Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Cybersecurity Career Master Plan

You're reading from  Cybersecurity Career Master Plan

Product type Book
Published in Sep 2021
Publisher Packt
ISBN-13 9781801073561
Pages 280 pages
Edition 1st Edition
Languages
Concepts
Authors (4):
Dr. Gerald Auger Dr. Gerald Auger
Profile icon Dr. Gerald Auger
LinkedIn
Dr. Gerald Auger has worked within information security since 2006 and holds a PhD in cyber operations. Gerald has helped tens of thousands of aspiring cybersecurity professionals through his "Simply Cyber" YouTube channel and is regularly interviewed for his thoughts on cybersecurity professional development. Gerald is a full-time information security practitioner, adjunct faculty at The Citadel, The Military College of South Carolina; chief content creator for Simply Cyber; and managing director at Coastal Information Security Group.
See other products by Dr. Gerald Auger
Jaclyn “Jax” Scott Jaclyn “Jax” Scott
Profile icon Jaclyn “Jax” Scott
LinkedIn
Jaclyn "Jax" Scott is a tenured Special Operations Warrant Officer with nearly 18 years of experience working in military cyber, electronic warfare, and intelligence operations. She is the founder and content creator of Beans and Bytes tech blog, co-host of the cybersecurity podcast Hackerz and Haecksen, and the president of Outpost Gray, a cybersecurity consulting firm. Jax is an expert in military cyber policy and has led global development operations in cyber countermeasures to mitigate near-peer attacks. She is currently pursuing her master's in Cyber Intelligence at Georgetown University.
See other products by Jaclyn “Jax” Scott
Jonathan Helmus Jonathan Helmus
Profile icon Jonathan Helmus
LinkedIn
Jonathan Helmus ("Moos1e") is a penetration tester and professor with over 10 years of experience in engineering, information security, and information technology. Jon resides in a small town right outside Seattle, Washington, where he and his family raise alpacas on their mini farm. Currently, Jon works as a freelance educator teaching topics such as pentesting, red teaming, cloud security, and vulnerability exploitation. He also works as a contract pentester and cloud security professional for clients all around the world.
See other products by Jonathan Helmus
Kim Nguyen Kim Nguyen
Profile icon Kim Nguyen
LinkedIn
Kim Nguyen is a Software Engineer, with a broad background thanks to her B.S. in business administration and M.S. in computer science. Kim's day-to-day work focuses on software engineering of cloud-based technologies, while continuing her research into cybersecurity on the side. Kim is also an instructor at the City University of Seattle, where she teaches computer science courses. She is an active technical speaker and researcher at cybersecurity and computer science conferences. Kim holds several certificates, including AWS Certified Developer and CompTIA Linux+. Kim is the founder of Passion Sets Success, a platform that helps people identify their passion, to achieve the right career for them.
See other products by Kim Nguyen
View More author details

Table of Contents (15) Chapters

Preface 1. Section 1: Getting Started with Cybersecurity
2. Chapter 1: New Career in Cyber… "Who Dis?" 3. Chapter 2: Which Career Field Is Best for You? 4. Section 2: Your Path into the Industry
5. Chapter 3: Different Strokes for Different Folks 6. Chapter 4: Exploring Certifications and College 7. Chapter 5: Getting Hands-On Experience with No Experience 8. Chapter 6: Time to Brand Yourself – Not the Burning Type 9. Chapter 7: How to Land a Jay-Oh-Bee! 10. Section 3: Now You're in; Time to Level Up!
11. Chapter 8: Giving Back to Others and Yourself 12. Chapter 9: Trusting the Process 13. Assessments 14. Other Books You May Enjoy

Chapter 4: Exploring Certifications and College

Skillsets often apply directly to a few different things. One of those is skillsets that you gain from on-the-job training, or mainly being in the field and gaining experience while you're in the thick of it. However, that doesn't always get to be the case for everyone, especially someone outside of cybersecurity trying to get into cybersecurity. Individuals looking to get into cybersecurity often look to college degrees and certifications to help build their skillsets and help them stand out among other aspiring (or even current) cybersecurity professionals.

