Growing up, I loved cheesy hacker movies like Hackers and War Games. I thought all hackers were crazy smart, crazy technical people working on super secret projects. I didn’t realize ‘hacker’ was a job title, and definitely never realized that cybersecurity was a career option. In fact, I studied Economics and Political Science in college, and it took me several years after that to figure out that I was (somewhat) qualified to work in security (mostly based on spending all my free time trying to figure out how things worked). When I started working in cybersecurity full-time, I assumed that everyone else was one of those crazy smart, crazy technical, super secret people and they hadn’t yet realized that I didn’t fit in. One year later, I’ve realized that isn’t true. There are definitely some crazy smart, super secret people, but even they’re human.
Here’s the other 10 things I wished I’d known before I started.
- You don’t need a degree to be successful. Many of the most successful people in this field, don’t have degrees in Computer Science or Cybersecurity (in fact, a lot of them don’t have degrees at all). What matters (and what good companies will hire for) is your curiosity, passion, and enthusiasm for the field and your ability to learn.
- A lot of [expensive] security certifications are meaningless (though not all of them! There’s a blog here with a few suggestions as to which are which.). Passing a multiple choice test doesn’t mean you can do the job, and isn’t nearly as helpful to potential employers [or people you want to impress] as being able to do really cool stuff.
- No one knows everything. One year in, I still feel like I know nothing. However, I’ve realized that’s true for a lot of other people too. Cybersecurity is a HUGE field, comprising many different specialties (from forensics to threat intelligence to pen testing). You don’t need to (and honestly you can’t) understand everything.
- It isn’t all about your technical abilities. Because so much of the job entails convincing users, management, developers, and others why security is important and educating them on how they can participate, soft skills are key. You can have the best security tool in the world, but if no one uses it, it doesn’t matter. If people see the security team as a roadblock to their productivity, and they circumvent you, you won’t be able to secure your network.
- You can never stop learning. The field is changing constantly and in order to keep up, you need to have a deep passion for the work that you do. Everyone has side projects they’re working on, books they’re reading, anything to ensure that they stay up to date. So, create a GitHub repo, write a blog, join a Capture the Flag team, go to meetups, anything. Just get involved.
- Get on Twitter. It seems as though 90% of the information security community is on Twitter, and being part of that conversation is important. It’s an opportunity to connect with people across the industry in a variety of jobs and experience levels, to keep up with news, and to share frustrations. Plus, Twitter is fun.
- There’s a LOT of politics. At the end of the day, security enables a business to continue to operate. It is not the primary function of the business. This means that you’ll often have to continually work to convince users, management, and others across an organization to work with you and to understand that security is important.
- Google is your best friend. Not knowing something isn’t a deal breaker, as long as you know where to find the information. Let Me Google That For You (LMGTFY) is the most useful tool you’ll ever find. You’ll be surprised at how often people have the same problems you do (no matter how esoteric they might seem).
- Find an escape. Security can suck you in (and with the constant focus on learning, it can easily bleed into all parts of your life). That kind of all-consuming job can suck you in and cause burn out. Make sure that you have hobbies or interests outside security. Personally, I like meditating, rock climbing, and scuba diving. Figure out what works for you.
- Relax and enjoy it. For all the stress it causes me (and it causes a lot), I’m genuinely excited to go to work most days and I know very, very few people who can say that.