How To Successfully Break Into Cybersecurity: There Are 3 Main Components of This Approach
How To Successfully Break Into Cybersecurity: There Are 3 Main Components of This Approach
How To Successfully Break Into Cybersecurity: There Are 3 Main Components of This Approach
Research Refer IT to
Find a mentor Congrats!
Keep doing your various Cyber Prepare a
Enter the field in Apply for jobs Mission
current job Cybersecurity domain study plan
Cybersecurity Completed.
domains mapping
It is vital to keep earning with your current job until and unless you have successfully entered the Cybersecurity field with a full-
time job. Your family might be dependent on you.
Do not take a break for specific study/course/certifications/masters if you are already working in the non-cyber IT field.
Understand how many various fields there are in the security field.
Take each bullet point from that PDF and Google it. Ask the below questions to yourself:
5. Is it demanding or not?
7. Look for the course syllabus of that cert to understand what can be covered?
9. Which roles can you start within that domain as a beginner, and where can you reach maximum?
Understand what your position is, in which IT field you are working currently.
Understand what possible options/areas you can start your journey with within Cybersecurity.
If you are an absolute beginner with no IT experience, you can select any field you are interested in. Maybe you would select
domains that are closet to your IT role or maybe completely separately as you are willing to learn new things from scratch. Any
approach would work here.
Identify what learning options you have. There are various learning options for any IT or Cyber field. There are pros and cons of
every option which I have illustrated.
1. Read a book – Time-consuming but can give you a very granular level basic to advance understanding of each
thing.
2. Study a complete course on YouTube – Depending upon channel creators, their views, opinions, the study approach
can be vary. No. of topic coverage & in-depth content may also vary. So, you will require to do a lot of research
before selecting any particular course on YouTube as they are free.
3. Go for any certification and read official certification materials – Some people feel that they can't feel motivated if
they don't have any goals/challenges. Hence, they go for paid certifications as once they spend money, they will
require to study and crack the exam in a limited timeframe. This keeps them motivated and focused towards
achieving the goal. Some reputed certification authorities are ISC2, eLearnSecurity, SANS/GIAC, Offensive Security,
CompTIA, ISACA, Mile2.
4. Study a complete course on Pluralsight/Udemy/Coursera/Oreilly – These are some popular portals for studying the
entire course of any security domain. Trainers on these platforms are well experienced, and these portal owners also
review course content. Ensure you check the ratings of the course before you select and start.
5. Freeform well-structured self-study via Google & YouTube – Manier times, you cannot or don't want to spend money
on material as it can be found via Google. So, you can follow this approach. Before starting self-study, all you need
to do is select a particular field. Find a famous book on Amazon that has good ratings and is not older than a
maximum of 6 years. Find a table of contents of that book. E.g., You found a book on Amazon.com. Refer to its table
of contents what all they are going to teach in that book. Then Google each topic, read, and study. Watch
practical/theory explanation videos from YouTube. Prepare your notes.
2. Time allocation for your job, social life, learning security from above options (Prepare a daily, weekly schedule, Set
targets)
Go for certification post your preparation. It is vital to have relevant certifications to crack interviews.
I believe below are the foremost common factors one should consider before selecting a company or applying for a role:
There can never be any company which would fulfil all your below needs. (You will need to prioritize minimum 2 maximum 3 areas which you
would assess in your next company. So, if the first 2/3 of your needs are completed, you can select that company.)
1. Location
2. Flexibility
7. Boss/Senior management
8. Money
9. Learning opportunities
Create a killer LinkedIn profile (So many guidelines out there on YouTube and Google)
Guest on a podcast.
Finding the right mentor is a challenging task, especially for beginners in the security field. There are DOs and DON'Ts to consider
before selecting the right mentor for yourself:
2. Don't select mentors just based on their online presence/appearance/how famous they are in the industry
3. Don't select mentors just based on the total no. of experience they have
4. Don't select mentors just based on their super technical hacking skills
5. Don't select mentors just based on the number of achievements they possess
6. Select a mentor who is down to earth, willing to learn from you as well while also coaching you
7. Select a mentor who just not only solves your tech queries but gives you a perfect vision/direction for what you need
to do to become XYZ down the line in the next 2-5 years and so on.
