For those wondering how they can grow their cybersecurity career or even break into the industry, I have good news: While it may seem daunting at the beginning, there are some concrete steps you can take today to jumpstart your journey into one of tech’s most thrilling fields.
After a decade in the field, here are some of the best practical steps I took to move ahead in my cybersecurity career.
6 Practical Steps to Advance Your Cybersecurity Career
- Experiment and learn from your mistakes.
- Be honest.
- Do your homework.
- Learn from the best.
- Take care of your mental health.
- Document everything.
Experiment and Learn From Your Mistakes
In order to excel in cyber security, you must be willing to test and try anything. Set up a home lab to explore different operating systems and infrastructures. Don’t be afraid to think creatively and play around with different environments.
If you’re interested in the security field, you probably do a lot of this already. Here are a few extra things you can do to take your your learning and exploration to the next level:
- Experiment. See what works and what doesn’t. Putting yourself in uncomfortable situations will build your skill sets.
- Remember that security professionals at all levels make mistakes. It doesn’t matter how long they’ve been in the industry or their experience level. They’ve gotten comfortable with mistakes, and they know that they don’t have to be world-ending.
- Document mistakes and how you found solutions to them. Also document what doesn’t work. Every wrong answer you find gets you closer to finding the right one.
In 2013, Target was hit with a huge security breach during the holiday season. More than 40 million credit and debit cards as well 70 million customer records were stolen. The cybercriminals accessed the information through the third-party vendor Target used. The American big-box store did the right thing and let customers know about the breach — and how they planned to fix it.
Some might be tempted to conceal such a large security breach. Wouldn’t that make your company look vulnerable and untrustworthy? While Target customers were rightly wary, it was the right call to share the news. It was even better that they did it only four days after they found out. It showed Target was willing to take action and learn from the situation. By 2015, the retailer switched its debit and credit cards to a more secure chip-and-PIN system.
If Target hadn’t been honest with customers and waited for the breach to be exposed, the company would have looked even more untrustworthy. People would wonder what else Target was not disclosing.
While it’s hard to be transparent about your mistakes or lack of knowledge in a given situation, it’s better than fumbling through it. It shows that you’re honest and willing to learn — which inspires trust.
Do Your Homework
The main goal of penetration testing is to see how breakable a network is. You do this by safely trying to exploit its vulnerabilities. Basically, you’re answering the question, “How could a bad guy break in or steal information?” before they have the chance to.
But before you jump into anything, research exactly what you’re doing. Whether you are pen testing a website, database or directory, it’s good to know the consequences. Gather information by asking these questions:
- Has the infrastructure been tested before?
- What were the results and was any action taken?
- Are there any current security measures in place? What are they?
- How do people normally access the infrastructure?
- Has it been attacked before? What steps were taken to ensure that the vulnerability was fixed?
Learn From the Best
Follow influential thought leaders in the space. Here are some I admire:
Jayson E. Street
He’s been called a world-class hacker on such broadcasts as the National Geographic’s “Breakthrough” series and FOX25 Boston. But others know Jayson Street as the writer of the Dissecting the Hack book series, which is currently being used as a textbook in multiple colleges around the world. He’s also spoken at many events like GrrCon, DEF CON and DEF CON China.
Krebs was a reporter for the Washington Post from 1995 to 2009. He’s continued his investigative reporting and breaking-news reporting on his website, Krebs on Security. If there’s a security issue on the rise, he’ll report on it. Krebs’ website has alerted many in the industry on new security trends, scams and other in-depth stories.
Doctorow is a journalist, activist, special advisor to the Electronic Frontier Foundation and author. Unlike other sci-fi writers who use futuristic and made-up tech, his characters explore the dangerous potential applications of real-world tech. He shows us what’s possible in the modern world.
One of the best ways to connect with the best in the biz is to attend DEF CON, which is one of the world’s most notable hacker conferences. Every year, the most influential security individuals and groups come together to show off what they’ve learned. It is one of the most informative events in the hacker community. Plus, the convention badges are often hackable! It’s a fun way to network, learn and share information.
Take Care of Your Mental Health
Many jobs are stressful, but this industry is one of the most nerve-racking. Not only will you be pulling long hours if a security breach happens, but it can be hard to live with the knowledge of what’s possible if certain vulnerabilities are exploited.
Mental health is an increasingly important topic in the industry. Here are a few tips you can take to keep your stress levels down:
- Recognize when you’re feeling burned out. If you’re starting the day already tired, it might be time for a break. Take a mental health day when you can and plan vacations to truly decompress.
- Talk to your boss if you’re feeling overwhelmed. A good boss will help you take things off your plate if it’s getting too full.
- Take breaks during the day. Get up, walk around, grab water or play a quick game.
- Keep a physical journal. Not only is writing out your thoughts better for mental health than typing them out, but it’s also better for security since it can’t be hacked!
- Consider downloading the free app What’s Up? This app gives you mental tools to help you calm down during stress and think problems through.
- Exercise. You don’t have to train for the Tough Mudder. A simple walk outside in the fresh air is fine. Biking is also a great option. The point is to move your body.
- Spend some time away from the screen on your days off. Work on your hobbies, get outside and unplug.
Take notes and document things so well that anyone could pick up where you left off and know what you were doing, why you were doing it and where you were headed with the investigation. In addition, you should also follow these best practices:
- If you’re documenting something that happened on the web, consider installing a screen recorder that allows you to annotate footage for others who may need to watch it.
- Include all relevant information — like what infrastructure you were on and what tools you used to solve the issue.
- Be sure to include what didn’t work, too. This is important. Often, people will forget to mention what they’ve already tried, which frustrates the next person who reviews the issue. As I’ve said before, any wrong answer gets you closer to finding the right one.
- Share these notes with your team. The best people in business know that you learn from others as well as experience.
You don’t have to join a super-secret club to advance your career. If you continue to learn and explore, connect with others in the field and know when to take a break, you can rest assured: You’re on the right path.