A Guide To Starting A Career: in Cyber Security
A Guide To Starting A Career: in Cyber Security
A Guide To Starting A Career: in Cyber Security
STARTING A CAREER
IN CYBER SECURITY
A Guide To Starting a Career in
Cyber Security
Trust me, I understand how overwhelming this industry can be, which
is why I launched Station X to help people just like you to study Cyber
Security at their own pace, online.
O ften people believe that cyber security is all about technology and hacking. This is
somewhat true, but cyber security is much more than that.
It is a discipline of managing risk, which might happen to have technology as a solution. This
means roles in security can vary massively from simply managing a team or performing a
basic audit, to computer forensics and other highly technical work like ethical hacking.
There are many types of jobs you could do within cyber security. If you look at the Cyber
Security Domains diagram below you will see the many different domains that exist under
the umbrella known as cyber security.
Don’t worry if you don’t understand these domains yet. That is to be expected. The key
point here is that there is a broad variety of entry points and job types in this industry. Use
the Cyber Security Domains diagram as a reference for what roles exist, and what you might
do in those positions. As you become more familiar with cyber security these domains will
make more sense to you.
The cyber security industry is a huge umbrella of many different types of roles that need
different skills and that cover different domains of knowledge.
Baseline Configuration
Containment Investigation
Eradication Forensics
Security Analysts might work in a security operating centre (SOC) and specialise in
the domain of security operations and vulnerability management. Or any of the other
domains within security operations. The titles of security analyst & specialist are quite
general so you might find roles with these titles involved in many different domains.
This role might cover some or all of the domains such as incident response,
investigations, forensics, breach notifications and containment.
A consulting role can be quite varied so it’s possible they may specialise in something
specific such as risk assessment or they might be more of a generalist advisor covering
many domains.
These roles are generally within the domain of security architecture where you are
designing and implementing some of the sub-domains within the architecture domain,
like a secure network, access control, identity management and so on.
A freelance consulting role can also be quite varied. The difference is you are working for
yourself. Which means you will specialise in what is in demand.
The CISO is solidly in the domain of cyber security governance with oversight over all the
other domains.
Consider what domains and roles you might be interested in, and what role you might
ultimately move towards in the middle and the end of your career.
You may choose to specialise in domains such as network security, cloud, security
architecture, management and governance, security operations, risk assessment,
penetration testing, blue team or others. Where you specialise determines your training and
certification needs.
If you were to look at the job boards in your local job market. You will notice the job specs
and roles that will cover these domains.
If you are in the US you will see roles advertised on job boards such as Dice, Indeed,
Glassdoor, LinkedIn and others. In the UK JobServe, CyberSecurityJobsite, CWJobs and
others. When you have the time, spend a few minutes looking at the jobs on these boards
and you’ll better understand what skills are required for certain job titles.
If you want to know where to start with online training, then you are welcome to join the
Station X Cyber Security School VIP membership.
Full disclosure - this is my cyber security career development platform. After noticing the
lack of flexible education options for this industry, I have spent the past few years building
out quality training with other cyber security professionals to help people just like you.
The VIP Membership of StationX Cyber Security School gives you unlimited access to over
1,000+ top cyber security classes, virtual labs, practice tests, and exam simulations. This
gives you all the training material you need to fully educate yourself and become a highly
paid cyber security professional.
If you aren’t sure where to start, don’t panic. The VIP membership also includes a detailed
email consultation which produces a customised study roadmap for you of what courses
and certificates you should take in what order based on your current skills and career goals.
O ne of the easiest ways to educate yourself, showcase your skills and improve your
employability is to acquire certificates.
In the field of cyber security, there are a number of certificates you can get that will look
great on your resume or portfolio. To acquire these certificates, all you need to do is sit an
exam.
By identifying a certificate you would like to get, you can narrow the focus of your education
on learning only the skills required for one certificate at a time. This makes your learning
path much more linear while reaching valuable milestones along the way.
At StationX, we provide specific training and practice exams to help you prepare for and
pass your certification exams.
Beginners Certificates:
Cyber security is a highly-skilled career which requires a solid foundation in IT, operating
systems and networking. If you are starting at zero with little to no basic IT knowledge, then
you need to get up to speed with the basics first.
My recommendations for anyone starting at zero is to learn your IT fundamentals first. The
topics and skills you need are covered well on the courses we have for the CompTIA IT
Fundamentals certificate and CompTIA A+ Core 1 & 2 certificates.
If you are not starting at zero, these courses and certificates may be too simple for you. Skip
any that are too easy unless you want the certificate for your CV/Resume/Linkedin.
Then what certificates you should aim to get and skills to acquire will depend on the type of
roles and specialisation that interests you. You need to choose training and certificates that
cover the Cyber Security Domains that are required for the roles that interest you most.
For example, if you want to become a penetration tester you might look to get the OSCP -
Offensive Security Certificate or as a Chief Information Security Officer (CISO) get the CISM
- Certified Information Security Manager.