This chapter is going to cover various certifications that aspiring cybersecurity professionals can achieve to help them get the job they are looking for. Additionally, these certifications are great for road mapping a plan to a particular career that an individual may want to pursue.

In this chapter, we're going to cover the following main topics:

  • General...

General security certifications

The title may be a little off-putting; however, general security certifications entail undergoing training and proving that a certified person understands a broad range of topics as they relate to cybersecurity. This by no means illustrates that the certified person is a subject matter expert; rather, they have become a master of none but knowledgeable of their craft.

Important note

As you move through your career, don't expect to master every subject. Technology and cybersecurity move so quickly that it is virtually impossible to master a subject. However, this does not mean that you will not be regarded as a subject matter expert or someone who is highly knowledgeable within your focused domain.

When starting out in information technology or cybersecurity, it is highly recommended that you look to general certifications to help guide you on your path to your dream career. That being said, you may be thinking, "Why would you go...

Hacking the planet – diving into the big red certifications

Red certifications are something that has become quite popular in recent years. Red certifications essentially involve any certification that revolves around offensive security, which can include terms such as the following:

  • Pentesting
  • Red teaming
  • Exploit development
  • Application security
  • Purple teaming (yes, even a different color!)

What do these mean, and why is it essential that you understand what certifications are right for you? That question can be answered by illustrating the issues that can come from taking on too many certifications – yes, this is a thing!

Offensive security certifications, by design, either teach you the fundamentals of offensive tactics or can elaborate and go extremely advanced and require you to take hands-on exams that can last days or even weeks on occasion! That's why it's best to understand what type of certifications best fit the...

Alert! Checking out blue teaming certifications

Before we dive into the certifications, let's quickly mention what blue teaming is. As mentioned in the previous section, red teaming is comprised of individuals who hack systems to illustrate the organizational impact based on vulnerabilities discovered and exploited in the target system. With that in mind, blue teaming can be thought of as the exact opposite.

Blue teaming consists of a team, and a department, of professionals who monitor the security of the systems they work for. This means consistently looking for alerts and determining alerts as incidents, false positives, or false negatives.

Sometimes you may hear these words and phrases used with blue teaming:

  • Incident response
  • Computer Incident Response Team (CIRT)
  • Operation la Operations (SOC)
  • Threat hunting

One of the interesting hot topics coming up with blue teaming is threat hunting. Threat hunting consists of a company employed to go...

Checking the box – auditing certifications

This section, and the one following it, will be smaller than the ones on other certification paths (within this book and in general). However, that should not make you think that there is less significance in auditing within cybersecurity. Auditing is a process that ensures that companies are maintaining the minimum technical, operational, administrative, and ethical levels needed to operate a business or corporation. Commonly known as checking the box, auditing is a process that typically requires a specialist or analyst to analyze and evaluate a company against a predetermined checklist.

Let's take a good look at what is one of the most popular certifications within the auditing arena.

Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) is an industry-standard certification for becoming a top-caliber security auditor. The CISA is provided by ISACA, a global association with an...

GRC/management certifications

GRC stands for governance, risk management, and compliance – a practice where professionals focus on what is needed to ensure that compliance and risk management are executed successfully. In addition to GRC, management plays a key role in ensuring that risk is mitigated correctly and effectively. Those looking to have a career in management or GRC must understand that this is one of the fewer hands-on careers in cybersecurity and focuses more on strategy and compliance.

While many general cybersecurity degrees focus on compliance and high-level cybersecurity, such as governing and managing risk, it is important to note that there are certifications out there that help with this as well. The next three certifications on our list of certifications will help you with your career in GRC and cybersecurity management.

CompTIA Project+

The CompTIA Project+ certification is a certification that will help those looking to understand how to make...

College of knowledge – discovering the benefits of a cyber degree

One of the most controversial things you will ever hear about cybersecurity is whether you should or should not get a degree in some type of technology-related program. You may be asking yourself, Should I get a degree or should I pursue certifications if I already have a non-technical degree? A lot of the discussion revolves around the statement "You do not have to have a degree to be in cybersecurity," which is 100% true, but also not 100% true. What we are really trying to say is that studies show that degrees may not be the guarantee to get you into cybersecurity; however, they do provide you with a better pay scale and job promotions when it comes to timelines. In fact, studies show that entry-level cyber positions typically pay anywhere from 10% to 15% more if you have a degree. On top of that, many jobs in cybersecurity require a higher-level degree such as a master's, or for dedicated research...

