Entry To Cyber Blueprint
Getting into Cybersecurity can be a challenge so we have created this blueprint to help bolster the efforts of the aspiring cybersecurity professional and ultimately help them get into the cybersecurity industry. This blueprint has been broken down into the following phases;
- Investigate – Investigate the roles within the industry
- Planning – Building a plan to achieve your goals
- Studying – Ensure your studies align to your goals
- Building Your Network – Gain visibility and insights by building your network
- Finding Resources – Locating resources to aid studying
Cybersecurity is a massive field with lots of different facets, from GRC to IoT Penetration testing the number of roles and career paths are mind-boggling. There are roles that are more competitive than others which may make it difficult to get a foot in the door in that particular area, an alternative route may be advisable.
With all this said, finding your passion will help you align your studies, your job-hunting efforts, your courses, and certifications which will ultimately make the challenge of finding a role less abrasive.
To help demonstrate the sheer size of the industry the below link will show you a list of different roles within the industy, this highlights the many different routes one can pursue.
50 titles job seekers should know about: here
How To investigate
In order begin your research into the many different roles you will need to know where to look.
Use Job Boards and Websites
Using job boards and websites will allow you to understand what the role entails, and the potential requirements needed for the role.
The information found can be useful when planning your studies because you can quickly get an idea of what knowledge and skills are required for these roles and with that you can adjust your roadmap to the findings.
Thousands and thousands of professionals use LinkedIn, I recommend reaching out to some of them to find out how they have got into the industry and to get their advice on what to look for, this can be especially powerful when engaging with people in your desired role.
You will soon find there is a lot of conflicting information, people enter the industry through various routes so not everything is not one size fits all, find what works for you.
Many social media sites have groups dedicated to cybersecurity, these are great places to understand the industry and get an insight into what is required.
A bonus is the ability to network with industry professionals and increase your network.
Another great tip is to join security forums this will allow you to connect and engage with industry professionals and seek advice.
Assess Your Current Situation
Current level – Are you new to information technology? What are your weaknesses? Are you familiar with the requirements for the field?
Timeframe – Is your timeframe to get into the industry a realistic one, trying to rush into the industry can cause stress and strain on yourself, it is wise to give your self a good amount of time to ensure you cover good ground and prepare as much as possible
Goalsetting– Are your short, medium, and long term goals achievable? What we mean by this, are you trying to become a cybersecurity professional next week with zero knowledge, chance are there is a more achievable step in the right direction.
The desired position – Have you established your desired position in cybersecurity? If you have then we recommend looking at the requirements of these roles and adding them to your plan
Building Your Roadmap
When you want to travel somewhere you plan a suitable route to get to your destination, you factor in different roads and adjust accordingly to obstacles, the same can be said in relation to building your roadmap. You may ask, why is this important? having a roadmap helps you keep on track and prevent being side tracked which is a trap which is easy to fall into.
Once you have identified your desired position build a plan to help you get there, wether that be setting timeframes to studying particular topics or allot different periods of time to developing a skillset.
Here is a useful article about creating a study plan: here
Studying is a very important part of developing as a professional, it helps you stay current as well as becoming a more confident professional. Having the knowledge and the understanding of the different facets of a particular role will enable to articulate your thoughts better and provide a better service, be sure to get a firm grasp of the concepts within the content that you are studying.
Build Your Foundation
“When a foundation is poorly constructed, it can post a serious risk to the structure”
- Networking technologies
- Network Security
- Information security
- Linux administration
- Windows administration
- System troubleshooting
- Knowledge of regulations that may impact cybersecurity
- Knowledge of different frameworks businesses may use
OverTheWire – CLI familiarisation training.
BlueTeamOnline – Blue team focused practical training/challenges.
HackTheBox – Penetration testing labs.
TryHackMe – Practical cybersecurity learning platform.
ImmersiveLabs – Practical Cybersecurity Learning.
RangeForce – Practical Cybersecurity learning
Building Your Network
Arguably one of the most important parts of any job-seeking efforts is building your network within the desired industry, this allows you to engage and connect with other professionals as well as making yourself visible to hiring managers.
Commonly people apply for roles through job websites, this can be detrimental to your efforts as well as discouraging when faced with the barrage of rejection and ghosting.
Interestingly a survey was conducted which concluded that in 2016 85% of roles were filled via networking, whether this holds true today is another question, however commonly most roles in cybersecurity are found via networking, this is from personal experience and from discussions with others.
1. Ensure you include as much relevant information on your profile; skills, experience, certifications, and courses.
Once you have planned your roadmap, you know what you want to do, the next best thing is to look for resources surrounding your desired area, this in itself can be an arduous task. The list below will give you a good starting point to help you find resources.
There are many online course providers that cover Cybersecurity topics as well as producing courses addressing certifications, it is recommended to look at the reviews and prices of each platform before making a commitment. Discounts are available on many of these websites.
Udemy – Platform of user created courses
Cybrary – Platform of various IT & Cybersecurity courses
Linkedin Learning – Platform of various courses
PluralSight – Platform of various IT & Cybersecurity courses
ITProvTV – Platform of various IT & Cybersecurity courses
PortSwigger – Web application academy
OverTheWire – Linux CLI and Security concept training
TryHackMe – Cyber Security Training
HackTheBox – Pentesting training
BlueTeamLabsOnline – Blue team practical training
Virtual Hacking Labs – Pentesting courses and practical training
RangeForce – Hands on cybersecurity training
At a high level, GitHub is a website and cloud-based service that helps developers store and manage their code, as well as track and control changes to their code. Over the years GitHub has changed rapidly and is now being used to host blogs, write ups, and resources, because of this Github is a valuable resource to dig into when looking for content related to your area of study. Below is a list to get you started.
Podcasts are a series of an audio programme that addresses a certain topic from DFIR to security news, it is safe to say there are podcasts for everyone. The benefit of podcasts is you are able to listen to other professional’s experiences as well as discover other resources that they recommend. below is a list of podcasts to get you started.
A very under utilised source of resources, there are videos and channels covering almost every topic, many have used Youtube as their primary resource when completing certifications.
Simply Cyber – Collection of security videos and advice.
Jeremy’s IT Lab – Networking Videos (CCNA)
Keith Barker – Networking videos and study group (CCNA)
Professor Messer – CompTIA Trifecta videos (A/Net/Sec+)
FreeCodeCamp – Large collection of Programming videos.
Programming with Mosh – Collection of programming videos.
David Bombal – Collection of various security videos.
HackerSploit – Pentesting videos.
Null Byte – Various Pentesting videos.
Digital Forensics and Incident response
SANS DFIR – Collection of DFIR Videos.