How to get into cybersecurity

How to get into cybersecurity?
(Image credit: Shutterstock)

Cybersecurity is one of the fastest growing industries globally. Predictions place spending on endpoint security tools at $128 billion by the end of 2020 and spending on cloud security tools at $12.6 billion and infrastructure protection at $24.6 billion by 2023, all of which represent prodigious growth from previous years. 

With all this demand, there are plenty of opportunities for those who want to get into cybersecurity. But what’s the best way to do it? In this guide, we’ll look at the different kinds of cybersecurity and the skills and qualifications they demand, how you can get your foot in the door, and whether a career in cybersecurity is right for you. 

Multiple sectors for different interests and skills 

As detailed below, cybersecurity can be divided into a few main categories, each of which requires different skills and qualifications. 

Network security experts make sure that all the components of a company’s network are protected against threats and leaks by preventing unauthorized access. It’s often a company’s first line of defense, and requires an understanding of routing and switching, network security protocols, and common threats like DoS attacks.

Information and data security ensures that a business’s data—including user data—is protected against theft, alteration, or destruction. A good information security expert will understand risk assessment and management, have knowledge of ISO policies and security architecture, and be able to implement appropriate defenses and guide a company’s response to breaches. 

Cloud security, which combines aspects of network and data security, ensures the safe use of web applications and the secure transmission of user data. Cloud computing comes with its own set of challenges, and experts in this field will want to be familiar with the languages, like Python, and ecosystems, like Amazon AWS, that most cloud architectures rely on. 

Application security specialists find and fix vulnerabilities in the source code of desktop, mobile, and web applications, which are an attractive target for criminals. Application security specialists are intimately familiar with one or more programming languages and common vulnerabilities, and can be involved in everything from design and development to deployment, upgrade, and maintenance. 

Endpoint security ensures that servers communicate securely with endpoints, which can include personal and corporate devices like computers and tablets, infrastructure like streetlights, and the growing Internet of Things. Endpoint specialists are involved in configuring and deploying protection platforms and ensuring endpoints are compliant and up to date. Thus, they need to be familiar with a variety of vulnerabilities along the endpoint-server corridor.  

How to become a cybersecurity analyst: formal education vs. self-taught 

There are two main ways to get started in cybersecurity: you can go the traditional route and sign up for a brick-and-mortar or online school, or you can opt for a self-taught approach. Alternatively, if you already have experience in computer science and are looking to expand your skill set, you can focus on getting certified online by passing an exam or otherwise proving your knowledge. 

Formal education in cybersecurity is still the most common route, and if you’re looking for a more structured introduction, this is the way to do it.

Because your professors are paid, they’re more willing and better able to dedicate time to answering your questions and can constitute an invaluable resource. They and your classmates also make for great networking opportunities, as do internships, where you can get your feet wet and learn from your mistakes.  Finally, you’ll have access to additional resources, through the school’s library subscriptions, for example. 

On the other hand, formal education can be time-consuming and very costly, and not everybody learns best in a classroom setting. Plus, you have less choice over your curriculum. Nonetheless, most courses are planned with a given career path in mind, so it’s often just a matter of finding the right one, and their reasoned design may cover important topics you fail to consider. 

That being said, formal education is certainly not the only way to start a career in cybersecurity. Many security analysts, especially freelancers, are entirely self taught, although it’s also very common to take some formal classes and supplement them with informal educational resources like Quora, SANS, NIST, Cybrary, StationX, and Udemy. In any event, roughly one third of security analysts in the US lack a bachelor’s degree or higher. 

Informal cybersecurity courses are much, much cheaper than a college degree or certificate, and you can go at your own pace, making it easier to learn while doing another job to pay the bills. You can easily design your own curriculum to match your goals, although it’s a good idea to check the degree requirements and course content of at least a few college degrees. The main advantages here, though, are price and flexibility.

However, you will have fewer opportunities for networking, so you’ll need to be more proactive about it. You won’t have as much help if you get stuck, so be prepared to spend a lot of time asking questions and wading through responses on forums like Stack Overflow. Finally, you’ll have fewer opportunities to (freely and legally) test your skills. 

Is cybersecurity right for you? 

This is most likely something you’ll discover along the way, and remember that there are different kinds of cybersecurity that demand different skills and interests, as we’ve seen. However, there are a few personality traits that can help you decide if it’s the right path for you.

Cybersecurity follows a classic arms-race model: better security inspires new threats, which require new solutions, prompting innovative attacks, ad infinitum, so you’ll have to be comfortable with continuously learning new things. It also helps to be curious and highly analytical. If you enjoy and have an aptitude for breaking down complex problems or systems into smaller pieces, you should feel right at home. 

Cybersecurity is also very team-based, so a willingness to collaborate is essential. Analysts are often required to work closely with multiple company levels to educate, ensure compliance, assess vulnerabilities, and implement solutions. The old image of a reclusive computer hacker sitting alone in his or her basement with little to no human contact is altogether outdated. Remote working is certainly possible—just be prepared for regular telemeetings. 

Finally, cybersecurity can and often does mean working long and unusual hours, so flexibility is key. When a vulnerability is discovered, a breach occurs, or a company is under attack, you’ll be called on to deal with the problem, and that may mean hours of non-stop, intense, and highly stressful work. Much of your work will be preparing for these eventualities, but when they happen, you’ll need to respond quickly.

Bottom line 

Cybersecurity is a fascinating and rewarding career path, and there are a number of ways to begin. Start by researching the different kinds of cybersecurity careers available, and the skills, knowledge, and certifications they require, then decide how you want to approach your education. Informal education is a great way to get started and test the waters, but you may want to switch to something more structured down the line. 

Christian Rigg

Christian is a freelance writer and content project manager with 6+ years' experience writing and leading teams in finance and technology for some of the world's largest online publishers, including TechRadar and Tom's Guide.