Streamlining Python Development: A Guide to a Modern Project Setup
Getting Your First Cybersecurity Job
1. CyberUp
Getting your first cybersec job
David Strom
blog.strom.com
March 2023
(slideshare.net/davidstrom)
2. Who am I
• More than 35 years of B2B tech journalism,
written 3 non-fiction computer tech books,
magazine editor
• Started in IT back in 1982 and worked for
both government and private industry
doing end-user computing
• Spoken around the world at numerous
computer and business conferences, back
when that was a thing.
3. The process
• Understand the job market
• Build your brand
• Decide on education path
• Go to a couple of conferences
• Get an internship, find a mentor
4. Understand the job market
• What types of cybersec jobs are out there?
• Blue team – people who defend the infrastructure
• Red team – in-house people who attack things to find
weak points
• Audit/compliance/governance teams
5. Blue team Red team
• Security analyst
• Forensics
• Incident responder
• Security engineering roles
• Identity and access management
• Pen tester of various kinds
(network, physical entry, security
operations)
• Vulnerability researcher
• Malware analyst
6. Build your
brand
• Use one of these tools
(Knowem.com,
domains.google)
• Start and maintain a
Wordpress blog
• Set up all the various
social media IDs as well
as work religiously on
your LinkedIn bio
7. Decide on your
education path
• Online classes in computer science/cybersec (here are
three of the best ones)
• Read my article in Computerworld on how to pick the
right class
9. Provider/Link Cost Other certifications to consider
COMPTIA Security+
$390 for 90-minute test
Penetration testing, cybersecurity
analyst and general IT courses
too
EC-Council Certified
Ethical Hacker (CEH) $1200 for four-hour test
More than a dozen cybersecurity
specializations including disaster
recovery, penetration testing
ISACA Certified Info
Security Manager (CISM)
$760 for four-hour test for non-
members but significant discounts
for members, study materials extra
Courses on risk management,
data privacy and auditing
ISC2 Certified Cloud
Security Practitioner
(CCSP)
$549 for four-hour test
Also offer numerous other cloud-
based security classes and boot
camps for above tests
Offensive Security
Penetration Testing
$800 for a one year subscription
Three different levels, other
certifications in web apps and
devops
SANS Institute Network $8,000 for in-person instruction at Dozens of courses covering a
10. Go to a couple of conferences
• ‘cons (including Black Hat/DEFCON in Vegas in August)
• Local STL cyber events
• Try one or two Bsides in different cities
• Join a capture the flag team and give that a go too
• Contribute to your favorite open source projects
11. Get an internship, etc.
• Choose a niche narrow enough
that you can conquer it
• Figure out what you are missing
and find the right mentor
• Avoid known bad employers
• Learn how to do people
networking, even if you are an
introvert
12. Other things worth reading
• My blog for Avast gives some perspective on different kinds
of jobs available in cybersec
• Daniel Meissler -- How to build a cybersec career (has a
great discussion on which certifications matter)
• How Walmart does cybersec (an in-depth look)
Notas del editor
Lesley Carhart is behind that TISIPHONE site and she has a great series of articles on Starting an infosec career and lots of other useful stuff (such as how to do mentoring right and improve your resume, along with a great discussion of the various cybersec roles along with descriptions of a typical day in the life, what to avoid, and a personal anecdote from someone who does the job
Knowem.com – can search through 500 popular social networks, along with over 150 domain extensions, and the entire USPTO Trademark database. You can quickly figure out what has been taken, and what is still available. It only shows you whether or not a domain is available.
Second best is Google’s own domains.google — this allows you to search 300 domain extensions if you want to find something a bit more unusual. It also shows you the current market rate for a particular available name, which may or may not be accurate, depending on which registrar you end up using to buy the domain.
If you want to do further research on just the domains, I would also use Domainchecktools.com. It provides deeper research into about-to-expire domains, which again may or may not be accurate. Some of this info can be obtained from the internet command whois, which shows you sometimes who owns a particular domain and when it was purchased and when it expires.
Launchcode has 3 courses, including one for women all free and all virtual
Claim has 4 different classes, online and in person, costs $15,000 but loans and scholarships are available