In order to increase the chances in succeeding in anything, you need to have a plan. To excel in a complex field like cybersecurity, you need short term and long term goals.
The list below highlights the route I have taken and continue to do so. Looking back I have no regrets, other than I should have taken more risk!
Hopefully it helps those choosing this career path by having an insight of my lifestyle and schedule.
Educate
- Books/Audiobooks
- Short Trainings
- YouTube
- Podcasts
- Articles
- Blogs/forums
Check out the links section for some recommendations.
Train
- CTF
- take part in 1-2 Capture-The-Flag events per year
- Try to attend local events to meet new people (sometimes they are hiring)
- HackTheBox.eu
- list of some public CTFs here
- Projects
- Work on websites, github, help a friend, non-profit
- Explore tools
- Kali Linux, Vulnerability Scanners, Cloud Platforms
- Demos
- Attend product demos, learn what’s in the market, ask competitive questions
Certifications
- Create Long/Short term goals
- Get at least 1 per year, in 10 years you’ll have a lot!
- Select industry standard ones, that hold value to the employer
- With vendor certs (like Cisco, Microsoft, etc) the partner gets benefits for selling their products (discounts, rebates)
- Have your company sponsor/pay for the training and certificate (they all have budgets for personal development)
- Prioritize based on demand
Skillsets
- Specialize in topics that interest you
- Develop In-demand skills
- Seek high-demand/low supply skills
- Regularly add more to your tool set
Use this map as a guide: https://www.cyberseek.org/heatmap.html
Events / Seminars
- Learn market trends from topics, speakers, vendors, etc
- Network with professionals in your field
Soft Skills
- Public speaking
- Report writing
- Dumbing down technical concepts
- Sell yourself
Create/Contribute to Content
- Blogs
- Forums
- Websites
- Videos
- Podcasts
- Events
You don’t have to be an expert to contribute to content.
- Make your profile professional
- Professional Head shots
- Clear, concise write-up
- Check grammar, formatting, readability
- Don’t spam or solicit others
- Seek Advice
- Ask professionals for specific advice
- Contribute
Try everything, focus on 1 or 2
- Try multiple fields within cybersecurity and see where you feel most passionate
- To be good in any field, you must know the things that affect it (sort of a jack of all trades). A good consultant can talk high level about everything
- To have greater value, you must specialize in 1 or a few fields
Salary Expectations
The unemployment rate in cybersecurity is currently 0% (2019-2020).
Since this field is so vast, the salary ranges from $60-$500,000 in the US. But here’s a general breakdown. This varies with state, experience and company.
To give you an example of “real” job postings, here are a few screenshots from my LinkedIn feed.
Fields
- DevSecOps
- Secure Coding, APIs
- Design, Architecture, SDLC
- Web Application Pentesting
- Solution Architecture
- Ethical Hacker/Pentester
- GRC (Governance, Risk, Compliance)
- Consulting
- Assessments
- Network Security
- Secure Network Design
- Security Implementation Engineer
- Internal Pentesting
- Training
- Cryptography
- Cloud Security
- Security Operations Center (SOC)
- Incidence Response
- Forensics
- Researcher
Here’s a big mind map someone created with much more detail.