What should my next steps be upon acquiring my first professional role? What should I be doing now to become an expert in my field, specifically cybersecurity?
I am currently in my last quarter of my masters degree program and have accepted my first professional cyber security role. I want to ensure that I create a solid foundation for my career and do everything possible to become a knowledgeable expert in my field. #cybersecurity #network security #career
• The first step to choose a path is to identify your strengths based on your unique background. Evaluate your own skills and interests.
• Get connected with groups like Information Systems Security Association (ISSA), Open Web Application Security Project (OWASP), Cloud Security Alliance (CSA) or ISACA.
• Volunteer with these groups, get plugged in with Open Source projects on the internet.
Here are some common roles in cybersecurity and as in when you grow in your career you can pick up the roles that you are interested/mastered upon:
• Security generalist
• Network security engineer
• Cloud security engineer
• Application security
• Identity and Access Management (IAM) engineer
• Security architecture
• Penetration tester
• Malware/forensics analyst
• Incident response analyst
• Security trainer
• Security auditor
• Governance, Risk and Compliance professional
Technical Skills You should learn:
• Security and networking foundations
• Logging and monitoring procedures
• Network Défense tactics
• Cryptography and access management practices
• Web application security techniques
Below are some of the important certifications:
Divya.S. recommends the following next steps:
In your first year, you will most likely be expected to learn things you did not learn in school, so definitely apply yourself with a similar learning attitude and the application of that learning will likely be the work you do.
Your attitude will count for a lot. The simplest way for me to describe this is for you to have an attitude of yes. It doesn't mean you say yes to everything, but it does meant hat you stay away from saying no. Instead of saying no, you ask a question to find a way to yes.
Scenario: Let's say your supervisor or team lead asks you to do something you don't have any idea how to do.
1. You could say no, I can't do that because I don't know how. (Not the best response.)
2. You could say yes and then struggle to figure out what to do. (Not the best response.)
3. You could say, that is unfamiliar to me, ... And then ask some pertinent questions like: Where could I find out more about that to help me get this done? Would I be working with someone who understands this better than I do?
The point is to be open to doing work that is unfamiliar to you so you can learn (always a good thing) and so you can do work that needs to be done.
One last point, take the time to learn something new reasonably well. It is very good to grow yourself into the type of person that other people seek out for knowledge, help or information - and please give that waya freely as I'm sure others will give it to you.
1) Take advantage of anything your new employer offers related to attending industry conferences and networking functions.
2) Participate in professional training offered within the company. Often times, if a company has a good training organization they will provide up to date training within growing fields such as cybersecurity.
3) Check on your employer's tuition reimbursement program. This could help in advancing your education specific to cybersecurity and/or provide assistance with pursuing cybersecurity related certifications.
I hope this helps! Good luck with finishing your Masters degree program and your new position in cybersecurity!
I would add the following:
(1) create a Twitter account that you can use professionally; don't mix it up with your personal one. Start following security professionals in our field. There are several security lists that are a collection of several Twitter handles. Search for ISSA and OWASP chapters in your local city and start following them.
(2) Subscribe to security related podcasts and use any idle time (e.g. commuting back/to work) to listen to them. Most you can listen at 1.5x or even 2x speed. My suggestions are the following:
[Daily Information Security Podcast ("StormCast")] https://isc.sans.org/podcast.html
This is a 5-10 min daily update, consume every morning with your coffee :-)
[Security Now] https://podcasts.apple.com/us/podcast/security-now-mp3/id79016499
All infosec explained in plain English and all episodes starting from #1 over 10 years ago still has relevance
These are all interviews with infosec professionals covering varying topics from technical to social impact of infosec - limited to 20 minutes and lots of info, people to follow on Twitter, etc.
YouTube is your friend but proceed with caution - doublecheck sources and don't rely 100% on a single video; some are waste of time.
Check out ISC2 which has technical security certs like CISSP (www.isc2.org)
Gil's answer is fantastic; I'd recommend going with #3 and be honest. Admit you don't know something and that you'll be able to figure it out and then ask where you can find resources. Ask questions but skip the obvious ones; really work on "figuring it out" before giving up. The follow on questions show whether you've tried or not.
I also like #1 and #2 in Blair's answer; taking care of those will open the door to #3
Finally if you can afford it, attend Defcon in Vegas
At the start of your career, you should always put down your head and work hard . You should try and learn the technical and non technical processes involved. Be an active listener, observer and analyze things. Slowly start focusing on certifications in your respective domain which will further enhance your career.
Once you ensure that your fundamentals are strong, then you can start eyeing for different roles and opportunities.
Wishing you all the very best!