You’re about to embark on an incredible journey. For many, a position in security is like any other job with the project management, corporate ladder, sales bonuses, politics, management and straight forward objectives. If you are a professional then there will be a good position in a growing field. According to Steve Morgan from Forbes, “the burgeoning cybersecurity market which is expected to grow from $75 billion in 2015 to $170 billion by 2020.” (http://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/#711868717d27) But if you’re a boffin, a hacker, a breaker, a sitting-on-the-dark-side kind of person, you can find thousands of people just like you. Life can be very fun and you’ll get paid a lot of money to have that fun. Here is another good article about life in cyber growth: http://www.wired.co.uk/article/job-security-cybersecurity-alec-ross
It’s important to talk to you briefly about my journey, so you know that you can do this. I’m Craig. I was a little hacker kid when I was a teenager. I liked computers and the people in my school recognised me as the kids with computer skills. I was in line to pursue it, but for whatever reason decided to study finance and philosophy.
After university I travelled the world and work in non-tech industries for almost a decade. It wasn’t until I was 30 that I decided to get back into technology and security. I did not have the time to spend 10 years learning and gaining acceptance to the industry, so I built a plan to fast-track my way through.
I was fortunate enough to attend an master’s program in information security – I’ll talk about other programmes you can take – and then applied into a graduate scheme. As an adult, I was able to easily get accepted to several graduate schemes. I spent a year in the scheme before applying out. A year after applying out of the scheme I joined a cyber security consulting role and now do high-level security consulting with global customers. It’s a 5 year journey to overnight happiness in the industry.
I’ve outlined and distilled the specific tactics and steps I’ve taken to get where I am and I’ve mapped the tactics and steps I need to take to get me where I want to be. I immediately noticed that there are not enough people in this industry and when I ask around, so few people know how to join. The advice from others in the industry is usually unhelpful advice (with notable exceptions, such as this fantastic overview from infosec expert Daniel Messlier). I will do my best to give some of the value Daniel gives.
Who is in cyber security
In the last five years I’ve met hundreds of different types of people throughout the world working in this field. There are teachers, hackers, engineers, sales people, and managers. There are architects, coders, data scientists, and project managers. There are literally all kinds of different, exciting, and unique people working in security.
I think infosec is an exciting career choice. There are puzzles that you have to solve every day, a huge job market, high salaries, room for professional development, and entrepreneurial opportunities. I know a lot of opportunistic security people – they realise there is big money in cyber so they now focus on cyber. (There is also big money for cyber criminals, hence the push for skills on both sides.) Those people will do just fine in the career, because we need smart, hard working people, regardless of their hacker skills. I also know a lot of true hacker-types. These people live and breathe security. They go to conferences, hack on the weekends, or run cyber SOC teams. These people are awesome. They make a lot of money and are very happy with their work.
If you have an interest, we need you. If you have a specific skill and want to learn about security, then we need you. I can help. In this blog, email, and book I will explain the things you’ll need to do, now, to get an entry-level job and start your career.
In order to do that, I need to walk you through what we are going to cover, what this book and blog is going to be about, and specifically what this book and blog is NOT going to be about and plan accordingly, you’ll do just fine.
There are three main sections. First is an introduction to the security career. Then there is a section about education and entry-points. Once you understand what the typical job roles and families are, you can learn about how to educate yourself and attempt to enter this field. Finally, you will learn practical skills for job applications. These are not necessarily cyber security specific, but they might be incredibly useful if you do not have experience getting jobs (or are supremely technical but looking for an operational or business role).
What I am going to do for you
The purpose of this writing is to give you a first-level look at this exciting career and give you some practical advice on how to approach getting your first job. Like many things, this cannot be all things to all people, but if you are new and interested in this industry, this is an excellent place to start.
At first, I am going to write your journey through cyber security. After I’ve written that journey, I will find individual readers to help along their own journey. I will also forward job opportunities as I find them, training courses as I find them, and helpful nuggets of wisdom.
By the end of our journey together, you should know how you would approach starting your career, have a few years of training and development planned out, and know which speciality you’d like to start in and hopefully what your next few jobs would look like once you are in the industry.
A quick point to note, I reckon the hardest part of success in this industry is getting your first job. Once you are in the industry, you are given the opportunity to identify your strengths and weaknesses, grow your skill, and have a long, valuable career. There are just too many job openings and needs, so if you are in, you are in, provided you do the following:
- Keep your word
- Work hard
- Act with integrity
If you do those three things, you will have a long, exciting, and prosperous career.
As I write on the website and send you emails, I ask that you send me questions and comments. Tell me what is working and what is not working. I will respond to you and help you with your problems. I am using this website in three specific ways, and I will explain those now for transparency.
First, I want to help get more people in cyber security. We are outmatched and outgunned and we need as many people as we can get. This website is my attempt to help in that area. Second, I have ambitions in my career that require me to be a trusted source of good information. This website will help me promote my infosec expertise. Third, I want to be financially successful. I recognise that the best for me to be successful is to help others be successful. If this website transforms into something bigger, I will start to offer value in the form of qualifying you and then helping companies recruit you.
How cool would it be to help you get a job in cyber security by teaching you what you need to do, introducing you to a few companies, and then helping make sure you get hired? I’d love that and hope to get you there.
What you won’t get
I’ll do my best to manage your expectations. I am one guy trying to help anyone interested. As I write more I will try to market my message to as many people as possible. Despite that, you won’t get a spammy, affiliate-marketing type of communication.
You also aren’t guaranteed a specific job. I can’t guarantee that, as I don’t know you, your skills, or the location you live.
You aren’t going to get specific training on how to hack. I’m a mediocre hacker – I can script a bit, understand the kill chain, and can pass the CEH, but am rubbish at CTF – so I am not going try and prove my skills to you nor am I going to try and build a hacking training beyond my 101 series.
You won’t get a news site that publishes 5 posts per week. I’m aiming for 52 posts per year – 1 per week. I doubt it’ll happen, as life is busy, so stay active, travel, work, and ask questions.
You won’t get advanced strategies yet. If you already work in cyber security, I’d appreciate if you share my content with people you know who are thinking to join. Until I’ve finished this project – teaching people to get a job in the industry – I won’t talk about what to do once you are here. It’s better that way.
This is going to be fun. If you sign-up for my newsletter I’ll send these directly to your inbox. I’d appreciate it if you shared these messages with your friends IF you find them valuable. I’d also appreciate it if you asked questions and if you answered my questions.
Question #1-5 from me: How old are you? Where do you live? What do you want to do? What have you done to get there? What are you going to do today and tomorrow to get there?