Cybersecurity professionals are in increasingly high demand in order to help businesses and organizations keep their data and networks safe. The choice to pursue training and eventually a career in cybersecurity is a smart one for those interested in ethical hacking, computer technology, security, or threat analysis.
Last year, SecureNinjaTV spoke with 4 professionals who have developed challenging and lucrative cybersecurity careers. We learn all about how they began their career, what sort of cybersecurity training they obtained, and what they think it takes to become a successful cybersecurity professional in today’s world of hacking threats.
Watch the video, or read on to hear the thoughts of these seasoned professionals (paraphrased from video)
How did you begin your Cybersecurity Career?
Nick Percoco @c7five
Global Services at Rapid7. Creator of THOTcon and co-founder of I Am The Calvary
I’ve been in the security industry for about 17 years. I started out my cybersecurity career doing security architecture, security design, a lot of firewall installations in the 90’s. I got into penetration testing in the late 90’s and did that for a period of time and then flipped over and started doing incident response. I became proficient at doing penetration testing and used those skills to detect when attackers were getting into environments. I worked on some very large high-profile data breach investigations and got a lot of experience there.
Then I really started managing people. This is sort of a progression you have to choose- do you want to stay really deep technical, or do you want to do different things. I started to enjoy helping other people build their careers- hiring people fresh out of school, giving them guidelines, giving them guidance in order to build their cybersecurity careers, giving them paths to go, and making them happy.
The biggest thing I think from a cybersecurity career choice perspective is, if you don’t love what you’re doing, don’t do it. Find something that you really enjoy that you want to wake up every morning and be excited about going and doing. Then you will really see your career progress.
Jamie Blasco @jaimeblascob
Vice President and Chief Scientist at AlienVault
When I first started in the company I used to do everything. I used to do sales, I used to do support, I used to help customers implement a solution. So when I had to decide what I wanted to do within the company, we decided that we really needed a labs research team that could basically help the company be on top and on the edge of all the new technologies and new capabilities to detect the threats. So that’s how I ended up creating this new department.
Cybersecurity has been what I wanted to do my whole life. Since I was a child I was always learning by myself- learning how to program, learning how to hack from my home so in the end this is what I really wanted to do with my life, so I’m pretty happy.
Vice President, Worldwide Sales Engineering at TrapX Security
I started out doing computer programming and systems analysis and I had a knack for tearing apart code and analyzing problems. That ability is something that lends itself very well to the security side of the business. Kind of like having that detective mind, if you’re inquisitive you don’t like letting a problem just sit and lie, you stay up until you solve it then usually you have a good mind for the security industry.
What does it take to develop a career in Cybersecurity
Dan Ford @netsecrex
Chief Security Officer of Silent Circle
For those that are looking to get into the industry, like I tell my son Danny, this is something that has got to be your #1 priority, it’s something that you have to love doing because to just be average at this is going to get you or your organization owned. You have to be diligent, and this has got to be your passion. That’s probably the #1 thing it takes to develop a cybersecurity career. They say it takes about ten thousand hours to master any skill. There are many different skills within cybersecurity, so pick something that you love from within that. The CISSP says there are 10 common bodies of knowledge, or something along those lines right? Well, that’s a lot to know. I like forensics, malware, and of course mobile, and this is what I spend my time with all day every day. I’m up at about 5am and I’ll probably go to bed on average around midnight every night. Every once in awhile I have to crash but I pretty much get about 5 hours of sleep a night because I go to bed thinking about cybersecurity, and I wake up going “what happened while I was asleep?” It’s just something that I love doing.
What education and mindset does a Cybersecurity professional need?
It’s important that they understand everything from operating systems to networks to math to algorithims. That is gonna give them a really good base that they can use to develop new capabilities and learn new things- not only related to cybersecurity but any other area of computer science. I recommend that they have a really good base so then learning cybersecurity and developing a career in cybersecurity will be much easier.
It definitely takes some education and work, and you have to learn the systems. It’s never ending so every time new advances and operating systems come out, the game starts all over again. You’re going to have to stay on top of technology, but one of the more important parts is being able to tie the technology in with the business and understand the business is trying to run their operation, sell their product, manufacture their car, etc., and security is secondary to that critical mission. We’re there to help them solve that problem. So keeping up on industry is very important in developing a cybersecurity career.
After I got my programming degrees, I immediately started looking to get a degree in Business. I got my 4-year degree in Business Administration so I could understand those sides. Then I went back to the technical side and got a Master’s Degree in Network Security. And then I’ve just kept my certifications and knowledge current to help me stay on top of the industry.
I pretty much decided a long time ago that I wanted to be in this field; this is what I love doing. I wake up every day and it doesn’t matter if I’m on vacation because the bad guys don’t sleep. They would prefer me to be on vacation because they’re persistent- that’s why it’s called an advanced persistent threat- they’re not going to stop. I decided that I was going to do my Doctorate because I wanted to learn how to do professional research. I didn’t feel that I did that well, so the Doctorate taught me how to do those things.
From an education standpoint I know it can be really tough sometimes for people to choose between finishing their college education vs. jumping off into the real world. I know when I was in school in the mid-90’s, this was right when the dot com world was popping up and I had some friends in college with me who left school early and took job at places like Netscape. That would have been great financially for me to leave, but I think finishing your degree, and getting a well-rounded Bachelor of Science in Computer Science or with a minor in Business is important to develop a career in Cybersecurity. I even minored in Philosophy, which is completely different from what a lot of people do.
Getting that foundation I think is key. And then once you’re actually done with school, getting a job is really important. I know some people say “I’m gonna hold out for that perfect job” but even if you don’t love the job at first I think getting that business experience is extremely important because it’s very different from your college life. Learning how to interact with people, learning how to have business meetings, learning how to answer to a boss- other than when you worked at the pizza restaurant. You know, those types of things. Even if it’s for a year or so, it’s better than just sitting around and getting career atrophy, you know you lose things right away. Even if you go from school to nothing for a year you should still just get a job… and your parents will thank me for that advice as well!
If you are seeking in-depth cyber security training, please reach out to the experts at SecureNinja. They offer over 100 unique certification and proprietary courses to help you build your skill and develop your career in cyber security.