As I wrote in my last article, no matter what your current profession is, it’s possible to start a career in cybersecurity so long as you’ve got a passion for learning. In this article, I’m going to continue on that theme, show you how you can match your existing skills to your ideal cybersecurity job and pitch yourself with confidence. I’ll also cover how you can identify any key skills you might be lacking and how to fix that!
Getting an idea of what cybersecurity actually is (Hint: It’s not all hacking)
In the words of Douglas Adams, “Cybersecurity as a field is big. You just won’t believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it’s a long way down the road to the chemist’s, but that’s just peanuts to cybersecurity.”
Okay, I might be misquoting a little, but the point still stands. Most people think cybersecurity is where you’re an ethical hacker working for the FBI, trying to locate a criminal in five seconds, and that’s simply not true (Full disclosure: A known side effect of joining cyber is you may froth with rage whenever you see this happen on the big screen. Quit now if this bothers you!).
To pull those blinkers off and take in the full scope of cybersecurity, a great place to begin is to look up what is encompassed in the eight Security Domains encompassed in the Certified Information Systems Security Professional (CISSP) certification exam. That’s the certification sought by professionals after years in the field, and the eight domains break up the different areas of security in the way the industry talks about them.
The eight domains are:
Security and Risk Management
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Software Development Security
For a full breakdown of what each of these domains are, check out the certification exam outline. Now, as you read each of these domains, don’t worry about the specific details — what you are looking for is something that sparks your interest, and feels like a match to your skills. Under each domain, you’ll find the soft and hard skills required to perform the various jobs contained within.
A Nurse, a Software Dev, and a HR Professional walk into a Cyber interview….
Now you might be thinking, “How can I possibly go for a job in cybersecurity if I haven’t worked as a software developer?” Or perhaps you are a developer, and you’re not sure how to map your skills against the CISSP domain outlines.
Well, watch and learn, young padawan. Here’s how you might match your skills against something like Security Operations (Domain 7), using the examples of a nurse, a software developer, and a HR professional.
7.1 Understand and comply with investigations
Evidence collection and handling
Nurse: Collected evidence over time to preserve and present to doctors, such as regular temperature checks, X-Rays, vital fluid measurements. Experience with heavily regulated and tracked materials that require chain of custody.
Software Developer: Debugging and troubleshooting involve evidence collection, no chain of custody experience
HR Pro: Experience in sensitive HR investigations that requires careful evidence gathering and chain of custody management
Reporting and documentation
Nurse: Maintained daily charts and medical records
Software Developer: Developed reporting software
HR Pro: Maintained reports on employees and managed employee relational software
Nurse: Worked with patience to get to the root cause of their illness through thorough questioning and examination
Software Developer: Investigate root cause analysis and debugging
HR Pro: Employee investigations
Digital forensics tools, tactics, and procedures
Nurse: Post Mortem investigative experience for Mortality and Morbidity reports
Software Developer: Look for crossover between tools you use for developing software and tools Digital Forensics investigators use to investigate systems
HR Pro: Worked closely with Cyber Forensics to gather evidence for HR investigations
Artifacts (e.g., computer, network, mobile device)
Nurse: Worked with complex medical devices to calibrate, troubleshoot and maintain where possible
Software Developer: Developed code for multiple platforms and tools
HR Pro: Used computers and complex databases for reporting and analysis
Need another example? Here’s an example for Security and Risk Management (Domain 1). Accio domain requirements!
1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements
As you can see, no matter what your profession is, you’re not going in as a blank slate — there’s very few people who are truly a tabula rasa. If you’re unable to think of a match, ask some of your colleagues and friends if they would brainstorm with you to see if there is anything you missed. In the words of the Beatles, it’s good to get by with a little help from your friends!
Exploring jobs that match your skill map
Now you’ve got your passions and your applicable skills mapped out, it’s time to test out your Google-fu. Go to a job search site, and use keywords or phrases from your map coupled with cyber security.
One of my favorite ways is to use Google Advanced operators. Pick a job search site and type into Google something like this:
site:indeed.com intext:cyber AND intext:security AND ‘business impact analysis’
Site specifies the site to search, while intext tells Google to look for that word in the page’s text, capital AND tells Google you want this AND that and by using the single quotes, or double quotes you can specify a phrase.
This will give you a good place to start to identify the job you want to go out for, what skills you have to fill it, and what you should focus on to gain the skills you are missing.
Filling in those skill gaps
Pluralsight offers a number of courses you can use to learn more about getting a career in cybersecurity, authored by industry experts. There are easy to follow learning paths for getting industry recognised certifications.
Taking these courses is a great way to get a feel for cybersecurity and what’s involved, so you can make sure you’re making the right career choice.
About the Author
Kat Seymour is a Security Author with 20 years of experience in technology and information security. With a wide breadth of experience, Kat’s focus is on Red, Blue, and Purple team operations, tools, and techniques. Kat’s passion for technology and security are matched only by her passion to empower the next generation of security professionals through mentorship and knowledge sharing.