Security
Reader small image

You're reading from  Cybersecurity Career Master Plan

Product typeBook
Published inSep 2021
PublisherPackt
ISBN-139781801073561
Edition1st Edition
Tools
JavaScriptMVCJavaScriptMVC
Concepts
Cybersecurity
Right arrow
Authors (4):
Dr. Gerald Auger
Dr. Gerald Auger
author image
Dr. Gerald Auger

Dr. Gerald Auger has worked within information security since 2006 and holds a PhD in cyber operations. Gerald has helped tens of thousands of aspiring cybersecurity professionals through his "Simply Cyber" YouTube channel and is regularly interviewed for his thoughts on cybersecurity professional development. Gerald is a full-time information security practitioner, adjunct faculty at The Citadel, The Military College of South Carolina; chief content creator for Simply Cyber; and managing director at Coastal Information Security Group.
Read more about Dr. Gerald Auger

Jaclyn “Jax” Scott
Jaclyn “Jax” Scott
author image
Jaclyn “Jax” Scott

Jaclyn "Jax" Scott is a tenured Special Operations Warrant Officer with nearly 18 years of experience working in military cyber, electronic warfare, and intelligence operations. She is the founder and content creator of Beans and Bytes tech blog, co-host of the cybersecurity podcast Hackerz and Haecksen, and the president of Outpost Gray, a cybersecurity consulting firm. Jax is an expert in military cyber policy and has led global development operations in cyber countermeasures to mitigate near-peer attacks. She is currently pursuing her master's in Cyber Intelligence at Georgetown University.
Read more about Jaclyn “Jax” Scott

Jonathan Helmus
Jonathan Helmus
author image
Jonathan Helmus

Jonathan Helmus ("Moos1e") is a penetration tester and professor with over 10 years of experience in engineering, information security, and information technology. Jon resides in a small town right outside Seattle, Washington, where he and his family raise alpacas on their mini farm. Currently, Jon works as a freelance educator teaching topics such as pentesting, red teaming, cloud security, and vulnerability exploitation. He also works as a contract pentester and cloud security professional for clients all around the world.
Read more about Jonathan Helmus

Kim Nguyen
Kim Nguyen
author image
Kim Nguyen

Kim Nguyen is a Software Engineer, with a broad background thanks to her B.S. in business administration and M.S. in computer science. Kim's day-to-day work focuses on software engineering of cloud-based technologies, while continuing her research into cybersecurity on the side. Kim is also an instructor at the City University of Seattle, where she teaches computer science courses. She is an active technical speaker and researcher at cybersecurity and computer science conferences. Kim holds several certificates, including AWS Certified Developer and CompTIA Linux+. Kim is the founder of Passion Sets Success, a platform that helps people identify their passion, to achieve the right career for them.
Read more about Kim Nguyen

View More author details
Right arrow

Understanding the pros and cons of cyber careers

Earlier in this chapter, we discussed how cybersecurity is the hot new career field and that it's not going away anytime soon. Before stepping into any new industry, it's important to know the pros and cons of that industry. This section will explain some of the advantages and disadvantages of the cyber field.

The following are subjective to the business and our professional thoughts. It is best you research and network with others in the industry to obtain a clearer understanding of this career field.

Some advantages of working in cybersecurity are as follows:

  • Flexible hours.
  • Sizeable salaries.
  • Remote work.
  • Culture varies in each workplace.
  • A large diversity of positions and specialties.
  • Recruiters look for you.
  • You can train yourself.

Let's go into detail of each of these in the next sections.

Flexible hours

The cyber industry runs on a 24/7 clock. It never ends, which is wonderful news for those needing to work flexible hours. It also makes entry into the sector a little easier. As you may imagine, typically, the graveyard shifts are less-sought-after hours, meaning, if you have the ability, working a swing shift at night could be your ticket into the industry. Also, depending on the company, they may allow you to work off-hours to accommodate school or other activities as long as you still clock 40 hours. This will always depend on the organization, so make sure you talk with the recruiter on the hours and flexibility.