Summary

As you can see, there are so many ways to get into cybersecurity and even more different domains on how to get into cybersecurity. You must take the information discussed in this chapter and link it to your own timeline on what certifications you want to get, what type of career you want in cybersecurity, and how you want to apply that knowledge.

To recap this chapter, you should now understand the following:

  • The various cybersecurity certifications
  • That different degrees build different skillsets
  • The importance of building home labs
  • The importance of networking with others
  • Understanding that continuous learning is part of the cybersecurity journey

In the next chapter, we are going to be diving into how you can get hands-on experience without actually having to be on the job.

Further reading

Refer to the following links for more information on the topics covered in this chapter:

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 15
Next Chapter arrow right
You have been reading a chapter from
Cybersecurity Career Master Plan
Published in: Sep 2021 Publisher: Packt ISBN-13: 9781801073561
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime}

Authors (4)

Left arrow icon
Profile icon Dr. Gerald Auger
LinkedIn
Dr. Gerald Auger has worked within information security since 2006 and holds a PhD in cyber operations. Gerald has helped tens of thousands of aspiring cybersecurity professionals through his "Simply Cyber" YouTube channel and is regularly interviewed for his thoughts on cybersecurity professional development. Gerald is a full-time information security practitioner, adjunct faculty at The Citadel, The Military College of South Carolina; chief content creator for Simply Cyber; and managing director at Coastal Information Security Group.
See other products by Dr. Gerald Auger
Profile icon Jaclyn “Jax” Scott
LinkedIn
Jaclyn "Jax" Scott is a tenured Special Operations Warrant Officer with nearly 18 years of experience working in military cyber, electronic warfare, and intelligence operations. She is the founder and content creator of Beans and Bytes tech blog, co-host of the cybersecurity podcast Hackerz and Haecksen, and the president of Outpost Gray, a cybersecurity consulting firm. Jax is an expert in military cyber policy and has led global development operations in cyber countermeasures to mitigate near-peer attacks. She is currently pursuing her master's in Cyber Intelligence at Georgetown University.
Read more
See other products by Jaclyn “Jax” Scott
Profile icon Jonathan Helmus
LinkedIn
Jonathan Helmus ("Moos1e") is a penetration tester and professor with over 10 years of experience in engineering, information security, and information technology. Jon resides in a small town right outside Seattle, Washington, where he and his family raise alpacas on their mini farm. Currently, Jon works as a freelance educator teaching topics such as pentesting, red teaming, cloud security, and vulnerability exploitation. He also works as a contract pentester and cloud security professional for clients all around the world.
See other products by Jonathan Helmus
Profile icon Kim Nguyen
LinkedIn
Kim Nguyen is a Software Engineer, with a broad background thanks to her B.S. in business administration and M.S. in computer science. Kim's day-to-day work focuses on software engineering of cloud-based technologies, while continuing her research into cybersecurity on the side. Kim is also an instructor at the City University of Seattle, where she teaches computer science courses. She is an active technical speaker and researcher at cybersecurity and computer science conferences. Kim holds several certificates, including AWS Certified Developer and CompTIA Linux+. Kim is the founder of Passion Sets Success, a platform that helps people identify their passion, to achieve the right career for them.
Read more
See other products by Kim Nguyen
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
Cybersecurity: The Beginner's Guide
Cybersecurity: The Beginner's Guide
Cybersecurity jobs confines from basic configuration to advanced systems analysis and defense assessment. Cybersecurity: The Beginner's Guide provides thefundamental information you need to understand the basics of the field, identify your place within it, and start your Cybersecurity career.
May 2019 13 hours 12 minutes
Digital Forensics and Incident Response
Digital Forensics and Incident Response
An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is a must for all organizations. This book offers concrete and detailed guidance on how to conduct the full spectrum of incident response and digital forensic activities.
Jan 2020 14 hours 56 minutes
CISSP (ISC)² Certification Practice Exams and Tests
CISSP (ISC)² Certification Practice Exams and Tests
