We have asked a number of seasoned security professionals this question.
“What one piece of advice would you give to someone considering a career in InfoSec or Cyber Security?”
Barry Coatesworth – CISO at SSE and Advisor to Computing Magazine
It’s misunderstood, sometimes not appreciated but it does make a difference to peoples lives. protecting the most valued commodity into days society, their information. We get to influence and change peoples lives for the better. I use this image sometimes to sum things up
Pankaj Mystry – Founder or GRC Risk and prev Head of Information Security at the Department of Work and Pensions
A career in Information Security can be rewarding, challenging. stimulating and the opportunities for advancement, success and even fame are their for the taking.
However don’t go into this for the monetary reasons, you will eventually lose your mojo/swagger and become bored. Go into this because you want to make a difference whether it is to protect National Infrastructure to keep our water, lights and gas on for our country or help your organisation/bank keep customers/financial data safe in a digital world.
Do it because you see the end result, benefit or outcome of what you do even if you feel far removed from the front line. It can be an invisible job but a vital one.
Peter Bassill – Cyber Security Advisor, Speaker & Penetration Testing Specialist
Learn that failure IS an option, you will do it a lot and it is ok…
Peter also told the following story on Linkedin about two people who approached his company looking for a job…
“Yesterday I have two calls, both seeking the same but done is polar opposites. So, to all of you out there looking to “get into penetration testing”, here is what I had:
Call 1: A call was placed to our sales teams asking for an urgent Cyber Essentials assessment. The caller then went on to try to explain to our sales team that he was excellent at testing and wanted to know how to get into the industry.
Result: The caller annoyed the sales team and after the caller started berating them for not helping and only focusing on their job, the team rightly terminated the call.
Call 2: A young lad, sixth form leaver, really wants to enter the penetration testing world but he is at a loss as to how to do it. From the feel of the call, he conducted the recon phase of the test well, successfully identifying my mobile number and calling it.
Result: I’m taking a couple of hours out of my day next week to meet with the young chap, sit down and go through where he is, what he wants to do and help him with his CV.
The Take Home: If you want to get into this industry, be polite, respectful and most certainly read the recon phase of the Penetration Testing Execution Standard and use it to guide you in how to make that first contact.”
Nigel Wakefield – Security Consultant to HM Gov’t
I would suggest that there are a number of ways to get into Cyber Security
- University Degree – Yes there are now a few universities now which do a degree in Information Security and Cyber Security related activities
- Cyber Apprentice – Both Public and Private sector organisations offer apprenterships, including the big 4 consultancies and major government departments
- On the Job Experience – I would say there are a number of ways into security from developing on the job experience, they can be from a technical perspective and having network / Hands on technical background then progressing into technical security, or even from a more legislative background, for example information law, data protection / GPDR all have security requirements embedded within.
Once you have / are working within a field, I would strongly advise looking into the professional qualification to quantify your knowledge / experience and these come in a few different flavours
CISM – Certified Information Security Management
CISSP – Certified Information Systems Security Professional
CISA – Certified Information Security Auditor
CRISC – Certified in Risk and Information Systems Controi
In addition I would definitely advise also undertaking the ISO27001 Implementor or Auditor Course
The big resourcing needs I would suggest right now within Cyber Security are:
SOC (Security Operation Centre) / Protective Monitoring Staff
There is always a need for more Pen Testers, which are often called Ethical Hackers.
Jim Griffiths – Head of Information Security at Kier Group
I’d say get comfortable being uncomfortable.
We are seeing more and more attacks using previously unknown attack vectors and the Cyber career path is one that will present you with problems and challenges that you can’t necessarily Google an answer for.
For more general advice about creating a CV or Interview tips, please have a look at our Career Centre