Great salaries

This career field pays well because of the skills and education required. Depending on your geographic location and company, many entry-level jobs will start between $70-$80. There are a lot of other factors that tie into this salary. A good rule of thumb is coming in with supporting education (either certificates or college) and hands-on experience. Then you can negotiate to a higher position. Education and the hands-on experience will be discussed in Section 3, Now You're in; Time to Level Up!, of this book.

Remote work life

More cybersecurity jobs are moving to remote work environments. This is because the companies see the benefits of saving overhead costs while allowing their employees to control their daily work life. This is not a hard and fast rule. You should verify with the employer whether they are fully remote or whether they provide a hybrid work life.

If you seek to work in an environment that requires a security clearance, you will likely be required to work on-premises 90% of the time. Again, this is something you should discuss with the recruiter to confirm the dynamics of that organization.

Cultures vary

When you have worked in one cybersecurity environment, you have worked in one cybersecurity environment. Many times, merely changing departments, not the company, is all you need. This is a pro because you may land your first job and a few months in realize you don't enjoy the culture. Fear not, you can talk with your current leadership and see about moving into another section.

From my personal experience of moving from one section to another, it was a positive shift for my professional growth. Never feel like you are stuck. If the culture does not fit your personal beliefs and values, know that it's not the same everywhere.

If you can, reach out to others in the organization to get their thoughts on the culture before accepting a job. Ask a lot of questions and if the company doesn't align with your beliefs, move to something else.

Large diversity of positions and specialties

Diversity of careers in cybersecurity is endless. This is very exciting because you can never get bored in this career field. Additionally, you can progress quickly through further education and training. With the appropriate certifications and degrees, you can learn your way out of your old job and into a new position.

Recruiters look for you

Once you have some hands-on experience in this field, pivoting becomes much easier. One reason is because there are more cyber jobs available than qualified candidates. This means the recruiters sometimes contact you for jobs. The best way to put yourself out there is through a proper brand and network. Branding and networking will be discussed later in Section 3, Now You're in; Time to Level Up!, of the book.

You can train yourself

In this career field, you don't need a formal education. The great news is you can train yourself through free online resources and certification. There are a ton of free online resources to help you learn and develop the skills you need to succeed. Take advantage of the free resources before you begin paying 3000-7000$ for a certification.

Now that we have gotten you super excited about all the positive aspects of this career, let's pivot a bit and explain the downsides or cons of this field.

Some disadvantages of working in cybersecurity are as follows:

  • Entry-level has prerequisites.
  • Businesses don't understand cyber yet.
  • Change is rapid and learning never stops.
  • Cybercriminals don't take vacations.
  • This career field requires serious passion.
  • Mental burnout due to high cerebral work.
  • Jack of all trades and master of none.

Let's explain each one.

Entry level has prerequisites

Unlike other positions, where you can start at an entry level with a basic degree and learn everything OJT (On the Job Training), that is not the case within cybersecurity. Even the entry-level SOC (Security Operations Center) analyst positions require a baseline understanding to triage data, research logs, and document reporting. Also, keep in mind this industry isn't the easiest to break into. You may have a college degree in computer science. Still, without hands-on experience, you could get passed up for someone who has no college but a couple certifications and 5-7 years of field experience.

Businesses don't understand cyber yet

Many organizations still think cyber is IT, there to fix their printer. Sometimes the older generation who don't understand the difference between cyber and IT. No thanks to the fantastic hacker TV shows making everyone think if you work in cyber you must be a hackers. Be patient because the change is slow. You must educate others on the difference between cyber and IT.

Change is rapid, and learning never stops

What can drain people in this field is the constant need to be reading and learning because cybercrime never stops. This can be challenging for someone who is initially entering the field in their mid to late 40s. Not only is it medically proven that learning at an older age can be more challenging, but you are learning a new skill while staying ahead of the rapidly changing threat-scape. The best advice here is to eat the cake one bite at a time. Anything is possible, but you must know this field isn't easy at first, but it does get easier.

