In the second portion of this blog series, we are sharing member stories from those with four to six years of experience in cybersecurity. We asked members about their entry into cyber from their first positions to today and what advice they have for newcomers. Do you have advice for incoming cyber professionals? Weigh in on the ISC2 Community conversation “How to start a career in cybersecurity?”
Brian Bresnahan, CISSP, Senior Security Analyst | United States
Prior to migrating to a security role, I programmed voice and video systems for 15+ years. I also had extensive data center experience with generators, UPS, cabling, electrical design, network redundancy, fiber rings (SONET) and call routing for call centers. In my first cybersecurity role I worked for a LEC and served in their Security department to detect toll fraud and network intrusion.
My advice for those interested in joining the cybersecurity field is to apply your past experiences as they should relate to security because security encompasses multiple fields. Everything from writing to network design, to legal issues. It impacts everything so, bring your background to a security role. Often “security people” lack legal backgrounds, or don’t understand operations. You really need a broad understanding to migrate to security effectively. I had a strong operations background which enabled me to see consequences or lack of redundancy or security issues.
When I think about my career transition, I think I would have gotten out of operations sooner than I did and informed hiring managers that “I am already dealing with security today.” Do not underestimate past experiences as they may relate to security as a field. All these fields are related, and the motto is 100% true, “we all own security in our organizations.”
Greg Reid, SSCP | Canada
Before a cybersecurity role, I had experience in some of the domains which made the transition easier. My first role was in insurance as a System\Network Administrator. In this role, I was responsible for: how users access our systems, implementing CA policies, disabling and enabling user accounts, investigating risky sign-ins and hardening our O365 tenant and systems. The role allowed me to utilize the concepts that I had studied. Using these concepts in the real world allowed me to see the concepts in action, and the negative or positive impact they had to users and the organization.
The main advice I have is to do as much research as possible and networking is key. You will create relationships with people who will be able to mentor you in the field. If I was starting over, I would maybe create more networking earlier on. Cyber Security is a vast field; I recommend choosing one area and zone in on it. Be passionate about your area of choice and set aside time to learn something new every day.
Neal Caffery, CISSP | China
Before my first position in security, my experience came from developing my skills, reading and practice. I found my first cybersecurity role in Shanghai as a security engineer. This position helped me to get to know the cyber security attack surface and attend the incident response and the DDOS attack response. These experiences gave me a lot of experience in network security and in SOC. My advice for those interested in cyber is to keep learning. Cybersecurity is a scope with rapid changes, and you have too much to learn. Keep practicing and trying. A lot of skills need practice again and again, development is very important.
Erik Nost, CISSP | United States
I had no experience by title in my first security role, but everyone has security responsibilities at some level and it turned out I had ample qualifications. For instance, I oversaw MFA implementation for retail logins at two different companies and I regularly published consumer security safety content on our websites. Security touches every business process, application and physical location of every organization and there are infinite areas of expertise, from appsec, to regulatory, to cloud infrastructure, to business continuity, it goes on.
My advice is to be an advocate for security in any role because it’s always applicable. If you’re working in retail, learn about PCI. If you’re in healthcare, leverage your HIIPA knowledge. One example is line cooks are protecting human safety by following food safety protocols. If you aren’t sure, talk to the security team - they’re always looking for advocates and alliances in any organization.
I was interested in the entire field of infosec, there is a lot to learn. But find what you’re truly passionate about and focus on that. Generalists are great but expertise in subject matter is also needed. I recommend leveraging all the free resources and training out there. See if your employer will pay for additional training but keep it applicable. Listen to podcasts, read blogs, and become involved in Infosec Twitter.
If you or someone you know is interested in taking the first step towards a career in cyber, visit the How to Get a Cybersecurity Job page on our website. In this virtual guide, we lay out five components to a successful cybersecurity job hunt.
To get your career started and prove to employers you have the problem-solving skills, strategic thinking and the drive to be a successful cybersecurity professional, register for FREE Entry-level Cybersecurity Training + Certification Exam today!