For those that want to explore a career in cybersecurity, we first want to say, “Welcome, we need the help!” A job in cybersecurity is dedicated to a mission to protect. At the same time, it is very rewarding—both in knowing that what you do makes a difference and, frankly, unmatched job security. The cybersecurity field has many more positions available than qualified candidates.
In the CISO Desk Reference Guide: Develop Your Cybersecurity Career Path, we’ll show you how to break into cybersecurity at any level. Whether you are just starting and are looking for an entry-level position or want to translate many years of experience to the right level, this book will help. We start at the beginning of your journey and help you determine if this is the right field for you. Then we give you the tools to conduct a self-assessment to see how you stack up to the requirements of the field. After the self-assessment, we transition to your human network, the job search itself, and then guide you through the transition into your cybersecurity career.
The order of the essays within each chapter follows the arc of the authors’ differing backgrounds and perspectives. Gary Hayslip’s essays lead off each chapter and provide a high-level view reflecting his background as a technologist, cyber-warrior, and now a Chief Information Security Officer (CISO). He shares what he has learned, having built teams and programs, developed staff, mentored colleagues, and worked with the greater cybersecurity community. Christophe Foulon’s essays come next, and his perspective on providing services to customers, as well as the self-taught knowledge he acquired, includes insight from the trenches. Finally, Renee Small’s essays finish each chapter. Her experience as both a cybersecurity professional and a recruiter provides the reader with the inside scoop on navigating the daunting world of screening and interviewing.
At times we’re going to recommend that you print out your résumé and mark it up or get out a piece of paper or a notebook and roll up your sleeves. This is an action-oriented book. There are 60 key points and recommended next steps. While there is no requirement to follow every recommendation at the end of every chapter, if you are wondering “now what,” we’ve got you covered. There is nothing passive about cybersecurity. It is a full-contact team sport.
A career in cybersecurity is both demanding and rewarding. We welcome you on your journey and are excited to share what we have learned so you can join the team all the sooner.
In the pages that follow, we’ll show you how to break into cybersecurity at any level. Whether you are just starting out and are looking for an entry-level position or want to translate many years of experience to a job in cybersecurity at the right level, this book will help.
Each chapter consists of five parts. First, there is an introduction that sets up the topic for that chapter. Then each of the three authors provides their unique perspectives on the subject. Each chapter concludes with key points and actions.
Chapter 1: Is a Career in Cybersecurity for You?
In this first chapter, we discuss our viewpoints about working in cybersecurity and try to provide you with the essential information you need to answer the question of whether working in cybersecurity is for you or not. All three of us come from amazingly diverse backgrounds and found our way into this career field by following different paths. However, as you read this chapter, you will note there are core principles that all three of us agree on about working in cybersecurity.
Chapter 2: Where to Begin?
We describe our own experiences and methodologies to begin planning our careers and selecting a particular work domain. The first step looks daunting, but once you start walking down your path, you won’t even remember how worried you were.
Chapter 3: Taking Inventory
This chapter is about getting to know yourself and being comfortable with the fact that you have much work to do to establish a career in cybersecurity. That’s ok! We have all been there, and the essays that follow will show you that there are many resources available to get you started and processes you can use to document and focus on a specific career goal.
Chapter 4: Soft Skills
This chapter provides the viewpoints of three different cybersecurity professionals with extensive experience in working with both small and large teams and cutting-edge technologies. Notice how each of us views soft skills a bit differently and highlights different ones. This difference is significant because specific soft skills may be needed when you are entry-level, but as you travel down your career path and accept new roles and responsibilities, you will find that new soft skills will be required. The one central point we want you to take from this chapter is that continuously nurturing your soft skills is just as crucial for your career as being a lifelong technical learner.
Chapter 5: Your Network and the Cyber Community
Your network is more than just friends or followers you have on social media. Your network, as an example, should contain people you work with (peers in your field) and people you admire who could be possible mentors. It can also include friends, people from church, people who like the same hobbies as you; basically, it should be diverse. These should be people you have something in common with, and it helps if they like you. The focus of this chapter and our discussions is how to begin the process of bulding a network that works for you.
Chapter 6: Social Media
Social media plays a crucial role in connecting people from all over the world. Consumers use it to develop and nurture relationships, share updates, stay connected and stay informed. Corporations also use it as a significant resource to access influencers, customers, partners, journalists, and potential recruits. In addition, social media provides organizations with a way to gather intelligence about how their products are used and perceived, what competitors are doing with their products, and provide a channel for direct customer feedback. However, when it comes to advancing their careers, people often do not consider that social media can be incredibly helpful.
You will use social media throughout your career. Initially, focus on building a profile that informs hiring managers about your career goals, skills, and work experience. Then, as you become more comfortable with social promotion, you’ll transition to publicly establishing your expertise. Eventually, you’ll employ techniques that set you apart from the crowd and allow you to develop a persistent presence in the job market.
Chapter 7: Building Your Cyber Résumé
“Most illustrious Lord” is how Leonardo da Vinci began what is widely believed to be the first résumé. He then went on to refer to other artisans who might be competing for the same position as having produced somewhat commonplace outcomes. After these two elements, which are thankfully no longer in vogue, he moved on to what could be considered one of the most effective ways to target a résumé. He listed eleven specific things he could do that were directly relevant to the position he sought. In the following three essays, Gary, Chris, and Renee will provide their thoughts on résumé writing. You’ll notice, as Renee makes clear, that the more things have changed, the more they remain the same.
Chapter 8: Searching for a Cybersecurity Job
The job search outcome is more often determined by the strategy used than the effort put forth. In this chapter, we provide various techniques for your job search that align with the phase of your cybersecurity career. Your experience, whether you are transitioning and where you are in your career development, are all factors that should inform how you go about your search.
As you read the three essays, you’ll spot reflections of yourself in all three. Combining these techniques into a unified toolkit and then using the best tools for you at whatever your career stage gives you a competitive advantage in your hunt.
Chapter 9: The Cybersecurity Job Interview
This chapter focuses on preparing you for that interview and provides information on the different types of interviews you may encounter in your cybersecurity job search. Throughout our careers in cybersecurity, the one constant we’ve seen regarding job interviews is that every interview has been different. And because each company approaches how they hire differently, we decided to focus on steps you can use to conduct your research for the interview. Doing this research will help reduce your nervousness, and hopefully, you will be more professional and at ease answering their questions.
Chapter 10: Recruiters and How to Use Them in Your Job Search
We use the term “recruiter” as a catchall for an entire field. As you’ll see in the essays that follow, it’s critical to know the role and motivations of the person you are working with when trying to land an interview with a hiring manager.
As you read each essay, you’ll see recruiters described from slightly different angles. But, putting all three together, you’ll come away with a complete understanding of the people who are the gatekeepers, or gateways, to your dream job.
Chapter 11: Working in Cybersecurity
Getting your first job in cybersecurity is not the finish line, it’s the starting line. In this chapter, we will discuss some strategies for staying at the top of your game and preparing you for a successful career in the cybersecurity industry.
That all starts with assessing where you are now and where you want to go. You might have performed a similar analysis in an earlier chapter, but by now you have a lot more insights into your new role and all that you have yet to learn.
Map out your career and what you might need to do to get there. Continuous education and certifications are some of the ways that many cybersecurity professionals continue to advance their careers. It provides them with new challenges, and they learn new things and stay up with the evolving industry.