Cybercriminals don't take vacation

Cybersecurity is rapidly changing. This is because cybercriminals are continuously evolving by updating malware variants and refining their Tactics, Techniques, and Procedures (TTPs), to circumvent security protocols and breach the network. Therefore, cybersecurity professionals are trying to stay one step ahead of the adversary. This is why SOC's run 24/7 and you may find yourself working long hours. We will discuss burnout shortly, but know, in this industry, there will always be work because the cybercriminals will always be attacking you.

This career field requires serious passion

This is a con and not a pro because you will dislike this industry if you do not have passion for your job. The passion drives your desire to learn and it's because of this passion and learning that you will thrive in this industry. If you find yourself in a job with no passion, I encourage you to identify whether this is due to your external environment or possibly the position. Sometimes the passion is lacking because we are not in the right role. We will discuss the different roles available in cybersecurity in Section 2, YOUR Path Into the Industry, of this book. Just know, passion is key to success in field. Without passion, you will be drained and not enjoy your work.

Mental burnout due to high cerebral work

Burnout in this industry is a real thing. Before entering this field, I didn't fully understood burnout. It took me about 4 months of working 80-90 hours a week with no break when I hit a wall and couldn't get out of bed for nearly 2 weeks. The reason, which I now know, was because I was mentally exhausted. I was putting so much strain on my cerebral cortex that my body finally broke down.

Depending on your specialty, you will hear about alert fatigue, which is when you review alerting or other data daily. When you feel like you are done and cannot look at any more data this is when you reach alert fatigue. This is when you stop and move into something else to give your mind a break. This is the same with education, too much education at one time can drain you.

Tip

Make sure to take regular breaks and give back to yourself. Micro breaks during the day are just as important as longer breaks like the weekend.

Jack of all trades and master of none

Within this field, it is easy to do a certification here and there and jump around from one position to another. This is great for learning about new jobs and seeing what fits your personality and character the best. However, it is recommended that eventually you should stay put long enough to become an SME (Subject Matter Expert) in your job. Make sure to take the time to develop 1-2 excellent skills. This could be a coding language, threat hunting, or pen testing. Then you can tie that skill into other aspects of your work. Most skills in this industry will overlap with one another. Don't think because you focus on one thing that if you move to another, you will never use it again.

Ultimately, this is your career and life. Make sure to do your own research and know the organizations before taking a job. Don't be afraid to move around and make changes if you're not happy. There are a lot of companies you can work for and a plethora of career directions you may take.

Previous Page
Chapter 3 of 15, Page 4
Next Page
You have been reading a chapter from
Cybersecurity Career Master Plan
Published in: Sep 2021Publisher: PacktISBN-13: 9781801073561
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (4)

author image
Dr. Gerald Auger

Dr. Gerald Auger has worked within information security since 2006 and holds a PhD in cyber operations. Gerald has helped tens of thousands of aspiring cybersecurity professionals through his "Simply Cyber" YouTube channel and is regularly interviewed for his thoughts on cybersecurity professional development. Gerald is a full-time information security practitioner, adjunct faculty at The Citadel, The Military College of South Carolina; chief content creator for Simply Cyber; and managing director at Coastal Information Security Group.
Read more about Dr. Gerald Auger

author image
Jaclyn “Jax” Scott

Jaclyn "Jax" Scott is a tenured Special Operations Warrant Officer with nearly 18 years of experience working in military cyber, electronic warfare, and intelligence operations. She is the founder and content creator of Beans and Bytes tech blog, co-host of the cybersecurity podcast Hackerz and Haecksen, and the president of Outpost Gray, a cybersecurity consulting firm. Jax is an expert in military cyber policy and has led global development operations in cyber countermeasures to mitigate near-peer attacks. She is currently pursuing her master's in Cyber Intelligence at Georgetown University.
Read more about Jaclyn “Jax” Scott

author image
Jonathan Helmus

Jonathan Helmus ("Moos1e") is a penetration tester and professor with over 10 years of experience in engineering, information security, and information technology. Jon resides in a small town right outside Seattle, Washington, where he and his family raise alpacas on their mini farm. Currently, Jon works as a freelance educator teaching topics such as pentesting, red teaming, cloud security, and vulnerability exploitation. He also works as a contract pentester and cloud security professional for clients all around the world.
Read more about Jonathan Helmus

