Both of those security career paths have different focuses, and Cisco offers courses that will start you off on either one. In a casual yet super-informative webinar session about building a career in this fulfilling field, host Tom Gilheany, Cisco Portfolio Manager of Security Training and Certifications, brought together four cybersecurity pros from diverse backgrounds. The panelists shared real-world advice on breaking into, and getting ahead in cybersecurity—even if your hands-on experience exists only on your wish list.
Following is a sample of the excellent advice, tips, experiences, and wisdom that the panel shared. Don’t miss checking out the recording of this important ”Panel on Job Success” podcast in its entirety for first-rate career insights.
Meet the Panelists!
Katherine McNamara. Cybersecurity blogger at network-node.com, Katherine is a cybersecurity systems engineer and a designer as well as co-sponsor of the major meetup study group, RouterGods.
Tammy Nguyen. Manager of the Cisco Security Incident Response Team, Tammy is also an active member of Cisco Women in Cybersecurity.
Jenny Guay. Jenny works as an information security analyst in a security operations center (SOC). Her fast-track career was recently highlighted in a Learning@Cisco story and also in an interview on our Facebook site.
Craig Williams. Craig is a cybersecurity researcher; he’s the Director of Talos Outreach at Cisco and a Cisco Live Distinguished Speaker.
“Build the Castle” or “Guard the Castle?”
“I try to break things down,” Tom says. “There are managers and architects designing the systems, setting them up, and figuring out where you put security control points and so forth. I call that ‘Building the Castle’—designing, structuring, and putting defenses in place.
“Then we have operations specialists responding to events as they occur. That’s ‘Guarding the Castle.’ What happens if something ‘goes bump’? Managers deal with budgets and legal regulations, but they have to be technical enough to understand needs and issues.”
What with all kinds of mobile devices and servers, security comprises 33 specialty areas and 52 work roles—all with both junior and senior levels. “There’s a need to finely slice activities,” Tom observes. “There are 1,007 tasks and four general areas: management, architects, engineer & technician, and operations.”
“What does success look like?”
Katherine says, “I find out a client’s needs—every company has a pain point they’re trying to solve, or a regulation to meet. A lot of my job is listening and trying to craft a solution.”
As for Jenny, “The best days are when I get a really challenging log request that bounces off a lot of tools—or a bunch of those happening at once. It can get hairy, but it’s still a lot of fun working as a group.”
Tammy says, “I enjoy working for an incident response team. When we have a big incident or case, everyone pitches in and works on it—100 people with different responsibilities! It’s fast-paced and exciting, but everyone stays calm.”
Craig says, “We have all kinds of people at Talos: technical editors, graphic artists, bloggers, and a website. People may be self-taught in a garage or have a Ph.D. in astrophysics.”
“What makes you successful from a job perspective?”
Katherine explains: “I was dirt poor, working minimum wage jobs and house-crashing. I got the opportunity to do an admin help desk role. I worked a second job at night as a security guard. Get into the mindset that studying is required—like brushing your teeth.”
Jenny adds, “Studying for the certification test gave me so much knowledge that I had that little edge I needed to get in the door on my first job. You have to be curious if you want to break into cybersecurity.”
“If you could talk to your past self, what sort of advice would you give?”
Tammy replies, “I wish I didn’t worry so much about being an expert in everything I was working on. I know what I know and what I have to learn next—but I don’t have to know a thousand things.”
Craig adds, “I came out of college thinking I would be a hardcore developer writing code all day long. If I ever thought I would get makeup put on me and go on TV to talk about malware, I would have said it would never happen!”
“What keeps you up at night?”
Craig answers, “Continued escalation of cyberthreats like NotPetya. That means bad behavior is going to spread. That’s not great news—but is great news career-wise. It’s definitely job security if you’re in cybersecurity.”
Tom says, “People get excited about the ‘hack of the day’ in the headlines. But it makes more sense to learn the core skills and get the education and knowledge that allow you to deal with the hacks of tomorrow.”
“What if you can’t answer ‘yes’ to every item in a hiring wish list?”
Jenny: “Get certified, and whoever sees your resume will realize that you have a hunger for learning. And that can balance out the hands-on experience you don’t have.”
Katherine advises, “You can make up the 50 percent you’re lacking by showing a willingness and a passion to learn.”
Craig adds, “What games do you play?’ Because if you’re into strategy or puzzle games, you just might make a great malware hunter!”
If you’re interested in getting ahead in cybersecurity, don’t miss this panel talk!
Tune into the recorded session of the podcast on our CCNA Security Training Videos page (look for “Panel on Job Success”), and explore whether you’d rather build or guard the castle. You’ll discover how these successful pros got a foot in the door, how others are getting hired onto their teams, and what companies are looking for.
The panelists also shared creative ways and sites that let you get hands-on skills if you’re not in the industry—real labs with real equipment and playgrounds that you can access 24/7.
“All in all,” says Tom. “Be flexible and comfortable with change. Always be evolving, and watch for opportunities to pick up new skills.”
Here are some other sites to check out:
Overview of all of security training and certification options.
Enter to win a CCNA Cyber Ops e-learning course!