How to Get into Cybersecurity: 6 Questions from Beginners
Cyber attacks are all too common. If you’re curious about a career in cybersecurity, here are 5 things you should know.
What is cybersecurity?
Cybersecurity is the field devoted to the protection of data, networks, and network-linked devices from attacks by hackers.
Some of the most common types of cyber attacks are well known to members of the general public. Whether it’s an unauthorized login to your social media account or a phishing email at work, people are slowly being trained to be vigilant about the danger hackers can pose.
But as the number of programs and devices grow — and as more everyday devices like home thermostats or car computers are linked to computer networks (the “internet of things”) — it has become more difficult than ever to protect networks and their data from hackers.
Why is cybersecurity important?
Computers and computer networks play a fundamental role in modern human life. Not only do our computers and smartphones capture intimate profiles of our computing behavior, but smart watches, health trackers, and in-home virtual assistants invite data collection into our lives like never before.
Likewise, interconnected systems are now increasingly responsible for key elements of human life including infrastructure and supply chains. Hackers can force natural resource pipelines to shut down or compel airports to turn off their WiFi systems. And in 2020, Sophos revealed that more than 50% of companies admitted to being targeted by ransomware attacks the prior year.
Additional dangers come in terms of protecting proprietary corporate secrets and customers’ sensitive personal information. Even minor issues can lead to severe reputational damage and extraordinary costs. For example, IronNet Cybersecurity reported in June 2021 that the SolarWinds cyberattack cost affected companies an average of 11% of their annual revenue.
With cybersecurity becoming an increasing priority for governments, companies, and individuals, it’s no wonder that cybersecurity careers are becoming a popular choice for employees regardless of whether they are looking for an entry-level position or contemplating a mid-career transition from non-technical backgrounds.
When trying to decide if a cybersecurity career is right for you, consider the answers to some of the most common questions from beginners about cybersecurity.
5 common questions from beginners about cybersecurity
1. What prerequisites do I need for cybersecurity?
A lot of beginners assume that a cybersecurity career requires a bachelor’s degree or master’s degree in computer science or information technology. At the very least, they may believe a technical background is a prerequisite to pursuing a career in the industry.
But thanks to the rise in cybersecurity jobs, and an increasing number of high-quality coding bootcamps, online learning programs, and other training resources, it is now possible to become a cybersecurity professional even if you are coming from a non-technical background.
As with any career, cybersecurity opportunities will require the willingness to undertake hardwork and a lot of studying Being able to demonstrate core skills will be crucial; jobseekers without a traditional degree will need to evaluate alternate pathways including bootcamps and industry certifications to prove their skills.
And even with these assets under your belt, you’ll want to demonstrate to potential employers that you have a passion for the cybersecurity industry and for continuing to develop the skills required for immediate and long-term success.
2. What skills do I need for cybersecurity?
Cybersecurity professionals are called upon to demonstrate a critical mixture of hard skills and soft skills in their careers.
You’ll also need to understand the techniques hackers use to commit breaches to networks ranging from internet protocols (ethernet, WiFi) to HTTP or other common network protocols. These can include port scanning, “sniffing” to capture all data flowing through a network, and maneuvering around firewalls.
Likewise, cybersecurity analysts must be comfortable with the security issues for the systems these networks connect, ranging from hardware and interface devices, to computer operating systems, to Cloud networks. Common hacker practices in these spaces can include code injection schemes, memory exploits, buffer or integer overflows, and other practices designed to gain access to a company’s systems and data.
Of course, not every attack can be stopped. Companies must take additional precautions with their data, and that means cybersecurity also is about understanding the latest developments in applied cryptography. Professionals in the field should be comfortable with symmetric and public key cryptography, and the use of OpenSSL, and other common algorithms.
In recent years, applied cryptography has become an increasingly vital part of the cybersecurity picture as well. Symmetric and public key cryptography, the use of OpenSSL or other algorithms, and the latest threats in the encryption and decryption space.
Lastly, cybersecurity team members will need to develop a strong understanding of the hacker mindset. Threat intelligence and intrusion detection will be key parts of the job, as will understanding and responding to the demands of governance, risk, and compliance (GRC) movements in the space.
