WHAT you want.
When I joined, I made sure to emphasize my skills and strengths, while it was obvious from my background that I don't have a traditional cybersecurity background. I made sure I was a fit for the team and that I would learn the industry fundamentals as soon as possible, with my prior roles helping demonstrate that I could absorb and learn about new industries.
Be curious, open to try and help with anything, and focus on WHAT you want to do and you'll be happy with your future cybersecurity career!
Updated
Manasa’s Answer
Hi there!
Thanks for your question. I might not be able to answer everything, but I'll do my best with the rest!
I studied computer science engineering for my undergraduate degree. In my junior year, I focused on cybersecurity electives like cryptography, information security, and computer networking, and I worked on related projects.
During my senior year, I started looking for cybersecurity jobs and began as a cybersecurity consulting intern in the strategy and governance unit, working with banking clients. Now, I work as an IT and cybersecurity auditor at a security product company.
I recommend taking courses on platforms like Udemy or YouTube to learn the basics of cybersecurity. Honestly, I learned most of my skills on the job.
Nowadays, there are specific undergraduate programs in cybersecurity, which weren't available when I was in school. There's a high demand for skilled professionals in this field.
I hope you find this helpful, and I wish you the best of luck!
Thanks for your question. I might not be able to answer everything, but I'll do my best with the rest!
I studied computer science engineering for my undergraduate degree. In my junior year, I focused on cybersecurity electives like cryptography, information security, and computer networking, and I worked on related projects.
During my senior year, I started looking for cybersecurity jobs and began as a cybersecurity consulting intern in the strategy and governance unit, working with banking clients. Now, I work as an IT and cybersecurity auditor at a security product company.
I recommend taking courses on platforms like Udemy or YouTube to learn the basics of cybersecurity. Honestly, I learned most of my skills on the job.
Nowadays, there are specific undergraduate programs in cybersecurity, which weren't available when I was in school. There's a high demand for skilled professionals in this field.
I hope you find this helpful, and I wish you the best of luck!
Updated
Vijay’s Answer
Hi Mariela, there are countless career paths that can lead you into cybersecurity. I began with a Bachelor's in Engineering in Computer Science, which didn't focus on cybersecurity. Fortunately, my first project in my engineering job was in cybersecurity. That project has greatly influenced my career over the past 16 years, allowing me to work in various firms, consulting roles, and cybersecurity product companies. I started as a software engineer and now I'm a Senior Manager. One thing that has really helped me is staying updated with certifications beyond just my degree.
Updated
Lawrence’s Answer
I would explore a couple of websites including: https://www.cisecurity.org/ and https://www.cisa.gov/ as they are excellent resources with career suggestions for students. There will always be a need for cybersecurity as long as there are bad people out there willing to do bad things to others.
Updated
Tabitha E’s Answer
To prepare for a cybersecurity career, a few subjects to focus on would be math and computer science classes, participate in competitions like AFA CyberPatriot, gaining practical skills through online resources and personal projects, finding a mentor, and build a professional network by attending meetups and online forums