This is a reminder I get every day when I interact with people from the cybersecurity fraternity, most of whom say that they landed a career in cybersecurity purely by chance.
I recently made a LinkedIn post asking people to share their stories about how they happened to become cybersecurity professionals. The responses that followed validated the same sentiment mentioned above—a career in cybersecurity is more of a chance than a choice.
People study physics, programming, or become experts in Minecraft before they decide to give cybersecurity a serious thought.
This zeitgeist of accidentally discovering cybersecurity as a career option means that most people don’t consider a cybersecurity job as a viable career choice. And even if they do, it’s only after they cautiously dip their toes in the domain due to some cosmic coincidence.
Honestly, I’m cut from the same cloth. I began my career in cyber as a “curious hacker” in 1994. Back then, the chances of making a career in cybersecurity were either unheard of or very slim.
But I was very fortunate to get my first job as a network and security engineer at AT&T Corp in 1998. As a dreamy-eyed hacker who spent his time tinkering with dial-up connections, I was psyched to take up a job that paid well and allowed me to do what I loved the most.
Twenty-two years later, I’m still very thankful for that serendipitous entry into cybersecurity.
But things have changed and cybersecurity has become an integral part of business operations in today’s hyper-digital world. Today, we need cybersecurity professionals to safeguard us just like we need doctors, nurses, firemen, or teachers to keep our society together.
For more people to join the force, we first need to promote cybersecurity as an attractive career field, offer guidance to aspiring candidates, and bridge the gap between the skilled professionals looking for a lucky break and the companies who need their help.
I wrote this article in an attempt to answer the most common questions that people have about making a career in cybersecurity.
Weighing in on the most common questions
I often interact with tons of people outside of my line of work who have questions about making a career in cybersecurity. Some of the most common questions include:
- Do I need a college degree?
- What kind of specialization options are out there?
- How much will I get paid?
- How can I get started?
Let me unpack each of these questions individually.
Do you need a college degree?
Although most cybersecurity professionals do have some kind of degree, you don’t necessarily need an academic qualification to get started in cybersecurity.
Most cybersecurity experts that I know in my circle are self-taught geniuses who followed their curiosity to develop a knack in this field.
However, a college degree can be helpful. There are tons of college programs that can teach you the fundamentals of IT security, give you the specialization you want, and help you save time and effort in learning new things on your own.
Some colleges—and the faculty—can also help you land a good job in cybersecurity through their academic networks.
There’s a third option, too. If you’re not keen on pursuing a college course but are interested in formally learning the ropes from the experts, you can take up one of the many self-paced cybersecurity online courses or accelerated boot camps at a much cheaper price tag.
You can explore your options through online education platforms such as PluralSight, Cybrary, and PentesterAcademy.
What kind of specializations are available?
Specialization is a rabbit hole topic that we might not be able to cover in detail in this post. In short, cybersecurity is a vast domain and you can go as meta as you want with your specialization.
Here’s a brief overlook of the kind of specializations you can earn if you decide to take a plunge into cybersecurity:
- Penetration testing (or, pentesting)
- Secure Software Development
- Secure DevOps
- IoT (Internet of Things) Security
- Web/Mobile Application security
- System Administrator (or, sysadmin)
- Vulnerability Assessment Analyst
- Incident Response and Digital Forensics Investigator
- Cryptography and Key Management
- Policy Management and Governance
- Security Architecture
With so many options to choose from, you are likely to find a niche that sparks your curiosity. While some specializations pay better than others, you should pick an area of specialization that you think maps closely to your existing skills and what you enjoy.
If you need inspiration from existing IT security pros, here’s a very good list of experts who share their stories on how they got started in cybersecurity.
Personally, I started with network security years ago, gained several strategic skills, and right now I enjoy my time swimming in the wild world of Industrial IoT.
How much will I get paid?
Working in cybersecurity is sometimes a thankless job, but it offers a good opportunity for higher earnings.
Far away from the glamor and spotlight that other career fields like programming or data science get, there is a full-on war for hiring good cyber talent because of the year-on-year spike in cybercrime.
Of course, your pay grade varies depending on the pedigree that you bring to the business table. But in general, a career in cybersecurity pays you better than jobs in other industries.
Other perks include an abundance of remote-based jobs, rising demand for cybersecurity talents (up to 3.5 million cybersecurity by 2021), better job security, a wide variety of self-employment options, and so on.
How can I get started?
Hang out with the folk in the Reddit communities, ask them specific questions, and put on your ethical hacking skills to test—to check if you are really cut out for a long-term commitment in cybersecurity.
If you are already familiar with the field of IT security and want to channel your energy in the right direction while honing your skills, I highly recommend you consider being an InfraGard member.
InfraGard is a non-profit partnership between the Federal Bureau of Investigation (FBI) and members of the private sector—like you and me—to protect America’s security infrastructure and resources against external threats.
I volunteer with InfraGard as a speaker and I can personally vouch that the learning and experience that you can get out of the program will be invaluable for aspiring cybersecurity professionals.
The US government also offers a program called Scholarship for Service designed to recruit and train the next generation of security professionals to meet America’s needs for cybersecurity.
If you successfully enroll in the program, the U.S. government pays your college costs and gives you a stipend to live off of for two years. It’s like enlisting in the Reserve Officers’ Training Corps (ROTC)—but for computer nerds.
Once you graduate, you have to serve in a government agency like NSA or CIA for at least two years. The experience—on top of the college scholarship—will only increase the likelihood of you getting a multitude of job offers once you finish your service.
There are many paths to secure a career in cybersecurity
If you are still on the fence about making a career in cybersecurity, that’s alright. Just talk to your academic advisor, a mentor, or someone in your network who is already working in the field so that they can guide you with the right answers.
If none of these are practical options for you, connect with me on LinkedIn and I’ll try my best to answer your queries.
All the best on your quest to make a career in cybersecurity. I’ll see you on the other side!
About The Author
Viral Trivedi is the Chief Business & Solutions Officer at Ampcus Cyber Inc—a pure-play cybersecurity service company based out of Chantilly, Virginia. As a CBO at Ampcus Cyber, Viral overlooks the go-to-market Strategy, channel partner programs, strategic accounts, and customer relationship management.