Because cybersecurity professionals work closely with team members across the technology side of their company, as well as with executives, marketing professionals, and vendors, they need to have the soft skills required to quickly and effectively communicate information in a timely fashion. Likewise, they need great listening and comprehension skills to take in data from other teams and evaluate it for use in their efforts.
Not all cybersecurity jobs will require this level of interaction. However, professionals with strengths in communication, documentation, project management, and team problem solving will find these skills valuable throughout their careers.
3. How do I get a job in cybersecurity with no experience?
Entry-level opportunities in cybersecurity are available, but professionals will want to have a clear understanding of any learning programs or certifications they need to take in order to demonstrate their capabilities.
Find hands-on opportunities to work with computer, networking, and information technology projects or roles so as to build up their practical experience level.
You should also study the range of cybersecurity jobs available, and to try and select the career path you will eventually want to embark on. Do you see yourself working the front lines in real time to stop hackers in the act of their attacks? Or would you prefer to work behind the scenes, documenting best practices and helping to predict future dangers in the space?
The answers to these questions will help you decide how to proceed – for example, with a bootcamp experience and one or more professional certifications. But a coding bootcamp may be the best course of action for professionals seeking a balance of hard and soft skills for a reasonable cost and timeframe.
A 15-week cybersecurity bootcamp provides a full-time, hands-on introduction to these skills that is hard to replicate in other settings.
In as little as 15 weeks, you can learn these topics in a bootcamp:
- Network and system security
- The ability to analyze logs across security devices and systems
- Understanding of threat intelligence
- Methods for building out your security plan
- And more
The top immersive bootcamps may also offer career placement assistance that can provide a major advantage for entry-level job seekers. Resume building and career coaching can be further enhanced by networking assistance with local employers, including those who have hired your school’s alumni in the past. And because you’ve undergone a bootcamp experience, you’ll graduate with a portfolio of projects in Git that will help you stand out in interviews.
4. What entry-level cybersecurity jobs can I get?
For each of the entry-level roles below, take the time to review actual job descriptions online to look for common themes in terms of hard and soft skills you’ll need to master.
Cybersecurity analysts are the most common entry-level members of their teams. Their work ranges from analyzing current data to detect vulnerabilities and threats, to helping the firm understand where future attacks may come from. Analysts are expected to have a strong passion for learning all elements of the industry, as well as their company’s unique network setup and vulnerabilities. For this reason, a cybersecurity analyst can be an ideal entry-level position.
Here’s are cybersecurity analysts salaries in July 2021:
- Nationwide: $98k (ZipRecruiter); $95k (Indeed.com)
- New York: $108k (ZipRecruiter); $103k (Indeed.com)
- Washington, DC: $106k (ZipRecruiter); $96k (Indeed.com)
- San Francisco: $115k (ZipRecruiter); $144k (Indeed.com)
Incident analysts are responsible for the investigations security teams undertake in the wake of cybersecurity incidents their firms experience. These incidents don’t necessarily have to be successful; incident analysts will often be called upon to review ongoing unsuccessful attempts by bad actors to gain entry, damage, change, or steal firm data, software, or hardware assets.
Incident response investigations can also be handled by traditional cybersecurity analysts, and – depending upon the nature of the intrusion – other specialists in the firm. In some cases, the same incident managers who respond to real-time intrusions will be closely involved or managing the post-incident investigations themselves.
Common salaries in July 2021:
- Nationwide: $78k (ZipRecruiter); $94k (Indeed.com)
- New York: $86k (ZipRecruiter); $98k (Indeed.com)
- Washington, DC: $84k (ZipRecruiter); $125k (Indeed.com)
- San Francisco: $91k (ZipRecruiter); $80k (Indeed.com)
Information technology entry-level jobs
One of the best entry-level routes can be through starter opportunities in related areas of the firm, such as information technology. IT professionals develop practical, hands-on skills in working with and understanding a firm’s computing and network environment.
And as cybersecurity programs grow, they can become intimately involved in incident mitigation or prevention, and even contribute to internal/simulated cyber attacks led by penetration testers/ethical hackers. This can range from helping evaluate physical threats (i.e., a rogue USB drive left on company property) to sending out fake phishing emails internally to identify employees who require further training.