IT Basics
Cyber Security
CompTIA IT Fundamentals
CompTIA Security+
(Entry level)
(Basic level)
Penetration Testing
CEH - Certified Ethical Hacker
(Intermediate level) Cloud
CompTIA Cloud+
(Basic level)
CompTIA Pentest+
(Intermediate level)
Microsoft Azure
(Intermediate level)
OSCP - Offensive Security Certified Professional
(Advanced level)
Amazon Web Services (AWS)
(Intermediate level)
GPEN - GIAC Certified Penetration Tester
(Advanced level)
Networking
GWAPT - GIAC Web Application CompTIA Network+
Penetration Tester (Basic level)
(Advanced level)
Cisco CCNA
Offensive Security Exploitation Expert (Intermediate level)
(OSEE)
(Expert level) Cisco CCNP Security
(Intermediate level)
Certificates increase your job opportunities, demonstrate knowledge and skills and are often
even required just to secure an interview.
CISSP requires five years of experience to achieve. But, you can take the CISSP exam
without any experience (after doing CISSP training), and then you’ll have six years to
complete your five years of industry experience. After that, you officially submit your
endorsement to become an official CISSP, and then you can start using those letters after
your name. In the meantime, you can put on your resume/CV/LinkedIn you have passed the
CISSP exam. This will help secure a role.
According to Zip Recruiter, the average annual pay for a CISSP Job in the US is $125,470 a
year.
I recommend you to do your CISA shortly after as there is a lot of shared content, so it is
easy to do both exams close together. Finally, follow those two with the CISM certificate for
security management.
According to Zip Recruiter, the average annual pay for a CISM Job in the US is $137,058 a
year.
Key Takeaways
) Long term, you should aim to pass the Certified Information Systems
Security Professional (CISSP) certification.
It’s easy to gain hands-on practical experience if you go about it the right way. The
first thing you must do is to set up a virtual lab. A virtual lab is a simulation of a real
environment and can be used for gaining hands-on practical experience. It has never been
easier and cheaper to set up a virtual lab than it is today.
Here are your options in order of least expensive to most expensive for setting up your lab.
If you want to learn how to set up a lab and virtual server, I recommend The Complete
Cyber Security Course Volumes 1-4. Section 5 - “Setting up a Testing Environment Using
Virtual Machines.”
In order to sharpen your hands-on practical skills, it’s best to study an online course while
practising techniques inside of your Virtual Lab.
In your current job (if you have one) you want to ask to take on any security tasks you
can, to gain experience and to have something to put on your resume. Anything at all is
better than nothing, even simply changing people’s passwords is worth doing to gain the
experience!
Attend local hackerspaces and cyber security community groups. There is an active and
passionate community who I guarantee would love to meet you. Talk and network with
existing security professionals. Learn about the industry.
Consider internships, volunteering, and offer to do free work for businesses and charities.
) Take on any cyber security related work you can to gain experience.
T o secure your first job, you MUST be able to demonstrate your abilities and passion for
the work. To do this, I recommend you to create a public profile and use this as a vehicle
to showcase your talent and demonstrate your passion for the industry.
Try doing security research, respond to Call for Papers (CFP), bug bounties (get paid for
finding security errors in other systems), answer questions on Q&A boards, and write
security posts and papers. Contribute to open-source projects and network with the
developers.
Create a public profile by writing a blog, Twitter, LinkedIn and other social media accounts
and fully document all of your work.
If you’re unsure about how this all looks, you can connect with me on LinkedIn and Twitter
to share with my network. Chat to experts over social media. Comment on the latest
security news. Attend security conferences like DEFCON, Black Hat, RSA conference,
ShmooCon, InfoSec and see if you can contribute. Network with the attendants.
Place everything relevant on your resume/CV/LinkedIn when you apply for jobs. Employers
do read through all of it and maintaining a professional profile does matter.
Your resume/CV/LinkedIn demonstrates your ability, enthusiasm and passion, which will get
you hired very quickly in a market that is desperate for talented individuals!
Key Takeaways
Throughout this guide, I’ve shown you 5 core steps to starting a career in Cyber Security.
To repeat those steps, they are:
1. Get to know the cyber security industry and what jobs are on offer.
2. Get educated with online cyber security training and courses.
3. Gain certificates by studying for and completing exams.
4. Get hands-on practical skills by setting up a virtual lab.
5. Demonstrate your abilities and your passion.
This really is a fascinating and exciting industry. I’ve been working in this field now for 25
years and ever-changing technology presents new and interesting challenges every day.
I hope this is a career that interests you too. Cyber security is a very rewarding and
respected occupation with an increasing skills gap and the world needs new people with an
interest in cyber security more than it ever has before.
First, follow me on LinkedIn. This will allow you to connect with my network.
Second, be sure to sign up for my Weekly Threat Intelligence Report. Cyber security is
all about immersing yourself in knowledge and this weekly report will keep you notified of
important security news, threats, vulnerabilities, guides, how-to’s and tools to help you start
and really grow your career.
Lastly, remember that when you feel ready to learn more, you are welcome to join the
Station X Cyber Security School VIP membership where you will get unlimited access to
over 1,000+ top cyber security classes, virtual labs, practice tests, and exam simulations
that you can study at your own pace.
Thank you for reading and I look forward to connecting with you.
Kind regards,
Nathan House