Getting Your First Cybersecurity Job
Download as PPTX, PDF0 likes301 views
David Strom's blog discusses the path to securing a first cybersecurity job, emphasizing the need to understand the job market and differentiate between roles such as blue team and red team positions. Key steps include building a personal brand, choosing the right educational path, attending conferences, and seeking mentorship. The document also highlights various certifications and training options available for aspiring cyber professionals.
Getting Your First Cybersecurity Job
- 1. CyberUp Getting your first cybersec job David Strom blog.strom.com March 2023 (slideshare.net/davidstrom)
- 2. Who am I • More than 35 years of B2B tech journalism, written 3 non-fiction computer tech books, magazine editor • Started in IT back in 1982 and worked for both government and private industry doing end-user computing • Spoken around the world at numerous computer and business conferences, back when that was a thing.
- 3. The process • Understand the job market • Build your brand • Decide on education path • Go to a couple of conferences • Get an internship, find a mentor
- 4. Understand the job market • What types of cybersec jobs are out there? • Blue team – people who defend the infrastructure • Red team – in-house people who attack things to find weak points • Audit/compliance/governance teams
- 5. Blue team Red team • Security analyst • Forensics • Incident responder • Security engineering roles • Identity and access management • Pen tester of various kinds (network, physical entry, security operations) • Vulnerability researcher • Malware analyst
- 6. Build your brand • Use one of these tools (Knowem.com, domains.google) • Start and maintain a Wordpress blog • Set up all the various social media IDs as well as work religiously on your LinkedIn bio
- 7. Decide on your education path • Online classes in computer science/cybersec (here are three of the best ones) • Read my article in Computerworld on how to pick the right class
- 8. Look into coding academies
- 9. Provider/Link Cost Other certifications to consider COMPTIA Security+ $390 for 90-minute test Penetration testing, cybersecurity analyst and general IT courses too EC-Council Certified Ethical Hacker (CEH) $1200 for four-hour test More than a dozen cybersecurity specializations including disaster recovery, penetration testing ISACA Certified Info Security Manager (CISM) $760 for four-hour test for non- members but significant discounts for members, study materials extra Courses on risk management, data privacy and auditing ISC2 Certified Cloud Security Practitioner (CCSP) $549 for four-hour test Also offer numerous other cloud- based security classes and boot camps for above tests Offensive Security Penetration Testing $800 for a one year subscription Three different levels, other certifications in web apps and devops SANS Institute Network $8,000 for in-person instruction at Dozens of courses covering a
- 10. Go to a couple of conferences • ‘cons (including Black Hat/DEFCON in Vegas in August) • Local STL cyber events • Try one or two Bsides in different cities • Join a capture the flag team and give that a go too • Contribute to your favorite open source projects
- 11. Get an internship, etc. • Choose a niche narrow enough that you can conquer it • Figure out what you are missing and find the right mentor • Avoid known bad employers • Learn how to do people networking, even if you are an introvert
- 12. Other things worth reading • My blog for Avast gives some perspective on different kinds of jobs available in cybersec • Daniel Meissler -- How to build a cybersec career (has a great discussion on which certifications matter) • How Walmart does cybersec (an in-depth look)
Editor's Notes
- #6: Lesley Carhart is behind that TISIPHONE site and she has a great series of articles on Starting an infosec career and lots of other useful stuff (such as how to do mentoring right and improve your resume, along with a great discussion of the various cybersec roles along with descriptions of a typical day in the life, what to avoid, and a personal anecdote from someone who does the job
- #7: Knowem.com – can search through 500 popular social networks, along with over 150 domain extensions, and the entire USPTO Trademark database. You can quickly figure out what has been taken, and what is still available. It only shows you whether or not a domain is available. Second best is Google’s own domains.google — this allows you to search 300 domain extensions if you want to find something a bit more unusual. It also shows you the current market rate for a particular available name, which may or may not be accurate, depending on which registrar you end up using to buy the domain. If you want to do further research on just the domains, I would also use Domainchecktools.com. It provides deeper research into about-to-expire domains, which again may or may not be accurate. Some of this info can be obtained from the internet command whois, which shows you sometimes who owns a particular domain and when it was purchased and when it expires.
- #9: Launchcode has 3 courses, including one for women all free and all virtual Claim has 4 different classes, online and in person, costs $15,000 but loans and scholarships are available
- #11: CSoOnline.com conference guide. --- https://www.csoonline.com/article/3155500/the-cso-guide-to-top-security-conferences.html
- #12: That link will take you to Daniel Miessler’s suggestions on how to pick a mentor