Cybersecurity is a red-hot field right now, there are so many resources and activities you can leverage to make the jump into the cybersecurity field.

I admit, it took me about four years to get my foot in the door. There were not as many resources available then as there are now. I truly believe anyone can make the switch in 12 months with some hard work and effort.

Step 1: Look at Job Postings

I highly recommend identifying the cybersecurity job you want. There are so many roles within the field. Some roles are better suited and more interesting to your preferences. If you have no basis for the type of job you want, how can you prepare for it? Learn about the different roles and try to work out which will suit you and lend themselves to talents you already have.

Go to Indeed, Monster and USAJobs and start doing searches. Make a list of the jobs that sound interesting to you. Also note the skills listed for which you lack — these skills will be part of your development plan. If, a job posting requires a certification such as US DoDD 8570.1, go investigate the requirements for obtaining that certification. The US DoDD 8570.1 has a list of specific certifications you can obtain to comply. I obtained the CompTIA A+ CE certification because it met the DoDD 8570.1 for my current role and it was the easiest to earn.

Also note if the skill is a required skill or if it is a desirable skill. The required skills will be your highest priority. Keep a tally of how many times a specific skill is listed as required and desirable. This will help you prioritize.

Step 2: Build Your Training Plan

Now that you know what your job wants, it is time to start building skills you can include in your resume.

Prioritize your list. Put all the skills that were listed as required in one group and those listed as desired in another group. If a skill was listed as required once and listed as desired a dozen times, it will go into the required skills.

Order the required skills by the number of times it was listed as required. For example,

  • Linux (7)
  • Windows (6)
  • RedHat (5)

If there is a tie, use the number of times a skill is listed as desired as the tie breaker. For example,

  • RedHat (5, 4)
  • Ubuntu (5,3)

RedHat wins because it had 4 desired counts and Ubuntu only had 3.

Do the same process for the desired skills.

Plan to address one desired skill after completing three to four required skills. The desired skills will give you and an advantage over other applicants.

Step 3: Find Resources

You will need resources to help you check off those skills in your plan.

If one of your required list items is to get a certification, see if there are online training programs and practice questions. I used the CertMasters program because it had an online training program and it included a voucher for the A+ exam.

Take online training classes. Cybrary has numerous free courses. It has courses on topics and for certain certifications. Find a mentor or ask your current employer if there are resources you can use. Ask the #infosec community on Twitter if they know of any specialist resources related to your chosen field.

Step 4: Get Hands on Experience

Experience is king. Having a certification without experience is less credible. Don’t get me wrong, the certification is important. It is more important to be able to say something like, “I have hardened a Linux server” versus saying, “I have read all the procedures for hardening a Linux server.” Having done something has more value than having read about it.

In the example of hardening the Linux server, the documentation seems straight forward enough. But you may not realize that some settings conflict just from reading. You may miss that some settings are not permanent without some additional actions taken.

Trying to harden a Linux server will expose you to issues. If you take the time to solve those issues, it will show a prospective employer you can solve problems. It will also teach you to plan to roadblocks and how to troubleshoot. You cannot get this knowledge without doing.

But how do I get experience without having a job? Get hands on experience on your own.

There are many ways to get experience.

Get Linux hardening experience by installing CentOS Linux on a PC or virtual machine and follow the RedHat Security Technical Implementation Guide (STIG).

Get penetration testing experience by watching YouTube videos about Kali Linux. Ask your manager or a connection at work if there are cybersecurity tasks that you can help with.

Get creative. I had started working a side job as a web developer. When I found rogue code, I suggested to the owner that it would be wise to do a cybersecurity assessment. This and the remediation was valid experience I spoke about in my interview for my current position.

Step 5: Start Applying to Jobs

After you have a few required skills under your belt and you have started building some experience, it is time to start applying. It may take weeks to months to get an interview — so you will want to continue to get more skills and experience. If you continue to improve you will be an even better candidate than when you apply.

When you interview, be confident.

If you don’t know something, admit it. If it’s on your training plan, mention it. If it’s not, say you will add it to your training plan.

If they ask about a skill you are in the process of completing, say you are in the process of building that skill.

Be passionate about cybersecurity and your willingness to learn and you’ll do great.

Even if you don’t get the job, you may have learned about new skills to add to your training plan — it was still a worthwhile effort.

Image by Ryan Prudhomme
This article was originally published on Medium.

A Note from the Author

Wishing you success on starting your new cybersecurity career!

Join the “Black Hat Chronicles” fan group to get updates on my writings, short stories, and upcoming novel. Visit https://goo.gl/forms/mtdRcj3vDJF3qkGo1 to join.

Stay secure,
Miguel

References