In order to increase the chances in succeeding in anything, you need to have a plan. To excel in a complex field like cybersecurity, you need short term and long term goals.

The list below highlights the route I have taken and continue to do so. Looking back I have no regrets, other than I should have taken more risk!

Hopefully it helps those choosing this career path by having an insight of my lifestyle and schedule.

Educate

  • Books/Audiobooks
  • Short Trainings
  • YouTube
  • Podcasts
  • Articles
  • Blogs/forums

Check out the links section for some recommendations.

Train

  • CTF
    • take part in 1-2 Capture-The-Flag events per year
    • Try to attend local events to meet new people (sometimes they are hiring)
    • HackTheBox.eu
    • list of some public CTFs here
  • Projects
    • Work on websites, github, help a friend, non-profit
  • Explore tools
    • Kali Linux, Vulnerability Scanners, Cloud Platforms
  • Demos
    • Attend product demos, learn what’s in the market, ask competitive questions

Certifications

  • Create Long/Short term goals
    • Get at least 1 per year, in 10 years you’ll have a lot!
  • Select industry standard ones, that hold value to the employer
    • With vendor certs (like Cisco, Microsoft, etc) the partner gets benefits for selling their products (discounts, rebates)
  • Have your company sponsor/pay for the training and certificate (they all have budgets for personal development)
  • Prioritize based on demand

Skillsets

  • Specialize in topics that interest you
  • Develop In-demand skills
  • Seek high-demand/low supply skills
  • Regularly add more to your tool set

Use this map as a guide: https://www.cyberseek.org/heatmap.html

Events / Seminars

  • Learn market trends from topics, speakers, vendors, etc
  • Network with professionals in your field

Soft Skills

  • Public speaking
  • Report writing
  • Dumbing down technical concepts
  • Sell yourself

Create/Contribute to Content

  • Blogs
  • Forums
  • Websites
  • Videos
  • Podcasts
  • Events

You don’t have to be an expert to contribute to content.

LinkedIn

  • Make your profile professional
    • Professional Head shots
    • Clear, concise write-up
    • Check grammar, formatting, readability
    • Don’t spam or solicit others
  • Seek Advice
    • Ask professionals for specific advice
    • Contribute

Try everything, focus on 1 or 2

  • Try multiple fields within cybersecurity and see where you feel most passionate
  • To be good in any field, you must know the things that affect it (sort of a jack of all trades). A good consultant can talk high level about everything
  • To have greater value, you must specialize in 1 or a few fields

Salary Expectations

The unemployment rate in cybersecurity is currently 0% (2019-2020).

Since this field is so vast, the salary ranges from $60-$500,000 in the US. But here’s a general breakdown. This varies with state, experience and company.

To give you an example of “real” job postings, here are a few screenshots from my LinkedIn feed.

Fields

  • DevSecOps
    • Secure Coding, APIs
    • Design, Architecture, SDLC
    • Web Application Pentesting
  • Solution Architecture
  • Ethical Hacker/Pentester
  • GRC (Governance, Risk, Compliance)
    • Consulting
    • Assessments
  • Network Security
    • Secure Network Design
    • Security Implementation Engineer
    • Internal Pentesting
  • Training
  • Cryptography
  • Cloud Security
  • Security Operations Center (SOC)
    • Incidence Response
    • Forensics
  • Researcher

Here’s a big mind map someone created with much more detail.

CyberSecurity MindMap