So, You’re Considering A Career Change Into Cybersecurity
Much has been said about the skills gap in IT, in general, and in Cybersecurity, in particular. Cybersecurity and Cloud Computing are at the top of the list of challenge areas for finding qualified talent, and many organizations continue to have need, not only for well-skilled and experienced infosec professionals, but also for newcomers with the right complement of soft and hard skills, as demonstrated by entry-level Cybersecurity certifications.
I covered the often overlooked but essential soft skills needed to excel at a career in Cybersecurity in my first two posts. Also important are the hard, technical skills that are needed to get a foot in the door and to deliver on daily duties once in the Cybersecurity field.
As a career professional, stuck in a dead-end job, in a thankless career, or out of work, it can be confusing navigating the plethora of information available and deciding on a course of action for switching to Cybersecurity. How do you decide to take the leap of faith into a career that is all the rage now? What skills are needed and how do you develop and prove you have those skills? Overthinking which certification to pursue may lead to analysis paralysis and at the end, you have made little headway.
Vendor-neutral certifications should be a newcomer’s best friends. These certifications are not specific to any IT vendor and help develop and prove competence with universally applicable skills. These universally applicable skills can enable the freedom to choose the best industry, employer or interests to pursue.
A key differentiator for vendors is whether or not their certifications are approved by the Department of Defense as DoD approved. This DoD hierarchy can provide a general overview of certifications, from foundational to advanced. Vendors include CompTIA, GIAC, (ISC)2 and EC-Council.
To get a feel of the technical skills needed to break into the field, consider some of the domains covered by these certifications:
- Attacks, Threats and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk and Compliance
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring and Analysis
- Incident Response and Recovery
- Cryptography
- Network and Communications Security
- Systems and Application Security
So, what certification should you, as a new entrant or career changer, get? We recommend two vendors and their entry-level certifications below.
CompTIA certifications run from the fundamental and core certifications, from A+, Network+ and Security+ all the way to the specialized Cybersecurity professional certification of CASP+. Most new entrants choose to start with Security+, but for a better grounding in Cybersecurity and Networking basics, consider starting with A+ or Network+, before taking on Security+. Taking the time to attain these foundational skills and knowledge will definitely place you at an advantage not only when it is time for interviews, but also in the discharge of your daily duties.
(ISC)2 administers the coveted Cybersecurity CISSP certification, which, while sometimes described as an entry level certification, is technically not. A more suited certification for new entrants is the SSCP (Systems Security Certified Practitioner) which serves as a precursor to the CISSP. While the SSCP requires one year of cumulative work experience in one of the domains, this requirement can be fulfilled after the attainment of the certification. As such, new entrants will earn the designation of Associate of (ISC)2 while they work towards the required work experience.
These recommended vendors and their entry-level certifications would best suit a new entrant into the Cybersecurity career field. Other vendors administer a multitude of both specialized and generalized certifications that, while they may not suit the vast majority of entry-level professionals, may however interest some, based on other factors. Some of these other entry-level certifications are vendor-specific (Microsoft Security Fundamentals, CCNA Security), highly niched (AWS, GCP, Azure), priced out of reach or have stringent prerequisite rules.
After breaking into the field, it is important to note that pursuing and acquiring more certifications (either by acquiring more advanced certifications within the same field or cross-certifying and pursuing other certifications in other technologies and areas) is one of the best ways to progress in the field, and it directly contributes towards achieving better job performance and higher salaries.
