Welcome to the latest issue of Simplifying Cybersecurity!

In this issue, let’s take a deep dive into plotting your cybersecurity career path.

Plotting Your Cybersecurity Career Path

As you embark on your cybersecurity career journey, it’s important to have a plan and know what options are available to you. There are many different paths you can take, and the right one for you will depend on your skillset, interests, and goals.

Let’s explore some of the more popular cybersecurity career paths and help you plot out the best path for your future.

Consider your options

The number of roles and job titles that show up when you search for cybersecurity opportunities can be overwhelming. Let’s break down a few of the most common roles.

• Security Analyst. Security analysts monitor and analyze an organization’s systems and networks for security vulnerabilities, investigate incidents, and propose solutions to enhance security.

• Security Engineer. Security engineers design and implement security solutions and technologies, such as firewalls, intrusion detection systems, and encryption mechanisms, to protect an organization’s infrastructure and data.

• Security Architect. Security architects design and build secure systems and networks. They develop security frameworks, define security requirements, and ensure that the organization’s infrastructure and applications adhere to security best practices.

• Penetration Tester. Also known as an ethical hacker, a penetration tester identifies weaknesses in systems and networks by attempting to exploit them in a controlled manner. They help organizations identify and address vulnerabilities before malicious hackers can exploit them.

• Forensic Analyst. Forensic analysts investigate security incidents and gather digital evidence for legal purposes. They use specialized tools and techniques to analyze systems, recover data, and support investigations related to cybercrime or policy violations.

• Cybersecurity Consultant. Consultants provide expert advice and guidance on cybersecurity matters. They assess an organization’s security posture, recommend improvements, and help implement security solutions tailored to specific needs.

To help you narrow your search a bit, ask yourself this question: Am I a breaker or a builder?

Some folks like testing the limits of systems and applications and looking for ways to make them do things they were never designed to do. These folks tend to enjoy careers as red teamers and penetration testers. But some folks like anticipating how attackers might get in so they can shore up their defenses ahead of time. These folks tend to enjoy careers as engineers and architects.

Define your goals

Establishing meaningful goals is an essential step when beginning a cybersecurity career. Your goals should be both challenging and reasonably achievable, with the right guidance and hard work.

Ideally, you should aim to become a skilled practitioner in the field of cybersecurity by increasing your technical proficiency. One of the best ways to improve your skills is to build your own cybersecurity home lab so you can get some hands-on practice.

As your expertise develops with experience, you may want to stretch yourself by developing leadership skills related to governance and risk management, as well as skills that facilitate effective communication between organizations concerning security practices. This will allow you to expand your professional network while also helping foster important stakeholder relationships.

You don’t need to pursue a career path in management or leadership if that’s not your thing. You can lead by example as an individual contributor, exploring security concepts in-depth and maybe even contributing to open-source cybersecurity projects.

Having clearly articulated goals affords you a greater chance of success in your cybersecurity career.

Research the industry

Cybersecurity has never been more important than it is now considering the prevalence of technology around us. Companies in a wide range of industries are taking proactive steps to increase cybersecurity measures and protect their customer’s data.

Right now, there are over 3,000 cybersecurity companies across 17 unique categories.

• Application Security

• Blockchain

• Cloud Security

• Data Security

• Digital Risk Management

• Endpoint Security

• Fraud & Transaction Security

• Identity & Access Management

• Internet of Things (IoT)

• Managed Security Service Providers (MSSPs)

• Messaging Security

• Mobile Security

• Network & Infrastructure Security

• Risk & Compliance

• Security Consulting & Services

• Security Ops & Incident Response

• Threat Intelligence

• Web Security

If you’re interested in a career in forensics or incident response, then you might want to hear what vendors in those same spaces have to say. If you’re interested in application security, then you could learn a lot from vendors who make products for application security and web security. And EVERYONE working in cybersecurity should have at least a basic understanding of identity & access management.

A few things you can do to further your research include:

• Follow companies that you’re interested in on LinkedIn

• Connect with company employees who are active on social media

• Watch videos on a company’s YouTube channel

• Sign up for trials or free training from these vendors so you can learn how their products work hands-on

These companies have entire teams of people devoted to solving specific cybersecurity challenges. By taking advantage of the knowledge they’re willing to share, you can get a much better sense of the path you’d like to follow in your own career.

Build your skillset

Building your skillset is one of the most rewarding and beneficial endeavors a person can pursue. Having the right combination of hard, transferable, and soft skills can give you an edge in any field or industry.

When developing this skillset keep in mind what your specific career goals are. It’s important to understand the unique skills you need to meet them and create a plan for obtaining them.

