Many people dream of working in cyber security due to the financial rewards as jobs in cyber security pay more than other jobs in information technology. But higher rewards mean some people start to believe that any job in cyber security isn’t really that easy.
So, is cyber security easy? As a general rule, the lower level cyber security jobs are easy as they require minimal cyber security and technical knowledge. These jobs generally focus on repetitive tasks like logging incidents from emails, telephone calls, from other system dashboards to completing daily checklists and reports.
These easy jobs are more about getting into a routine and understanding the processes involved in the job. Making these jobs easier for employers to train people with no previous cyber experience to do.
Check out my FREE guide – How to get into Cyber Security for Beginners
Checking against a checklist could be one of the tasks involved in these types of job, where the checklist could include checks like:
- logs from system X are being received
- log systems have sufficient disk space to store logs
- antivirus on desktop computers have latest definitions (check on management console)
- antivirus on virtual machines have latest definitions
- vulnerability scores are below 25%
These are all important checks, so the one where log systems need to have the space to store logs, if there is no space and a cyber security attack takes place. There’ll be no history stored in the logs of the attack, like the credentials used, the time these credentials were used, what was accessed and so on.
Some of the entry level incident management jobs involved working on a cyber security service desk, taking calls about incidents and then logging these into an incident management system. These jobs don’t require high levels of cyber security knowledge and once people have been trained how to log calls into the incident management system there’s not much more in terms of skills required.
It’s akin to working in a call center where you take a call, log information and then pass people onto someone else who has more expertise to discuss the more important calls. Likewise, these entry level cyber security call logging jobs do the same.
It makes sense for anyone who wants to get into cyber security to try to first get a job working in a call center. This allows them to get to grips with dealing with people, some of whom will be nice, and others will be angry at their perceived poor customer experiences. Taking this call center experience and then applying for jobs where incident call handling is done, could make all the difference.
The hirer will think, this person knows who to deal with people, good customers and angry customers and even bad customers. We’ll just train them on how to log incidents and give them a script of questions to ask any callers.
Check out the link for my FREE guide on How to get into Cyber Security for Beginners at the end of this article.
Hard Cyber Security jobs
The cyber security jobs where decision making is required are generally harder and require much more cyber security experience. As these decisions can affect an organizations bottom line, with poor decisions on cyber security leading to a security breach and penalties and fines.
My cyber security job where I work as an architect involves decision making that if I get it wrong, could affect the organization I’m working at. This makes it hard, but I have built up a lot of cyber security experience over the years and have a lot of confidence in my ability. More so, I also have plenty of friends I’ve managed to make in my roles at the previous places I’ve worked, and I sometimes reach out to these friends when I need a second opinion.
Building up a network of expertise is important, and I always say in my interviews for potential jobs that relationship building is the key skill I have. As it allows me to quickly establish a rapport with my co-workers and then keep some of these relationships alive when I leave the organization.
The decisions I have to make are not set in stone, that is I only make recommendations as I act in an advisory capacity. The project managers and business leads need to take my decision onboard or ignore it and carry on regardless.
However, I normally do a risk analysis about the decision I’ve made, highlighting if my decision is ignored, this will be the severity of the risk and the potential consequences. Nine times out of ten my recommendation, that is my decision is accepted and acted upon.
Can I teach myself cyber security?
There are many cyber security professionals working today who have elected to teach themselves cyber security skills. Using a variety of methods from watching YouTube videos from security experts to doing online courses, classroom based training and even boot camps.
Watching YouTube videos on security is a good way to learn the skills required but you need to make sure the person doing the teaching knows what they are talking about. As learning the wrong things won’t help in learning and can end up being a setback.
My recommendation would be to get a FREE grounding in cyber security first. Check out the information at the end of this article for more information.
Online learning comes in paid for and free varieties. Popular online learning courses are provided by Udemy, Skillshare to Pluralsight and Codeacademy. These companies offer some free courses, but the mainstay of their material is paid for content.
Classroom based training is generally considered to be expensive where you have to attend a course in person, along with other course delegates. This type of training can easily run into many thousands of dollars per course.
Sometimes people consider cyber security bootcamps where they can immerse themselves into learning skills but these are only recommended for people who have prior experience and are only looking at refreshing their skills.
Can you learn cyber security with no experience?
There are many cyber security professionals who have no prior experience and have managed to learn cyber security skills. By learning the easier basic principles of cyber security first, they have then gone onto learn more complex harder security concepts and skills.
Many organizations have a number of cyber security principles they adhere to, these include principles around protecting information, keeping employees up to date with security issues that could affect them to protecting computers from viruses.
It makes sense to learn and understand these principles first and then expand on what’s been learned by delving deeper into the associated concepts, standards and best practices. This is exactly how I managed to get a foot hold into cyber security by learning about the principles first.
So, the principle about protecting information isn’t a complicated principle to learn and more so, it doesn’t require any previous experience of working in cyber security to learn about it. Information is the most important asset in any organization and the goal of cyber security is to protect the information from being stolen, altered (tampered with), destroyed (deleted) or made unavailable by unauthorized users like hackers.
This principle is known as ‘Confidentiality, Integrity and Availability’, usually abbreviated to CIA and commonly known as the CIA Triad. The confidentiality aspect of the CIA triad would look at ensuring only the right people have access to the information, that is, those who are authorized to do so. This would mean hackers would be excluded by adopting this principle as well as other users in the organization, who didn’t need access to this information as part of their jobs.