With over 1000 practice questions, explanations of all 8 domains, and 2 full exams, this book is a fantastic exam prep solution. Take the CISSP exam (version May 2021) confidently with the help of mock questions and detailed solutions and validate your skills with the CISSP (ISC)2 certification.
Sep 2021 13 hours 12 minutes
Information Security Handbook
Information Security Handbook
Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book covers the concept of information security, and shows you why it’s important.
Dec 2017 11 hours 0 minutes
Digital Forensics and Incident Response
Digital Forensics and Incident Response
The staggeringly high number of security breaches reported in the last several years stresses the importance of an organization's ability to respond to attacks promptly. With this book, you'll learn forensic techniques and incident response fundamentals to investigate such incidents in your organization.
Jul 2017 10 hours 48 minutes
Cisco Certified CyberOps Associate 200-201 Certification Guide
Cisco Certified CyberOps Associate 200-201 Certification Guide
The Cisco Certified CyberOps Associate 200-201 certification exam helps you gain the skills and knowledge needed to prevent, detect, analyze, and respond to cybersecurity incidents. This book offers complete up-to-date coverage of the 200-201 exam so you can confidently pass first time while getting hands-on cybersecurity experience.
Jun 2021 22 hours 0 minutes
Emotional Intelligence for IT Professionals
Emotional Intelligence for IT Professionals
Do you have a colleague who always seems to be organized, finishes tasks on time, meets every deadline, and that too with a smile on their face? If you ever wanted to become that IT developer/ manager/administrator who is not just a perfect employee, but also has brilliant balance and composure over their emotional intelligence, then this book is for you.
Sep 2017 9 hours 20 minutes
Hands-On Bug Hunting for Penetration Testers
Hands-On Bug Hunting for Penetration Testers
Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.
Sep 2018 8 hours 20 minutes
Practical Cyber Intelligence
Practical Cyber Intelligence
Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.
Mar 2018 10 hours 44 minutes
Skill Up: A Software Developer's Guide to Life and Career
Skill Up: A Software Developer's Guide to Life and Career
This book is an all-purpose toolkit for your programming career. It is split up into three main topic areas: Coder Skills, Freelancer Skills, and Career Skills to help you identify and answer the key questions and stumbling blocks that programmers encounter. It is a comprehensive guide containing more than 50 insights and methodologies that you can use to improve the work you produce, your relationships with the people you work with, and your own career.
Jul 2017 10 hours 4 minutes
Cybersecurity – Attack and Defense Strategies
Cybersecurity – Attack and Defense Strategies
Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book that covers the very latest security threats and defense strategies, updated for 2020.
Dec 2019 21 hours 8 minutes
Incident Response in the Age of Cloud
Incident Response in the Age of Cloud
This book is a comprehensive guide for organizations on how to prepare for cyber-attacks and control cyber threats and network security breaches in a way that decreases damage, recovery time, and costs, facilitating the adaptation of existing strategies to cloud-based environments.
Feb 2021 20 hours 44 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Attacking and Exploiting Modern Web Applications
Attacking and Exploiting Modern Web Applications
Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.
Aug 2023 11 hours 16 minutes
Automotive Cybersecurity Engineering Handbook
Automotive Cybersecurity Engineering Handbook
This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.
Oct 2023 13 hours 4 minutes
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.
Aug 2023 16 hours 32 minutes
Cloud Penetration Testing for Red Teamers
Cloud Penetration Testing for Red Teamers
The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.
Nov 2023 9 hours 56 minutes
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.
Sep 2023 10 hours 32 minutes
Burp Suite Cookbook
Burp Suite Cookbook
Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.
Oct 2023 15 hours 0 minutes
Building and Automating Penetration Testing Labs in the Cloud
Building and Automating Penetration Testing Labs in the Cloud
This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.
Oct 2023 18 hours 44 minutes
Ethical Hacking Workshop
Ethical Hacking Workshop
As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.
Oct 2023 7 hours 20 minutes
Windows Forensics Analyst Field Guide
Windows Forensics Analyst Field Guide
This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.
Oct 2023 10 hours 36 minutes
Implementing DevSecOps Practices
Implementing DevSecOps Practices
This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.
Dec 2023 8 hours 36 minutes
Right arrow icon