How to Start and Grow Your Career in Information and Cyber Security

I created this article as I’ve seen a surge of young professionals keen to enter the information and cyber security field, and why not? It’s a fast-growing and dynamic field that offers many opportunities for people passionate about protecting data, systems, and networks from cyber threats.

Whether you are a beginner or an experienced professional, there are always new challenges and skills to learn in this industry. In this article, I will share some advice on how to start and grow your career in information and cyber security, based on my 25+ years of industry experience.

What to look for to get started

If you are interested in starting your career in information and cyber security, recruiters will state ideally, you need to have a strong foundation of knowledge and skills in computers, science, engineering, or mathematics. But this is only sometimes the case. Many security professionals come from non-STEM-based areas, including art, psychology, and history. What matters is a commitment to the profession, constant learning, curiosity, and problem-solving; you can learn security skills.

There are many ways to acquire security skills:

• Take online courses or certifications in information and cyber security topics, such as cryptography, network security, malware analysis, and digital forensics. Many platforms offer free or low-cost courses.
• Read books, blogs, podcasts, and newsletters covering the latest information and cyber security trends and developments. I recommend The Hacker News, Krebs on Security, Dark Reading, and Security Weekly.
• Participate in online communities and forums like Reddit, Stack Exchange, and Discord to interact with other information and cyber security enthusiasts and professionals. You can ask questions, share insights, and learn from others’ experiences and feedback.
• Join or create local or online groups or clubs that organize events, workshops, hackathons, or competitions related to information and cyber security, such as OWASP, Cybersecurity Club, and Capture the Flag. You can network with like-minded people, practice your skills, and showcase your talents.

What to do to progress

Once you have established your basic knowledge and skills in information and cyber security, you must keep improving and expanding them to advance your career. You also need to demonstrate your value and potential to employers and clients. Here are some tips on how to do that:

• Choose a specialisation or niche that suits your interests, strengths, and goals. Information and cyber security are broad and diverse fields encompassing many domains, such as penetration testing, incident response, threat intelligence, security engineering, and security management. You can focus on one or more areas you are passionate about and excel in. "You can find your niche" is something my old teacher always told me.
• Seek mentorship or guidance from someone with more experience and expertise than you in your chosen specialization or niche. You can find mentors through your network, online platforms, or professional associations. A mentor can help you with career planning, skill development, feedback, and opportunities.  As a mentor, I’ve greatly enjoyed giving my time to help develop others.
• Build a portfolio or resume showcasing your projects, achievements, information, and cybersecurity skills. You can use online platforms like GitHub, LinkedIn, and Medium to create and share your work. You can also participate in challenges, contests, or certifications that can validate your skills and credentials, such as Hack the Box, CyberStart, and CompTIA.
• Apply for jobs or gigs that match your qualifications, interests, and aspirations in information and cyber security. You can use online platforms like Indeed, Glassdoor, and Upwork to find and apply for opportunities. You can also network with recruiters, hiring managers, or peers who can refer you to potential employers or clients. With hundreds of thousands of open positions, if you're flexible, it's easier than you think to get your foot in the door.

Advice on learning and keeping up with technology.

Information and cyber security are a constantly evolving and changing field that requires you to stay updated and informed about the latest technologies, threats, and best practices. You must also keep learning new skills and tools to help you perform better and more efficiently. Here is some advice on how to do that:

• Follow the news, information, and cyber security trends, especially in your specialization or niche. You can use online platforms like Google Alerts, Twitter, and RSS to monitor and receive relevant information and updates. You can also subscribe to newsletters, podcasts, or blogs that provide analysis and insights on information and cyber security topics, such as The CyberWire, SANS NewsBites, and Schneier on Security, plus many, many more.
• You can attend webinars, conferences, or events covering information and cyber security topics, such as Black Hat, DEF CON, and RSA Conference. You can learn from experts, discover new technologies, and network with peers and influencers in the industry. It can be expensive to do this but there are often discounts or you could volunteer to assist.
• Enroll in courses, certifications, or programs that can help you learn new or advanced skills and tools in information and cyber security, such as SANS, Offensive Security and EC-Council. You can also use online platforms like YouTube, Pluralsight and Cybrary to access free or low-cost tutorials and videos on information and cybersecurity topics.
• Experiment with new or different technologies, tools, or techniques that can enhance your skills and knowledge in information and cyber security. You can use online platforms like VulnHub, TryHackMe and HackThisSite to practice and test your skills in realistic scenarios and environments. You can also use online platforms like Docker, VirtualBox and Kali Linux to create and run virtual machines and containers that can simulate different systems and networks. It doesn't take a lot of equipment and money to do this.

How to support each other to succeed

Information and cyber security are collaborative and cooperative fields that require you to work with and support others who share your passion and vision. You can benefit from the knowledge, experience, and feedback of others, and you can also contribute to the growth and development of the community and the industry. Here are some ways to do that:

• Join or create online or offline communities or groups related to information and cyber security, such as Meetup, Slack, and Telegram. You can exchange ideas, opinions, and resources with other members and organize or participate in events, activities, or projects that foster learning and collaboration. I've set up multiple groups and forums, and it's enriching.
• Volunteer or donate to organizations or causes that promote or support information and cyber security, such as EFF, HackerOne, and Cybersecurity and Infrastructure Security Agency (CISA). You can use your skills and expertise to help others who need or appreciate your assistance, and you can also raise awareness and advocacy for information and cyber security issues and initiatives. It can be challenging to volunteer for a charity; trust me, I've tried, but it is worthwhile when it happens.
• Mentor or coach someone interested or new in information and cyber security, such as a student, a colleague, or a friend. You can share your knowledge, experience, and advice with them and help them with their goals, challenges, and opportunities. You can also learn from them and their perspectives and feedback. I've found this incredibly useful throughout my career.
• Recognise or appreciate someone who has done something remarkable or admirable in information and cyber security, such as a researcher, developer, leader, or peer. You can express gratitude, admiration, or respect for them and celebrate or highlight their achievements and contributions. You can inspire others to follow their example and pursue their dreams.

Final Thoughts

Information and cyber security are rewarding and fulfilling careers that offer many opportunities and benefits. You can use your passion and skills to protect data, systems, and networks from cyber threats and learn and grow as a professional and a person. You can also support and collaborate with others who share your passion and vision and contribute to the community and the industry. This write-up has provided you with valuable practical advice on starting and growing your information and cyber security career. I wish you all the best and success in your journey.