How to jumpstart your cybersecurity career

If you are like me, you have spent the past years studying cybersecurity (or a related field) and are now wondering how to transition from an enthusiast into a full-blown professional. In this post I will give you some useful tips and tricks on how to get started in the real world of cyber.

Allow me first to introduce myself. My name is Yael Ball, 29 years-old, Cybersecurity Consultant trainee at Toreon. Aside from being a techie, I spend my free time running after three rumbunctious boys, making sure they are not breaking down our home down—or each other. I also love music, shopping, and of course, good food!

After graduating with honors from an intensive Cybersecurity Certification Program I was eager to start my career in the field. Since I’m still entry-level, I realized I had to do more than just write a CV and show up for interviews. Outlined below are the steps to success.

The ever-evolving field of cybersecurity means you should never stop learning. Start by working out what your interests are: Is it Application Security? Network and Infrastructure Security? Penetration Testing? Incident Response? Or GRC or DevSecOps or maybe something else?

Once you know where your passion lies, make sure you have a basic knowledge of all fields but specialize in one or two. There are many free and paid resources on the Internet you can use to further develop your skills and knowledge.

Some free and low-cost options include:

• Port Swigger Academy
• Hack the Box
• Offensive Security Metasploit Course
• Udemy
• Cybrary

At Toreon, I am encouraged to learn new things every day. As a trainee, I received a tailor-made syllabus, focusing on the skills and knowledge I will need to develop to further as a pentester and consultant. My time is divided between customer projects and self-study. It’s an amazing opportunity to get started in the real-world, while still having ample time to develop myself.

All employees at Toreon, not only trainees, receive a generous yearly training budget, which they can use to take courses, learning materials and certification exams.

In this skills-based field, having relevant certificates is super-important. For those who are still looking to break into the field, it shows potential employees what skill level you have. But even for those of us already working it’s a great way to really showcase what you can do and let’s face it: a LinkedIn profile looks so much better if you have letters after your name!

Here are some of the valuable certifications in the field:

• Network+ and Security+ by CompTIA
• OSCP ((Offensive Security Certified Pentester) by Offensive Security) and the other Offensive Security Certifications
• CISSP (Certified Information Systems Security Professional) by (ICS)²
• CISA (Certified Information Systems Auditor) by ISACA
• Vendor specific certifications, such as Microsoft Azure certifications, Cisco’s CCNA etc.

This is by no means a complete list. Choose to get yourself certified in areas that will take you to the next level in the cybersecurity subfield where you want to go.

Personally, I am a penetration tester at heart (and luckily) also in practice. Together with Steven Wierckx, my team manager, we mapped out a Personal Development Plan. We concluded that the best next step forward was for me to earn the OSCP certification. I am thrilled about this challenge!

Anyone who wants to get into the field should have something tangible to show for themselves. Learning a scripting language? Write a tool. Learning how to use a Kali tool? Think about how you can make a (legal!) implementation and write a Proof of Concept. All this will set up your portfolio.

If you are a coder at heart, consider using Github to store and share your projects.

When I was looking for a job, I created my portfolio, which included a DoS attack on an Apache Service, how I hacked an Android device using Metasploitable, a Python password breaking tool and some other projects which I had worked on as a student.

Tailor your portfolio to your interests and passions so a potential employer can see through the projects who you really are, what you stand for, and of course, what your skills are.

This last point is close to my heart. The field of cybersecurity is growing so fast leaving millions of open positions worldwide. Still, getting into the field is not as easy as you would expect. Why? Many companies only want to take employees with relevant experience. Many entry-level job openings are asking for 2, 3 or 5 years (!) of relevant experience!

Look for a company that is realistic about the job market. One willing to take smart, talented and passionate people who are excited about the field and willing to invest in them.

Toreon is a great example of such a company. They regularly post openings for entry-level positions where recent graduates of security-related studies can apply. A traineeship is a six-month program to ease you into the workforce. As a trainee you will be part of the team, just like everyone else, while still having time to ease into the role and responsibilities.

Wishing you all much success in your journey ahead!