My Cybersecurity Journey
Originally published in (ISC)² blogs. You can check the original post here — JOURNEY INTO CYBERSECURITY — CONVERSATIONS WITH CYBER NEWCOMERS, PART 1.
I am sharing it here for a wider reach.
I found my first position at a college placement fair. I began working as a software engineer building a digital security platform. My main role was to design the backend for secure authentication and authorisation for mobile apps. It was more of a software developer job, but I had to learn a lot about security concepts to be able to design and develop systems.
While working as a software engineer, I cleared GSEC and became an Associate of (ISC)². My first security role is the one I hold now, Senior Cyber Security Specialist at Cyble, a dark web monitoring and cybercrime mitigation company based in Atlanta. I had about two and half years of experience as a software engineer when I started my first cybersecurity job. I found this job through LinkedIn and my first job and certifications helped me land it. In my current role, I have the opportunity to work in all the security domains like Risk Management, Network Security, Secure Software Development, Software Testing, User Awareness, etc. I read about these domains when I was preparing for my CISSP exam, but this role allows me to implement the concepts in real-life and in a challenging environment.
My advice to someone starting in cyber is to begin as a generalist, don’t start with a trending niche. Learn the basics of everything under cybersecurity purview, find your interest and then become a specialist. Don’t study for the certification just to pass the exam, understand the concepts. Remember certificates get you an interview, a deep understanding of foundation, passion and willingness to learn get you the job. Connect with people who are already in the field, people are willing to help you to get ahead in your career. Just connect with them and politely ask them for guidance. Do not be scared of a title. If you want to reach out to a CISO, just reach out. If you want to talk to a VP, just reach out. Don’t be afraid to reach out to people, and more importantly, do not be afraid of applying for that job whose qualification criteria you do not match, just apply.
I was cautious of job descriptions when I first started looking for cyber positions. I did not apply to roles just because I did not check all the boxes. No one can check all the boxes. The recruiters are understanding enough even if you do not meet one or two requirements. As per my experience, what they are looking for is someone with a strong understanding of basics, a passion for security and a willingness to be a lifelong learner.
