Introduction
Cybersecurity is still an evolving and maturing field, making it an ideal target for those who are passionate about technology and problem-solving. Whether you’re interested in attacking, defending, or investigating systems, there are key steps you can take to start your career on the right foot. Here are some tips to help you navigate the path to your first technical cybersecurity role.
1. Learn the Fundamentals
Before diving into specialized areas, it’s crucial to have a strong grasp of technology and cybersecurity fundamentals. It’s worth noting that you don’t need to know everything (and you never will!), but getting a solid understanding of things like networking, the basics of operating systems and scripting, and common security threats and controls is crucial. Here’s how to build your foundational knowledge:
- Study Networking Basics: Familiarize yourself with the basics by following an entry-level course and make sure that you put that knowledge to use by building out a home lab to help solidify what you’ve learned.
- Learn About Operating Systems: Gain a thorough understanding of Windows, Linux, and macOS, as these are the primary environments you’ll encounter. Focus on command-line usage and system internals. This will pay dividends later on, especially when it comes to privilege escalation and forensic investigations.
- Security Principles: Understand core security concepts and language that is used such as confidentiality, integrity, and availability (CIA triad), along with encryption, authentication, and access control. It’s really important to be able to communicate effectively with your future peers and also professionals working in other areas.
2. Network Actively
Building connections in the cybersecurity community can open doors to job opportunities and mentorship. Here’s how to start:
- Join Professional Groups or Attend Conferences: Participate in local or online cybersecurity meetups. These offer both networking opportunities and the chance to improve your knowledge and skills.
- Create Content and Engage Online: Actively contributing to projects or creating content is a great way to start giving back to the community and being active on social media platforms can help you grow your network over time.
3. Tailor Your CV
Your CV is often the first impression you make on potential employers. Tailoring it to highlight relevant skills and experiences can significantly increase your chances of landing an interview.
- Focus on Relevant Experience: Emphasize hands-on experience, whether from internships, personal projects, or labs.
- Highlight Certifications: Regardless of how you feel about certifications, they are important when it comes to landing a role, even if it’s just to get to the interview stage.
- Use Keywords: Many companies use applicant tracking systems (ATS) to screen CVs. Incorporate keywords from the job description to ensure your CV passes through these systems.
4. Practice Interview Questions with the Feynman Technique
The Feynman Technique is a method for learning and understanding concepts by teaching them to someone else in simple terms (or if you prefer, you can explain the concept back to yourself). This can be particularly useful for preparing for interviews:
- Break Down Concepts: Take common cybersecurity topics, such as how you would approach a penetration test, or how CSRF attacks work, and explain them as if teaching a beginner.
- Identify Gaps: As you explain, you’ll likely identify areas where your understanding is lacking. Focus your study on these gaps and start the exercise again. This will not just deepen your understanding of the topic, it will also help you be more articulate and accurate when answering questions.
5. Make Practice Fun, and Do It Regularly
Regular practice is essential, but it doesn’t have to be boring. There are many platforms, challenges, and projects to take on these days and enjoyment will only bolster your motivation.
- Capture The Flag (CTF) Competitions: Participate in CTF challenges or sign up to dedicated platforms like HackTheBox and TryHackMe – if you’re unsure of where to start, set yourself the simple goal of completing one easy box per week or participating in one CTF competition per month.
- Building Labs and Running Simulations: Creating your own CTF labs or simulating attacks and defenses in your own environment is one of the best ways to enhance your skills. This approach goes beyond exploiting a single vulnerability; it involves applying comprehensive knowledge in networking, system administration, deployment, configuration, troubleshooting, detection, and scripting. If you’re a regular CTF player, this method can elevate your skills to the next level.
6. Learn Open-Source Tools and Scripting
Proficiency with open-source tools and scripting languages is highly valued in technical cybersecurity roles. Here are some key tools and skills to focus on:
- Open-Source Tools: Familiarze yourself with relevant tools for the role you’re aiming for. For example, if you want to land a job in a SOC then getting hands-on with Splunk or Wazuh is a good starting point.
- Scripting Languages: Learn scripting languages such as Python, Bash, and PowerShell. These are invaluable for automating tasks, writing scripts or understanding and customizing (or fixing!) exploits.
7. Consistency
Consistency is key to building and maintaining your skills. Regular study and practice will ensure you stay sharp and ready for opportunities:
- Daily Practice: If you can, dedicate some time each day to study, practice, or work on projects. Even 30 minutes a day can make a significant difference.
- Set Goals: Set short-term and long-term goals for your learning and career. Track your progress and adjust your plans as needed.
Conclusion
Landing your first job in cybersecurity, especially in technical roles generally requires a combination of knowledge, hands-on skills, and networking. By doing the right things and staying consistent you’ll be well on your way to a successful career in cybersecurity. Stay dedicated, keep learning, and you’ll find the opportunities you’re looking for.
About the Author: Alex Olsen
Alex is a Web Application Security specialist with experience working across multiple sectors, from single-developer applications all the way up to enterprise web apps with tens of millions of users. He enjoys building applications almost as much as breaking them and has spent many years supporting the shift-left movement by teaching developers, infrastructure engineers, architects, and anyone who would listen about cybersecurity.
Alex holds a Master’s Degree in Computing, as well as the PNPT, CEH, and OSCP certifications.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.