8. Select mentor who is regularly contributing and giving back to the community
9. Select a mentor with the right attitude not only the right knowledge
10. Give time for your research, talk to them regularly, talk to many regularly before you select them as your mentor
11. Most notably, in the above list, ensure all or the majority of the points are giving a green signal to select your mentor
and don't just evaluate anyone based on one or a few DOs or DON'Ts. Remember, no one is perfect in this world.
If you are an experienced IT professional, you will need to tweak your resume to make it sound more of a cybersecurity one than
just an IT.
If you are a beginner, you will require to create a professional resume to apply for a job. There are plenty of cybersecurity resume
templates on Google which you can refer to.
If you have no professional experience in IT or Cybersecurity, you can add below things in your resume as a beginner:
2. Security certifications
Select any portal to apply for jobs but do not forget to use LinkedIn for the same. LinkedIn jobs are best according to my
viewpoint compared to other specific job-hunting portals.
You can contact specific cybersecurity recruitment companies who fill positions for big companies.
You can add Cybersecurity specific HRs to your LinkedIn to build relations and ask them to take an interest in your profile.
Prepare for interviews based on job descriptions. Whatever roles/responsibilities are mentioned in the JD, most likely, you will be
asked questions from those areas only + the things you have mentioned in your resume.
It is not over yet. You have just entered the cybersecurity world. There are things you will need to continue doing for better
survival and better growth.
1. Learn more things – Learn those things in your company which you cannot simply learn by Google and YouTube.
E.g., One can learn how to hack a website by sitting at home, but cannot learn, how to design a new secure
architecture diagram for an application development within the DevSecOps project based on their company's
infrastructure. That is the real experience.
2. Advancing to management – See what else you would require learning apart from tech skills to advance your
career to the management level. Learn more soft skills of business, management. Learn people, process and
technology problem dealing.
3. Know your competitions – Competitions are everywhere; it is a good way to keep yourself motivated and learn more
things that others are learning in your network.
4. Know the market – Understand how the market is shifting in Cybersecurity, know various new vendors coming into
the market, launching their products to tackle large enterprise problems. Understand what problems are being
discussed in the community through conference panel discussions, YouTube podcasts, or other sources. Understand
the market when you started your career and how rapidly it is changing and where it is going. You can determine
your future roles, opportunities and can set goals accordingly.
5. Do not get demotivated – Cybersecurity is a very competitive field. You will meet many people in your life who might
know more things than you. Don't get demotivated by that. If they know 2 things, you know 1, if they share 1 extra
thing with you, now you both know 2 things. So always keep +ve attitude of learning from them and don't get
demotivated by your position of learning.
6. Make StackOverflow & Google your besties – It is not important what you don't know; it is crucial how quickly can
you learn. Google and StackOverflow are the best sources for your doubts (tech or non-tech). Keep them at your
fingertips. It is ok to ask stupid questions, so keep asking around.
7. Community appearance – You should attend/present at well-known conferences. Start with your local town
conference/meetups. Present on few topics. Gain confidence in public speaking. Then advance to national level
conferences and then international level. Meet more people, build relationships.
8. Bad practices in Cybersecurity – Nothing is perfect in this world. In Cybersecurity, even there are bad practices,
loopholes, cheats. Ensure whatever small or big decision you take, you do all your sanity checks and don't get
trapped into all of these.
IT to Cyber domain/role mapping (It is not a 100% mapping of all IT roles to all Cyber, just a heads-up)
Network security
Filtering
VPN
DDOS protection
Infrastructure VAPT
DevOps, Web Developer, Software Developer, Development Manager, Project Development Manager
(Agile/Scrum Master), Project Manager, Database Administrator, Database Engineer, Quality Tester, QA
Engineer
Threat modeling
DevSecOps
Design review
Secure coding
Static Analysis
Bug bounty
VAPT
Application security testing (Web, Android, iOS, thick/thin client app testing)
SAST
DAST
WAF
RASP
Anti-virus/anti-malware
EDR solutions
HIDS/HIPS
App whitelisting
Infrastructure VAPT
Secure configurations
Lawsuit Risk
Risk management
Security strategies
Vulnerability Management
Risk assessment
Security awareness
DR/BRP
Cloud Architect, Cloud Consultant, Cloud Service Developer, Cloud Administrator, Cloud System Engineer
Incident response
Breach investigation
Forensics analysis
Breach communication
Crisis Management