If you’re looking to venture into the IT career as a cyber security expert, just like any other industry, you need to have a practical approach towards becoming a cybersecurity professional. Use the CISM/CISSP study tools you can find for free. You must learn all the important concepts of cybersecurity, networking, and data communication, including Networking (TCP/IP/switching/routing/protocols, etc.), System Administration (Windows/Linux/Active Directory/hardening, etc).
I found Daniel Miessler’s post on developing a career in cybersecurity really interesting and useful on this topic.
Podcasts are also useful. Consider Security Now, Paul’s Security Weekly, and Down the Security Rabbit Hole for starters.
Set your goals
Cybersecurity is a vast field. A lot of people mix up different cybersecurity and information security roles. If you want to make a career in the IT security industry, you should have more clarity on your goals.
General speaking, some categories in the broader domain of IT security include:
- Firewalls, IDS/IPS, Web Content Filtering, anti-DDoS
- Security Audit. (offensive security)
- PenTesting, Patch Deployment Confirmation, Password Audit
- Information Assurance / Incident Response
- Security Policy, more Security Policies, even more Security Policies, log analysis, SIEM, external audit response
- Application Code Security Review, AppDev Security Standards, AppDev QA, Architecture Review
Certifications will take you a long way in the cybersecurity field. Apart from solidifying your knowledge and practical grasp over the concepts, you must definitely eye for certifications. Some important certifications you should consider in the cybersecurity domain are:
Some other important knowledge resources you should bookmark and keep checking:
SANS Reading Room
BlackHat Conferences @ YouTube
DEFCON Conferences @ YouTube
RSA Conference @ YouTube
Carnegie Mellon SoftEng Institute @ YouTube
CMU’s Plaid Parliament of Pwning Competitive Hacking Team Blog
Cybrary – Open Source Security Learning
Krebs on Security blog
Google’s Security Blog
US CERT – Computer Emergency Response Team blog
ISC2 – CISSP – Certified Information Systems Security Professional