KrebsonSecurity: Thinking of a Cybersecurity Career? Read This

JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+Surf City, USAAdmin Posts: 12,255 Admin
The Brian Krebs article "Thinking of a Cybersecurity Career? Read This" is well worth a read for anyone wondering about what is needed to break in to cybersecurity as a career.

For the TL;DR-impaired:
  • Many cybersecity professionals lack hands-on experience with the more practical concerns of operating, maintaining and defending the information systems.
  • Learning the core components of how computers and other devices communicate with one another is a fundamental skill.
  • One or more programming languages in your skillset is not only going to make you a more attractive hire, it will also make it easier to grow your knowledge and venture into deeper levels of mastery.
  • Cybersecurity people can gain a fair degree of mastery of hands-on skills and foundational knowledge through self-directed study and old fashioned trial-and-error.
  • The demand for practical, hands-on experience makes degrees and certification less of a "golden ticket" to a rewarding, stable and relatively high-paying career in cybersecurity.

Comments

  • SteveLavoieSteveLavoie Member Posts: 973 ■■■■■■■■□□
    IMO, you can't be real good at security if you dont know how it operate. You need experience in network administration, programming and so on before tackling security. Sure the field is getting larger and no one can master every domain, but you can't be a good network pentester if you dont know how a network is implemented and operated. Too often, security is knowing how badly network is implemented, and what kind of shortcut people apply... and that come with experience and not a BS in CyberSecurity. 


  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    I'll read the article later, but just looking at the bullets...to me it often can come down to credibility for infosec. You have this level of credibility to maintain, and every time you're wrong about something (and don't educate and fix) or don't know how to help someone do the thing you're mandating they do, your credibility gets a little lower. Do this enough, and no one will engage or listen to you in the future. This is where having at least foundational ability to operate is critical.

    There are roles you can go into like within the SOC, but it'll be a quick sink or swim situation in the first couple years, and students still need to learn those basics if they want to move up from the SOC roles.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Sign In or Register to comment.