What are some good tips for people who want to begin a career in cybersecurity? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.
Answer by Mårten Mickos, CEO of HackerOne, on Quora:
Cybersecurity is an attractive career for ambitious people and a great way to make the world a better place. If you want a career in cybersecurity, don’t wait. You don’t need to be of a particular age or gender. You don’t need any particular approval or certification or study place to get going.
Just start learning and start doing. Get involved any way you can. Bug bounties is a great way to learn and test your skills. Check outHacker101. Just know that even if you can jump straight in, you will need skill, tenacity and patience to ultimately reach a rewarding level of proficiency. Bug hunters may need a year or two of learning before the start finding security vulnerabilities worth reporting. Most bug hunters study the Hacktivity feed where vulnerability reports are published once the vulnerability has been fixed.
Also note that to go far and to become a technical expert on cybersecurity, a lot of studying will be needed. What you invest in learning will come back as career opportunity. A degree in Computer Science will not hurt.
Many jobs in cybersecurity are highly technical, but some are not technical at all. The area of cybersecurity needs people with people skills, leadership talent, and business understanding. Don’t think you don’t fit in just because you don’t know the jargon or don’t get the technical details. The truly difficult challenges in cybersecurity relate to leadership of and collaboration between people. And on the most strategic level, cybersecurity is risk management.
As for industry segments and application areas, there are so many of them that it’s not possible to list them all. You can become passionate about network security, endpoint protection, application security, mobile security, cryptography, authentication, threat intelligence, identity and access management, phishing and social hacking, and so on. You can work with products or services, for a vendor or a customer, in a commercial company or the public sector, in operational roles or in leadership, with known technologies or new ones under development. You can become a consultant or an instructor. The list is practically endless.
You should know that behind the facade of seriousness and advanced terminology is a profession where normal people carry out normal tasks. Cybersecurity is certainly an exciting industry to work in. But it is not nearly as cryptic as it portrays itself. It is a bunch of people who have fun together while making the world a better place.
Daniel Miessler has written a great blog posting on how to build a successful career in cybersecurity. As you next step, read it!