Hard, technical skills are very common in cybersecurity. In order to secure a technology, you should first understand how that technology works. It can be difficult to secure network devices and the data they transfer if you don’t understand basic network protocols or the fundamentals of configuring these devices.

CompTIA developed a series of four (4) certifications designed to help learners build their security knowledge on a stable foundation of IT knowledge. That path is as follows:

• IT Fundamentals+ (ITF+)

• A+

• Network+

• Security+

Whether or not you choose to sit for the certification exams, you can round out your technical knowledge by reading books and watching videos that explain the concepts covered by each of these certs.

If you’d like to eventually pursue a career in security management or leadership, then you should absolutely complement your hard skills with soft skills. LinkedIn Learning has hundreds of courses on Management Skills and Leadership Skills, including Soft Skills for Information Security Professionals.

The additional effort put into building a refined skill set will pay off if it brings greater success in achieving your short-term or long-term goals.

Network with others in the field

Establishing a strong network within your field is an invaluable activity when launching your career.

Attending conferences is one of the best and most efficient methods for connecting with leaders in the industry, making such events ideal for learning from, and forming relationships with, them directly. The Infosec Conferences website contains a robust list of conferences you might attend, and their directory of BSides Security Conferences is extensive (although incomplete).

Online communities also offer many opportunities, such as receiving direct feedback from professionals already working in the field. Again, LinkedIn is a great resource for networking with security professionals. You can connect with folks directly, and you can join LinkedIn groups to discuss specific topics.

Additionally, you can build your network by joining professional groups in your area. Local chapters of ISSA, ISACA, (ISC)2, and OWASP are certain to have connections with security teams at organizations you’d like to work with. Reach out to these professional groups and see how you can get involved.

Keep up to date on new developments

Staying up to date on the latest developments in any industry is an essential part of understanding where the industry is headed and what career opportunities are most needed.

Following cybersecurity thought leaders can ensure that you remain informed and don’t fall behind. You could use Feedly to build a list of RSS feeds from thought leaders in this space, folks like Bruce Schneier, Brian Krebs, Graham Cluley, and Troy Hunt. Articles, blog posts, and white papers from these experts are full of actionable insights, fresh perspectives, and new ways of approaching old problems.

Stay the course

Finding your place in the cybersecurity field requires a mix of focus, skill development, and networking. But most of all, it requires grit. As long as you keep showing up and sticking with it, you’ll make progress toward your ultimate goal.

Define your goals early on, based on the aspects of cybersecurity that you’re most interested in, and use those goals to inform your research of the industry.

As you build your skillset, consider how those skills will help you achieve your professional goals. Take advantage of vendor expertise to accelerate your learning and your experience.

Connect with others who are also working in the field. Attend conferences, join online communities, and reach out to experts for advice and guidance.

Finally, make sure to keep up with new developments by reading articles from thought leaders in the field. This will help you identify new opportunities as they arise.

By following these steps, you can set yourself up for a successful and rewarding career in cybersecurity.

📚 The Bookstore

In a previous issue of the newsletter, I shared Helen Patton’s book Navigating the Cybersecurity Career Path by Helen Patton. That is, hands down, my top recommendation for folks who are making a concentrated effort on plotting out their cybersecurity career path.

A great complement to that book is The Cybersecurity Career Roadmap by Evan Lutz.

In his book, Lutz provides a comprehensive guide to entering and advancing in the cybersecurity field. It outlines the various career paths, required skills, and certifications, while also offering advice on networking, job hunting, and professional development. The book serves as a valuable resource for both newcomers and experienced professionals seeking to navigate the ever-evolving cybersecurity landscape.

👕 Anybody want a peanut hoodie?

The Simplifying Cybersecurity store is live? Inconceivable!

I wanted some cybersecurity swag of my own that I could start wearing to hacker cons, but I’m not the biggest fan of swag that’s covered with vendor logos. 🤷

So I decided to design some swag my own. 😉

I’ve got a handful of designs in the store now, and I’m planning to add more soon. Oh! And stickers! I haven’t uploaded any sticker designs just yet, but they’re on their way.

If you want to grab your own hoodie or tee, head on over to the store today!

That's it for this week. If I’m doing my job right, you’re a few steps closer to making the career moves you want to make.

If you’re digging this newsletter, I’ve got two quick asks:

➡️ Share it with a friend or colleague who might like it as well. We’re all in this together, and sharing what we learn along the way helps everyone.

➡️ If someone forwarded this to you, you can subscribe here so you can get the next issue in your inbox the second it goes live.

➡️ Connect with me on LinkedIn! I'm always up for chatting about all things cybersecurity and career growth.

Stay safe out there, and keep learning!

Jerod