How I Found Out What I Wanted to do in Cybersecurity

December 15, 2020 | 8 Minute Read

Cybersecurity is a field that the exponential expansion of the internet has created a booming job market. As services, events, tools, and jobs migrate to the internet to become more efficient and connected, the ability to protect those things also grows in importance. Despite the umbrella term “cybersecurity” there are many parts or domains that make up the field.

Cyber Domains Diagram

If you were like me, you had no idea where exactly you wanted to be and even less of an idea of what all the options were. However, I did know I was excited, and I wanted to be in the field. Over the last year with some research and the help of some newfound friends I was able to find resources to learn about the world of cybersecurity. And I want to share those tips and tools with other people who are new to the field like I was.

Background

In my senior year of college, I took a course called “Cryptography & Network Security” because I heard it taught people to be “hackers”. I was introduced to networking, cryptography, tools of the trade, and network/system attacks, and how to defend/mitigate them. I was entranced with the topics, and this sparked my passion for cybersecurity. Not only was this the only cybersecurity course, but it was also only a semester, and I graduated soon after. Which meant if I wanted to learn more and eventually get into cybersecurity, I had to do so on my own.

Which I quickly realized was not as easy as I thought. There are hundreds of unique disciplines, job titles, and skillsets needed in cybersecurity. While of course titles like Penetration Tester, Offensive Security Specialist, and Security Analyst all sounded interesting, I had no idea what they did and how to start. But with some research and guidance, I was able to build my skills, learn about different occupations and job opportunities, and continue to pursue this field I was so passionate about. Now, I hope to share what I have discovered with someone who is also starting this journey.

Social Media

There’s a saying that “It’s not what you know. It’s who you know”, and when I started this journey, I did not know anyone. But with social media apps, it has never been easier to find people of similar interests. My main apps for finding people in cybersecurity were Twitter and LinkedIn.

I made a Twitter account dedicated to learning about and finding other people interesting in cybersecurity/tech (My account is @NateRobertsTech if you want to give it a follow). This is a great first step because on Twitter you can search and follow people that are working in the positions that you are interested in. You can also find communities of others interested in a specific topic by following hashtags like #InfoSec, #DevSecOps, #Cybersecurity, and many others. Following these hashtags are also great for staying up to date with the most recent news and trends in those subjects.

LinkedIn is another great site to connect with people in the field that you are looking to enter. Many people post their resumes, experience, and current pursuits on their feeds. This helped me learn about their education/training, their job descriptions/duties, and skills/abilities used in their positions. LinkedIn also has a jobs tab that can help find jobs that you might be interested in based on skills that you have. LinkedIn also has groups like the Cyber Security Forum Initiative (CSFI), Information Security Network, and the Information Security Community which members can join. These groups are ways to learn about topics, find opportunities, and network with other professionals in the field.

The most vital aspect of any social media that you decide to use is being active. Do not be afraid to share your experience, struggles, advice, and most importantly your questions. Actively posting helps people learn more about you, attracts people to your account, and helps build relationships. Once I was able to forge those relationships it was easier for me to message people individually and get a wealth of knowledge.

Conference/Webinar Videos

One of the more recent things I have done to learn about the cybersecurity field has been watching prerecorded conferences and attending virtual webinars. These video options are normally security experts speaking on a subject they specialize in. This can be the best way to get insight into any domain or position that you are interested in.

Many annual conferences such as DEFCON and Black Hat post their old conference speeches on YouTube. These speakers range in expertise from physical security to policy, from offense to defense, and from government agencies to basement hobbyists. All the speeches are broken down into different domains that the conference calls villages. Each speaker brings their own experiences and passion to their talks and there is always something interesting to watch.

You can watch years of DEFCON speeches HERE, including speeches from this year’s virtual conference due to the pandemic. Also, you can watch previous Black Hat speakers HERE.

Webinars are also a great way to hear from industry and government professionals about their journey, daily workloads, and opinions on current events. There are plenty of places you can find these webinars, but my personal favorites are the InfoSec YouTube channel and the SANS Institute website. InfoSec helps people advance their careers, find resources, and raise security awareness.

They also have a weekly podcast with amazing experts in cybersecurity called the Cyber Work Podcast. You can check that out HERE. Similarly, the SANS institute website allows you to sign up for free, which gives you access to their webinars and daily newsletter. The newsletter will let you know about all the planned webinars, current events, and other resources available to your account. And these newsletters are customizable to the areas/topics you are interested in. You can access the SANS website HERE and register.

Capture the Flag (CTF)

How do you know what skills you need for a position? And once you do know, how do you practice them? One of the easiest and most hands-on ways to build cybersecurity skills is participating in Capture the Flag (CTF) events. CTFs are competitions where students can learn or practice their cybersecurity skills. I learned skills and tools like cryptography, scanning, command line, Metasploit, Burp Suite, and many others through CTFs.

There are many CTFs to choose from like DEFCON CTF, PicoCTF, and TryHackMe. TryHackMe.com is a great place to learn new skills as a beginner. Once registered for an account, users can go to different “rooms”. These rooms are places on the site where you can participate in self-paced activities that are based on different subjects, skills, or tools used in cybersecurity. Many of them have been completed and have write-ups where people give step by step instructions on how to complete them. Also, there are videos like the ones John Hammond posts on YouTube that are walkthroughs on how to complete them.

Both write-ups and walkthroughs are great ways that I have been using to complete CTF challenges and learn key security skills. If you are interested in either TryHackMe or John Hammond you can click those hyperlinks.

After completing some CTF, you can start putting together which skills and tools you find the most interesting and use those to find jobs that use them. This way you are preparing for future opportunities as well as finding the necessary skills.

Conclusion

Despite starting the year with basically nothing except motivation and passion, I have found a path that both utilizes my skills and excites me! But it is just the beginning. Using the resources that I found, and others have shown me has given me the ability to narrow my job search and start working in cybersecurity. There is something for everyone in cybersecurity, you just need to know where to start.

I appreciate you spending time giving this a read. And I hope you learned something! If you have any questions, comments, or concerns feel free to leave them below, the contact page, or find me on Twitter. Thanks!