Welcome to Hacking into Cybersecurity, an all-new series dedicated to helping you get a leg up on the competition when trying to break into the cybersecurity field. This series will consist of bi-weekly blog posts and a monthly video lesson. The blogs will introduce you to some techniques you can use to help to land a security position, as well as cover some concepts that anyone considering joining the career field should know about. The videos will help further expand on one of the topics covered in the blog posts. This is the first installment of the series: How Certifications Can Help You Land a Position.
We Cannot Stop the Bleeding
Make no mistake about it, we are fighting a war. And losing. Every day the bad guys get just a little stronger, adding more and more people and crafting more and more attacks the security industry simply cannot keep up with. You may be asking yourself, “Who are these ‘bad guys,’ and why should I care?” To put it bluntly, there is always someone who wants your or your organization’s data:
- Nation-state actors: These are individuals who work for their government, and they are usually the most elite hackers. They are charged with creating a disruption or compromising target governments or organizations to gain access to valuable data, usually in the form of some intelligence.
- Cyber criminal organizations: These organizations are mostly focused on one thing: making money. These groups are typically comprised of decent hackers looking to steal data and sell it on the “cyber black market” — which, by the way, is estimated to be more lucrative now than the international drug black market. This could range from credit card information to the information needed to steal identities to a company’s proprietary data.
- Hacktivists: These hackers usually target some organization due to some political reason. Regardless of your industry, I can guarantee there is someone railing against it.
- Script kiddies: These are low-level wannabe hackers that usually pick some organization they’re familiar with to try out some attack they found.
As you can see, regardless of your organization, there’s going to be some threat of it being attacked.
Did you know that by 2025, experts estimate only half of the cybersecurity positions at many organizations will be filled? (GASP!) Many organizations have problems now finding the cybersecurity talent they need. But why? The biggest reason hiring managers give for the lack of talent is that organizations do not have a verifiable way to gauge a candidate’s ability to be successful in the career field. Of course, cybersecurity is not the right field for everyone: You have to be technically sound, understand the impacts of risks to the organization, be able to develop mitigation strategies centered around those risks, and have thick skin, because I guarantee some implemented risk mitigation will force someone else to change the way they do their job (and people do not like change). So, how can hiring managers be sure the candidate they’re considering is a fit for the job?
How Hiring Managers Find the Best Candidates for a Cybersecurity Position
Enter certifications. There are a plethora of certifications today. I am sure if you have done any kind of job searching, you have seen the certification list desired for these positions. Hiring managers use these certifications as a method of identifying who is capable of:
a) doing the work, or
b) displaying an aptitude to learn the work required for the position.
These certifications give you a credential many employers want you to have, and some organizations go so far as actually requiring them.
Which Certification Is Right for You?
“That’s an excellent question, Justin,” you’re probably thinking. “I’m glad you brought it up.” Well, thank you — and the answer is: It depends. To answer this, you have to think about where you are in your career and where you want to go. Each certification has a different “agenda,” if you will. For those trying to enter the security career field coming from another field within IT, I definitely recommend Security+ (check it out here). For individuals coming from outside the IT industry, I recommend Network+ in addition to Security+. These certifications, as I mentioned, demonstrate that you know the basics and have the aptitude to learn the job. Of course, with either of those, you are not going to immediately step into a senior role making six-figure salaries, but it’ll give you a roadmap to get there. For those already in security roles who are early- to mid-career looking to take the next step, I recommend the Certified Ethical Hacker (CEH) or CompTIA’s new Pentest+. For those looking to step into leadership or managerial roles, the CISSP is a great place to start!
- Is Information Security the Right Profession for Me?
- Top Cloud Platforms, Information Technology Skills, Job Opportunities & Salary Ranges
- Information Security Compliance – What is it and how does it affect my organization?