Common salaries in July 2021:
- Nationwide: $55k (ZipRecruiter); $48k (Indeed.com)
- New York: $60k (ZipRecruiter); $62k (Indeed.com)
- Washington, DC: $59k (ZipRecruiter); $119k (Indeed.com)
- San Francisco: $58k (ZipRecruiter); $72k (Indeed.com)
5. What things do I need to learn before I go to a bootcamp for cybersecurity?
Cybersecurity coding bootcamps can be a great learning option for entry-level candidates or mid-career professionals who have set an aggressive timeline to get into a cybersecurity job, or who may lack the time and resources to pursue a full-time degree in a related field.
We’ll discuss later the programming languages a cybersecurity bootcamp will teach you. But first, you’ll need to make sure you have mastered some key skills that top bootcamps may require of applicants.
Bootcamps tend to focus on teaching a specific range of skills in an immersive environment, with the goal of helping applicants achieve employment in their chosen field of study. Because of the time and cost involved, high-quality bootcamps will often screen applicants to ensure they are in the best position to succeed given the curriculum.
For example, bootcamps may look for a basic level of understanding in computers and computer security issues; common threats and vulnerabilities; and signs that the applicant has the interest required to follow industry and technological updates over the course of their career.
They may also ask applicants to complete assessments as part of the admission process. These assessments give the bootcamp staff a sense of your overall interest and knowledge in the space, as well as your command of basic skills like the language of instruction.
Additionally, they may ask about your past coding experience, if any. Don’t worry – if there are specific prerequisites, they will become clear in the admissions process. But bootcamp applicants are encouraged to put the work in to make sure that this career step will be the right one for them.
Taking some time to study up on the industry, and even try your hand at one or more programming languages, can give you a more clear sense of your goals as you apply for admission.
We often recommend you try these free lessons — like how to prevent phishing, intro to virtualization technology, intro to cryptography and Internet of Things security — before you start applying to bootcamps. These free intro to cybersecurity lessons will help you decide if you like the course material and will also give you a basic foundation of cybersecurity.
6. What programming languages are required for cybersecurity?
Cybersecurity challenges vary from situation to situation, but there are some common programming languages you’ll need to know regardless of your eventual specialization in the field.
Python remains the most important cybersecurity language for its flexibility across numerous uses, including automating complex tasks and analyzing large volumes of data. Python’s deep involvement in machine learning and artificial intelligence also make it ideal for creating complex algorithms to detect malware and instructions.
Add to this the huge community of support for Python programmers, including third-party script libraries, and it’s likely Python will serve as the core for your coding bootcamp curriculum.
GoLang (Go) was designed in 2007 to replace widespread programming languages like C++ by improving on some of their most problematic drawbacks. Offering improved usability and run-time efficiencies, as well as powerful built-in source formatting and testing frameworks, the language has been growing quickly ever since.
Unfortunately, one major benefit of GoLang also makes it an ideal programming code for malware. Programmers can write a single codebase in Go that will be usable in attacks across different operating systems including Windows, macOS (Apple), and Linux.
Likewise, Go can result in file sizes that are unexpectedly large – putting them out of the focus of many commercial malware scanning programs that cannot handle file sizes larger than a set limit.
How to get into cybersecurity
The most efficient way to get into cybersecurity is to graduate from a cybersecurity bootcamp. Most bootcamps will adjust their curriculums to respond to new industry trends and employment demands. This can put them at an advantage over skills learned in college degree programs that may have since gone out of date.
Regardless, it is important to understand that any coding job will require you to monitor the industry over time to ensure you can incorporate the latest languages into your skillset, so expect this to be a part of your continuing education needs over the life of your cybersecurity career.
Disclaimer: The information in this blog is current as of 4 October 2021. Current policies, offerings, procedures, and programs may differ. For up-to-date information visit FlatironSchool.com.
Posted by Jordan Schraeder / October 4, 2021
Learn to Code Python: Free Lesson for Beginners
How To Get The Most Out Of Student Advising
The Flatiron School Student Advising team is here to support our students through all of the ups and downs that come with pursuing a bootcamp.