Cyber Security professionals in the UK and across the world are in high demand and will likely to remain in demand for many years to come, so cybersecurity is an excellent career choice, whether you are a student or you are looking to take your career in a new direction. It is, however, a career where experience is king, to gain the right experience to progress your career you will need a career plan, a willingness to continually learn, an ability to pass exams and plenty of patience. Also, a thick skin and good people influence skills certainly helps, as sometimes the advice and direction you provide to the business, is not always what people want to hear and listen to.
Cybersecurity offers a wide field of different disciplines, from highly technical ethical hackers and IT forensic experts to a less technical auditor and management roles, you need to decide what role you ultimately would enjoy to do and build a career path to gain the right type of experience and security qualifications to achieve it. You should look to specialise in one or areas of cybersecurity early on, even if your final objective is to be a 'jack of all trades' in cybersecurity. For example, if your target is to be an ethical hacker, the first target becoming an expert in network security, that could land you a job at penetration testing company in a network vulnerability scanning role, which in turns builds your experience and hopefully results in your employers developing your application security expertise. This will opens the door to gain the right experience and knowledge to achieve an ethical hacker certification and ethical hacker role.
Learning and Certifications
Most employers seeking cybersecurity professionals regard the (ISC)2 Certified Information Systems Security Professional (CISSP) certification is the industry benchmark requirement as a Cyber / Information Security professional, so often state the CISSP certification as a requirement or a desire in security job descriptions. However, CISSP is not the easiest of certifications to achieve, hence its value. Firstly you need 5 years information security in job role experience, or 4 years if you have a cyber / information security related degree. Secondly, the exam is notoriously difficult to pass, as the six-hour CISSP exam covers the entire information security subject matter; risk management, security engineering, security operations, network security, testing, and software development. So you may be a guru at network security, but you'll need to know about areas outside that expertise, such as legal and regulatory security issues.
Alternatively, the Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM) is held in high regard in the industry, but like the CISSP also requires 5 years information security work experience, and depending on your experience, may not be easiest of exams to pass.
Wait until you have built up the required experience before attempting these exams and it goes without saying studying hard, especially on your weak areas of knowledge.
|(ISC)2 - Certified Information Security Professional https://www.isc2.org|
|Provides a raft of free educational resources and accredits a number of security industry's most highly respected information security professional certifications, including the CISSP.|
|A nonprofit organisation, ISACA engages in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems. Anyone can signup for ISACA membership, membership gives access to local "chapters" where you live, allowing you to attend educational meetups and network with fellow security professionals. ISACA are also responsible for accrediting the Certified Information Security Manager (CISM), like the CISSP, the CISM is held in high regard as an information security professional and management certification.|
|A global organisation which owns and develops the Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs.|
Fortunately there many ways to expand your cybersecurity knowledge, of course, there are plenty of books to read, however, attend cybersecurity webinars and conferences, subscribe to security-related Podcasts and read security articles and blogs, all of which are typically free.
|A long-running cyber and information security-themed podcast hosted by Steve Gibson, which covers everything security, from the latest issues facing the industry to recapping on the fundamentals, all explained using simple terms.|
You need to be in a role that helps to expand your security knowledge, a role where you aren't just racking up experience but where you are actively learning as you work, so push your boss for more security responsibilities and come out of your comfort zone. You need to be at a company that encourages and assists you in developing your information security career, so a company that regularly sends you on security courses and pays for those exams. If you are not at a career supportive company or even in a security, role, seek to expand your security knowledge outside of work, then try for roles within a more career supportive departments or at other companies. In job interviews don't be afraid to tell the interviewers your career objectives and to ask them how they would support you in reaching them, the prospective employer should be encouraged by this line of questioning and attitude, as it benefits their business, if their responses are negative, leave the interview! You do not want to work for any company or boss that doesn't appreciate the importance of good cybersecurity.