What is the most important thing for starting your cybersecurity career?

18.06.2019 by

It’s not the letters after your name.

It’s not the number of courses you’ve taken.

Some of the best hackers in the world haven’t seen a classroom since kindergarten.

It’s only about the skills you gain and how you use them.

One of the biggest problems in cyber security is that we are not attracting candidates with the right skills into the market because we are not efficient at delivering training to people in a way that retains and encourages skills growth. A system of continuous learning and thirst for knowledge are needed but for the most to be made of these things rapid access to updated information is required.

We often hear that the cyber security job market is growing strongly — which is true — but this statement makes it sound like it’s a bonanza and anyone can just walk in and be instantly successful.

Reality is much harsher, requires persistence and a thick skin.

Cyber security jobs, especially the most desired ones, are highly qualified and you will only get one if you have the right skills and connections which can take years to develop or grow. There are however still numerous jobs that require cyber security skills such as within internal security teams and as security analysts. The job market will often take a candidate with exposure to cyber security topics over one who doesn’t simply because businesses suffer the costs of such attacks.

The industry is constantly changing, with new skill requirements coming up all the time, AI and machine learning being amongst the latest next generation technologies and are able to thwart a growing number of cyber attacks. Is learning neural networks and Machine Learning the best direction for you to enter the jobs market in cyber security? Unlikely, these are much more specialist subjects that would require some time to master and might not be needed for day to day businesses.

So what skills do you need?

  • Curation – On the most base, foundation level, you need to know how to discern relevant from irrelevant skills. There is no point for you to dive deep into COBOL if you want to better understand web application security.
  • Contextualisation – One level up, you need to know the context each skill stands in relation to another. For example, in cyber security there is no point for you to learn advanced programming concepts if you don’t know basic system administration tasks.
  • Acquisition Methodology – One further level up, once you have selected the correct skills, you need to have a good method of learning the new skills quickly.
  • Individual Skills – And on the highest level, is the skill itself – the ability to ingest the information and apply it. For example, hacking into a mail server. There are specific steps to it that you simply need to learn and, most importantly, retain and vary.

What this graphic implies, though, is that you have to acquire all these skills from the ground up, we would disagree. You can have someone do Curation and Contextualisation for you. In fact, this is the best way to learn. You have to specialise, and while it’s important to understand where a specific job skill sits and what it’s building on, you don’t have to have read everything since the Old Testament to be able to apply it. It’s enough to be aware of the foundation and core concepts.

And this is what we at Hacker House do — we help you curate and contextualise by selecting the most relevant skills for your career and putting it in context with other important skills.

We have not yet done much on the third rung (Acquisition Methodology), but we plan to.

And on the highest level, we have created Hands-on Hacking, our foundation course. Future courses are being actively developed and piloted!

Take as many courses as you want or can afford. There’s a lot on offer out there. But whatever courses you do, please focus on acquiring applicable skills over conceptual things and purely academic theories. And look for courses that tell you why you need a particular skill, and place the skill into context towards others. How will these skills benefit you and what do you hope to achieve from them? Hacker House courses are aimed for information security practitioners.

Results matter most. A seasoned technical director will be much more impressed in you can hack into a company network than if you have read two yards’ worth of books.

Happy Hacking, Jennifer

Watch the video below where I rant about the Cyber security skills gap (direct link here)