Are you always tinkering with things to see how they work? Do you think outside of the box? Do you love computers and the internet?
If so, you may want to consider a career in cybersecurity. Working in cybersecurity gives you an opportunity to use creativity, attention to detail, technical knowledge, and interpersonal skills on a daily basis, while also making a real difference in the lives of the people you’ll protect.
Before we go any further, though, let’s make something clear: You don’t need to be a genius to work in cybersecurity. You don’t even need to know how to write computer programs (though that is certainly helpful). People tend to think of movie scenes with eight computer screens in front of a desk and indecipherable green text flowing down the screens at unreadable speeds. In real life, cybersecurity is much more approachable; you don’t need to be a genius.
Alright, so what do you need?
The first (but not the only!) thing to consider is a college degree. A degree in computer science, cybersecurity or information assurance can provide a great introduction to the field and give you a familiarity with some of the concepts and professional terminology you might use. Your resume will also be more impressive with a degree; you’ll have a greater chance of being hired and you’ll be able to command a higher salary. Don’t be fooled, though; a college degree will not fully prepare you for your job (contrary to what you might see in university’s marketing materials). Quality university cybersecurity programs will expose you to many of the concepts that you’ll work with professionally, but there’s a very significant amount of knowledge that you’ll only get on the job.
A second item to consider is getting some Windows and Linux experience. You don’t have to get a systems administration job to do this (though on-the job experience is often better); you can set up lab environments in your own house. Linux is free, (I recommend Linux Mint to start off with, but you can read about versions of Linux online (e.g. https://itsfoss.com/best-linux-distributions/). There’s a plethora of resources for getting started with Linux, but I’ve found this guide to be the most approachable: https://www.pcworld.com/article/2918397/how-to-get-started-with-linux-a-beginners-guide.html. Microsoft has lots of resources for students, including free versions of some of their server operating systems and cloud offerings so students can get used to Microsoft platforms: https://www.microsoft.com/en-cy/imagine. Microsoft TechNet has a great tutorial for setting up a windows Domain lab for free here: https://social.technet.microsoft.com/wiki/contents/articles/36438.windows-server-2016-build-a-windows-domain-lab-at-home-for-free.aspx. You don’t have to become an expert but getting used to the basic functionality of these operating systems will give you foundations for knowledge you’ll gain down the road.
Once you’ve started to get comfortable with Windows and Linux, you may want to explore networking and cybersecurity foundations in a lab environment too. Black Hills Information Security has a great webcast to get started with (https://www.blackhillsinfosec.com/webcast-how-to-build-a-home-lab/).
Lastly, basic scripting and programming skills aren’t critical to your career in cybersecurity, but they can be a big help. Many of the things you’ll do in cybersecurity will be repetitive tasks, done on a computer. With scripting, you can automate many of these tasks- making your job easier and letting you get more done. There’s another advantage as well: Understanding how programs work can give insight into how they can be hacked into. Buffer Overflows are a great example of this (https://blog.rapid7.com/2019/02/19/stack-based-buffer-overflow-attacks-what-you-need-to-know/): it’s hard to understand the problem without basic knowledge of the C programming language. Again, if you have an interest in learning how to code, great. If not, don’t worry about it. There are plenty of cybersecurity jobs that never touch scripts or programming code. It’s a helpful skill, but not essential.
Cybersecurity is an exciting and growing field. Don’t be intimidated by the amount of information available; take things at your own pace, don’t be afraid to ask questions, and most importantly, have fun!
Note: there’s another career track in cybersecurity, which can collectively be called Governance, Risk, and Compliance (GRC). This part of cybersecurity is more about rules and management than technical skills and knowledge. Knowledge of risk management principles, and applicable laws and regulations are important if you want to enter this part of the field. A well rounded GRC professional will usually have experience in the technical side of cybersecurity, though, so starting out with the technical side of things may still be a good idea. Leaders in the cybersecurity field will often have technical and GRC knowledge.