author image
Kim Nguyen

Kim Nguyen is a Software Engineer, with a broad background thanks to her B.S. in business administration and M.S. in computer science. Kim's day-to-day work focuses on software engineering of cloud-based technologies, while continuing her research into cybersecurity on the side. Kim is also an instructor at the City University of Seattle, where she teaches computer science courses. She is an active technical speaker and researcher at cybersecurity and computer science conferences. Kim holds several certificates, including AWS Certified Developer and CompTIA Linux+. Kim is the founder of Passion Sets Success, a platform that helps people identify their passion, to achieve the right career for them.
Read more about Kim Nguyen

Other recommended products

Related to this chapter

Cybersecurity: The Beginner's Guide

Cybersecurity: The Beginner's Guide

Cybersecurity jobs confines from basic configuration to advanced systems analysis and defense assessment. Cybersecurity: The Beginner's Guide provides thefundamental information you need to understand the basics of the field, identify your place within it, and start your Cybersecurity career.

BookMay 2019396 pages
Digital Forensics and Incident Response

Digital Forensics and Incident Response

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is a must for all organizations. This book offers concrete and detailed guidance on how to conduct the full spectrum of incident response and digital forensic activities.

BookJan 2020448 pages
CISSP (ISC)² Certification Practice Exams and Tests

CISSP (ISC)² Certification Practice Exams and Tests

With over 1000 practice questions, explanations of all 8 domains, and 2 full exams, this book is a fantastic exam prep solution. Take the CISSP exam (version May 2021) confidently with the help of mock questions and detailed solutions and validate your skills with the CISSP (ISC)2 certification.

BookSep 2021396 pages
Information Security Handbook

Information Security Handbook

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book covers the concept of information security, and shows you why it’s important.

BookDec 2017330 pages
Digital Forensics and Incident Response

Digital Forensics and Incident Response

The staggeringly high number of security breaches reported in the last several years stresses the importance of an organization's ability to respond to attacks promptly. With this book, you'll learn forensic techniques and incident response fundamentals to investigate such incidents in your organization.

BookJul 2017324 pages
Cisco Certified CyberOps Associate 200-201 Certification Guide

Cisco Certified CyberOps Associate 200-201 Certification Guide

The Cisco Certified CyberOps Associate 200-201 certification exam helps you gain the skills and knowledge needed to prevent, detect, analyze, and respond to cybersecurity incidents. This book offers complete up-to-date coverage of the 200-201 exam so you can confidently pass first time while getting hands-on cybersecurity experience.

BookJun 2021660 pages
Emotional Intelligence for IT Professionals

Emotional Intelligence for IT Professionals

Do you have a colleague who always seems to be organized, finishes tasks on time, meets every deadline, and that too with a smile on their face? If you ever wanted to become that IT developer/ manager/administrator who is not just a perfect employee, but also has brilliant balance and composure over their emotional intelligence, then this book is for you.

BookSep 2017280 pages
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.

BookSep 2018250 pages
Practical Cyber Intelligence

Practical Cyber Intelligence

Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.

BookMar 2018322 pages
Skill Up: A Software Developer's Guide to Life and Career

Skill Up: A Software Developer's Guide to Life and Career

This book is an all-purpose toolkit for your programming career. It is split up into three main topic areas: Coder Skills, Freelancer Skills, and Career Skills to help you identify and answer the key questions and stumbling blocks that programmers encounter. It is a comprehensive guide containing more than 50 insights and methodologies that you can use to improve the work you produce, your relationships with the people you work with, and your own career.

BookJul 2017302 pages3
Cybersecurity – Attack and Defense Strategies

Cybersecurity – Attack and Defense Strategies

Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book that covers the very latest security threats and defense strategies, updated for 2020.

BookDec 2019634 pages
Incident Response in the Age of Cloud

Incident Response in the Age of Cloud

This book is a comprehensive guide for organizations on how to prepare for cyber-attacks and control cyber threats and network security breaches in a way that decreases damage, recovery time, and costs, facilitating the adaptation of existing strategies to cloud-based environments.

BookFeb 2021622 pages

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages