In my last post, we talked about how you’re a hacker even though you might not realize it yet. But that was my last post. Now, let’s talk about how you can get started and truly begin to break through into the security market. One of my favorite questions to ask industry partners is pretty simple. Yet, despite its simplicity, it may surprise you to find out that no one really agrees. Try doing what I do. Start asking people, “What is cybersecurity?” As an industry, we can’t even agree if it’s cyber, cybersecurity, cyber-security, or infosec! However, there are certainly a few silver linings hidden within that ambiguity.
How can you get started?
First, everyone is learning, all the time. It’s impossible for a single person to go both deep and wide in every security discipline. The more you expose yourself to the different products and services within this field, the more opportunities you will have to find the areas that are most exciting and attractive to you.
Second, if you happen to enjoy working in teams, this is the place for you! Sales and Engineering teams work very closely in this field. Cross-functional teams win, and they win big. This is a field where teaming means bigger success.
What security is – and isn’t
So, what is cybersecurity? Here’s what I think it is: “Cybersecurity is the art and science of applying confidentiality, integrity, and availability in our people, processes, and technologies in a way that enables us to go to market and win.” Allow me to talk about what security is not. It’s not locking down systems so far that the business can’t operate. If we forget the vision of security “enabling us to go to market and win” then we cannot possibly win, and we won’t be relevant. Now that we know what cybersecurity enables a company to do, let’s talk about how YOU can be a part of it.
Joining the security conversation
First off, and let me be clear, you do NOT have to be an engineer. You do NOT have to start learning networking fundamentals or how routers work. You do NOT have to learn the difference between GDPR and MDR. You might learn those things along the way, but I staunchly stand against the voices in the community that say, “You must first be an engineer!” You can absolutely be a non-technical business leader in the security industry. In fact, there are MORE non-technical roles in security than there are technical roles! If you look at the org chart of a security vendor, you’ll see that usually around 60% of the org is not in engineering! So, if you’re non-technical and are thinking about taking the plunge and joining me out in the deep end of cybersecurity, let’s get started!
Helpful Security Resources
Start by watching Brook Chelmo’s conference talk called Two Weeks with a Russian Ransomware Cell. Brook’s experience with the Hildacrypt gang highlights why the ransomware problem isn’t going away, and he even gets the Hildacrypt crew to give him their recommendations on how to build a better security program. Can you think of a better way to learn how to prioritize your own security efforts?! Next, pick up an audiobook like Countdown to Zero Day by Kim Zetter and Sandworm by Andy Greenberg. These are phenomenal for getting the storyteller’s perspective of this space. Both Kim and Andy have the uncanny knack of turning complex international cybersecurity policy and endpoint exploitations into actual words that real people use. Once you get to know the opposing team, then pick up a copy of Sounil Yu’s Cyber Defense Matrix.
With just a video and a couple books, you now have the mental model you need to start your journey in cybersecurity. Jump in, the water’s great!