The integrity element of this principle would mean the information is protected against anyone tampering with the information and altering it, again hackers could do this but also employees especially if they are disgruntled with their employers.
The availability element of this principle would look at ensuring the information is available to use for those who need to use it and hackers typically will try to knock out access to online services, thereby affecting the availability of information by making the information unavailable.
Now understanding what these principles around confidentiality, integrity and availability are, a deeper understanding on how to protect against any cyber attack that could affect these principles is easier to learn.
Encryption can be used to protect the information’s confidentiality along with robust access controls that control who is able to see and use the information based on whether they are authorized or not.
Versioning, storing information as ‘read only’, stringent access controls to using integrity checksums can help in ensuring the integrity of the information is maintained, as these controls make it easier for the unauthorized to change the information or if they do, some of these controls make it easier to see what was changed and investigate further.
Distributed Denial of Service (DDoS) attacks are one way hackers can stop customers and users accessing online services by flooding these services with empty messages that take up all the resources. Leading to not enough resource capacity being in place for legitimate customers and users, so they end up unable to use these services.
This is a classic attack where the availability principle is abused and putting in tools like Anti-DDoS tools can help protect against these attacks, ensuring the availability of the information is not compromised.
Is it difficult to learn cyber security?
On average, the roles in cyber security are not difficult to learn as they involve getting to grips with the principles of cyber security. Once these are understood they can be applied across organizations to ensure they are protected against cyber threats and cyber attacks.
The first step is to understand what cyber security really means, as it’s a term that is often mis-understood. In general terms cyber security is about protecting against online threats and attacks from the internet and this also includes email attacks like ransomware, as email uses the internet to transport email messages.
Once this basic understanding of cyber security is appreciated, it becomes easier then to consider the threats and attacks. Learning about these and then looking at the measures that can be taken to ensure the impact from these threats and attacks is stopped or minimized.
So understanding the threat of computer viruses, can be minimized by ensuring antivirus software is installed on all devices, with periodic updates being done to the antivirus signatures to ensure they are up to date with the latest threats along with scanning on a regular basis.
Thinking about the potential threat or attack and then looking at measures to either fix stop the impact of the threat or attack, or measures to minimize the impact if a suitable fix cannot be found. Is the way the majority of cyber security professionals think and adopting this approach early on when learning about cyber security, makes it much easier to learn and more importantly the stuff learnt, is retained for longer and not just quickly forgotten about.
Specializing in an aspect of cyber security makes it easier to learn as you only need to learn what’s involved in the specialism instead of having to learn everything.
For me, specializing in cloud security, particularly containerized workloads (Docker based) and allows me to focus on how cyber security can improve the security of cloud containerized environments like those used Amazons AWS, Microsoft’s Azure to Google Cloud Platform.
This doesn’t mean I don’t know anything else about cyber security for these cloud environments, I do and the reason I do, is I’ve picked up the knowledge over time. I’ve not done it in one go and overloaded my brain, this level of overwhelm would be too stressful for me to bear.
Instead I have concentrated on one area, when I felt comfortable enough to branch out further, I have done so. One of my most important skills is curiosity, so when I started working on containerized workloads, my curiosity took me from securing pipelines to application security and secure software development lifecycle (SDLC) activities.
For the uninitiated, there’s a lot of information and knowledge to learn here, but I’ve done this over many years. Meaning because I haven’t crammed the information in a short space of time, I’ve managed to retain the information for longer.
What qualifications do you need for cyber security?
You don’t need any qualifications for most cyber security jobs as there are many jobs where experience trumps qualifications. For these jobs there’s no need to have a university degree, a security qualification or any mandatory security course training.
Cyber security experience is more important than security qualifications for most jobs and I am testament to this. As I have absolutely no security qualifications, I don’t have a university degree as my education was only to a high school level and I used to work in a different field, in sales.
Even now when I apply for jobs, my resume (CV) does not have a qualifications section and I still get calls all the time from hirers. This is down to the experience I have built up and the specialisms like AppSec and DevSecOps that are sought after skills in the cyber world.
Most entry level roles like incident handling don’t require any qualifications and instead hirers are interested in life skills and the ability to learn new things quickly. Being able to answer phone calls and communicate effectively using email and internal messenger apps is far more important. As the cyber skills required for these jobs is very minimal and can easily be learned by most people even if they have little or no previous cyber experience.
I’ve worked with many people who don’t work in cyber security but have taken plenty of security qualifications, only to find it just as difficult to get a cyber related job. These people have wasted a lot of their hard earned money on courses and security exams, leading to their chances to actually getting a job being the same as it was before they wasted their money on cyber courses and exams.
This is why I always advise newbies interested in working in cyber related fields to try to build some experience first, as it doesn’t matter how little this is, some cyber experience is better than none.
Security jobs requiring qualifications
There are cyber security jobs where some form of qualification is required, especially around security testing like penetration testing. Many organizations look for penetration testers who have a certification like CREST, as this provides the hirer some surety that they are recruiting someone who has the basic knowledge in penetration testing.
That being said, no organization is going to hire anyone who just has a CREST certification and no experience. Having experience is essential and along with the CREST certification, means the person applying for the penetration testing job has much more chance of successfully being considered.