How do you start in cybersecurity?

Back to Blog

How do you start in cybersecurity?

Here are five things that have impacted me in my career, and helped me to grow both as a security person and a human being.

  1. Get a solid understanding of systems and networks. Systems and networks are the foundation for everything we do in security. If you want to be better at security, you must have a foundation in TCP/IP. Both on the theoretical side, and in the application side. The easiest way to get this experience is to become a systems administrator. The lessons I learned as a sysadmin allow me to speak about things in security, such as DNS, that if I hadn't ever wrestled with, I would only be talking theory. Since I've had my hands on a DNS server and configured zones, I truly understand the security challenges of DNS.
  2. If you don't have Virtual Box installed on your laptop, do it now. Virtual Machines are your friend. With virtualization, you can configure different machines (Windows, Linux, etc.) and connect them together. You can practice with the best security distributions (Kali, Web Security Dojo, etc.) without getting arrested! Learn to use Virtual Box and build VM's to test things and learn how they work. Have a system administrator mindset.
  3. Read like crazy. In the security business, things are always changing. Whether it's new technologies (threat intelligence is the hot thing now) or new techniques, this is not a stagnant industry. To get ahead in any industry, you must continue to grow and learn. Become an avid reader, and learn from the books you read. Even though college is over, take notes about the things that catch you in the book, and act upon them. Do not think you must limit yourself to non-fiction. Sprinkle fiction in as well to expand your mind.
  4. Take advantage of the training resources available on the Internet. There are so many free security courses and training opportunities, from Universities (Stanford and MIT), Security Tube, where all the local conferences are archived, and Udemy. Take advantage of the content that is out there and learn from it. Pick a specific topic and focus on it for a month. If you know nothing about Javascript, then learn it. You do not need the proficiency of someone who builds websites daily, but knowledge can be applied when the situation arises.
  5. Network, and not in a cheesy walk around and hand out business cards way. Make friends in the security industry. Do this on twitter. Do not use Twitter as a news feed. Respond to security people and get into the conversations. The worst thing that happens is that they ignore you. Go to conferences, and don't just stand in the back of the room like you are at a middle school dance. Introduce yourself to people, talk before the sessions start, make yourself a part of the community. You'll benefit greatly from the relationships you establish with real security people.

This was originally answered on Quora.

Share on social media: 

More from the Blog

DevOps security culture: 12 fails your team can learn from

Will DevOps and DevSecOps still be relevant in 50 years? Today's DevOps technology will be long gone, but some cultural pieces may still be around. My best guess on the part of DevOps that will still exist: DevOps security culture.

Read Story

6 ways to develop a security culture from top to bottom

Of course, every organization has a security culture. If they say they don’t, they are either lying or afraid to admit they have a bad security culture. The good news is that any security culture can positively change how the organization approaches security. But culture change takes time, so don’t expect your members of your organization to overnight become pen-testing Ninjas that write secure code while they sleep. With the right process and attitude, you’ll get there.

Read Story

Correct answers in our security belt programs

I've been working on Security belt programs for 10+ years. I've had the privilege to help build the Cisco Security Ninja program. I'm also continuing to develop our security belt platform at Security Journey. I've created over 500 pieces of learning content. I've created material and the assessment questions that go with it.

Read Story

More from the Blog

6 ways to develop a security culture from top to bottom

Of course, every organization has a security culture. If they say they don’t, they are either lying or afraid to admit they have a bad security culture. The good news is that any security culture can positively change how the organization approaches security. But culture change takes time, so don’t expect your members of your organization to overnight become pen-testing Ninjas that write secure code while they sleep. With the right process and attitude, you’ll get there.

Read Story

Correct answers in our security belt programs

I've been working on Security belt programs for 10+ years. I've had the privilege to help build the Cisco Security Ninja program. I'm also continuing to develop our security belt platform at Security Journey. I've created over 500 pieces of learning content. I've created material and the assessment questions that go with it.

Read Story

The carrot and the stick: Security rewards and recognition

How do you incentivize people to participate in your security program? Are you using a carrot or a stick? Security rewards and recognition are crucial for the success of your security belt program.A security belt program is a level-based, achievement-oriented security educational experience. By creating a program with multiple levels, you provide your learners with the opportunity to make their way through the “journey.”

Read Story
Need more information about Security Journey? Get in touch

Ready to start your journey?

Free Demo