Search Results

Navigating Challenges and Standing Out In the Current Job Market Is Cybersecurity Still a Good Career in 2025? The Real Story The Cybersecurity Job market in 2025 is a tale of two extremes. The demand for skilled professionals is there, BUT the competition remains intense If you’ve been feeling like the job market has hit the pause button, you’re not alone. Many white-collar professionals, especially in tech, are grappling with uncertainty about the future. This limbo period forces us to reassess strategies to stand out in an evolving and competitive landscape. In this article, I want to go over the current state of the market and key strategies to stand out Hopefully, this helps aspiring cybersecurity job seekers to stand out in a tough market! This is Is Cybersecurity Still a Good Career in 2025? The Real Story. The Cybersecurity Job Market In 2025 1. High Demand + High Competition Cybersecurity is and will remain a hot field The problem is the recent tech layoffs and an increasing influx of fresh graduates have flooded the market Standing out is harder than ever before Landing a job demands more than certifications; hands-on experience, such as building security projects or engaging in practical labs, is essential. Keep this in mind as we progress. 2. The Economy is still tough The tech industry is still going through a rough patch Tech budget cuts, outsourcing and overall gloominess is ever-present While these challenges are more pronounced in software development, they also have ripple effects in cybersecurity. For example: AI and automation continue to take over repetitive tasks, pushing cybersecurity professionals to upskill and specialize in areas like threat hunting and advanced incident response. Companies increasingly hire remote and overseas talent, heightening competition in the job market. Organizations scrutinize cybersecurity budgets, emphasizing cost-efficiency and measurable returns on investment. Key Strategies to Stand Out in 2025 Given the market’s realities, here are actionable ways to distinguish yourself as a cybersecurity job seeker or professional: 1. Bridge the Gap Between Theory and Practice As I mentioned earlier putting certs and courses on your profile are no longer enough They may get you through the initial screening from HR but CISOs want to see what skills you bring to the table Build practical projects such as: A home labs, such as a personal cloud sandbox, using cloud platforms like Azure or AWS. Practice developing incident response plans and executing tabletop exercises. Showcase projects on platforms like GitHub, creating a portfolio that demonstrates applied knowledge. Practical experience signals to employers that you have hands-on skills to complement theoretical knowledge. 2. Adapt to AI and Automation AI is not going anywhere for the next decade or so It is transforming cybersecurity, automating routine tasks like log analysis and malware detection. If your job involves doing something monotonous like log review or patching then you need to upskill FAST Professionals must embrace tools that incorporate AI while upskilling in areas requiring human judgment, such as: Threat intelligence and behavioral analysis. Security architecture design. Ethical hacking and penetration testing. AI Governance 3. Improve your Soft Skills Technical skills will get you in the door .. soft skills will keep you there You have to be able to communicate technical stuff without drowning people in jargon Practicing soft skills like active listening, presentation, and effective communication can make or break your career. 5. Focus on Emerging Opportunities While traditional roles like Cloud Security remain important, emerging areas like securing generative AI and quantum computing are gaining traction Professionals who can align their skills with these cutting-edge domains will find themselves in demand. 6. Networking and Personal Branding LinkedIn is more than just the place to post your recent cert I have stressed time and time again about the value of a personal brand Building an online presence through LinkedIn, YouTube, or personal blogs allows you to showcase expertise, connect with industry leaders, and attract opportunities. Polish up your LinkedIn profile and then just social media to push traffic towards it! 8. Stay Resilient The market is tough right now, and anyone who says differently is delusional Landing a cybersecurity role may take time, especially in a saturated market. Diversifying your job search to include adjacent roles (e.g., IT support with a security focus) can be a stepping stone into the field. Hang in there, and you will 100% see the fruit of your patience Good luck in the amazing year ahead of you !

Do Not Lie During Cybersecurity Interviews .. Do This Instead Let me tell you about a person I know .. let’s call him Kevin Kevin had an interview lined up for a Security Operations Center (SOC) analyst role which he was really keen about. Kevin, an ambitious candidate, was asked about his experience with threat hunting tools. Though Kevin had only dabbled in them during his training, he decided to exaggerate his expertise, hoping it would impress the panel. This is Do Not Lie During Cybersecurity Interviews .. Do This Instead. “I’ve extensively used Splunk and CrowdStrike in live incident response scenarios,” He claimed that he fabricates stories about detecting advanced persistent threats (APTs) in critical environments. Initially, his answers seemed to land well, and the company was impressed. However, the hiring manager, an experienced SOC lead, started probing deeper as the interview progressed. He asked Kevin to walk through specific configurations in Splunk and detail how he’d created detection rules. Kevin stumbled; his answers were vague and contradictory. By the end of the interview, it was evident that Kevin had clearly overstated his abilities. The hiring manager thanked him politely but noted his lack of transparency in their feedback. Kevin didn’t get the job — not because of his limited experience, but because his dishonesty raised red flags about his integrity. Kevin’s bluffing attempt not only cost him the opportunity but also tarnished his professional reputation with that employer. Here’s how you can confidently address knowledge gaps in your interviews and turn them into strengths. 1. Acknowledge the Gap Without Hesitation When faced with a question about an area you’re unfamiliar with, start by acknowledging the gap. Trying to fake expertise is dangerous — most experienced interviewers can see through it, and it could damage your credibility. Instead, use phrases like: “I haven’t had hands-on experience with [specific technology], but I’m familiar with the underlying concepts.” This approach shows self-awareness and maturity. Cybersecurity is a vast field, and no one expects you to know everything. What they do expect is honesty. 2. Highlight Similar Experience Even if you lack direct experience with a specific tool or technology, you’ve likely worked on something similar. Drawing parallels to related experience demonstrates that you have foundational knowledge and transferable skills. For example, if you’re asked about Kubernetes but have worked with Docker, you could say: “While I don’t have hands-on experience with Kubernetes, I’ve led projects securing Docker containers. These projects involved image hardening, runtime monitoring, and implementing strict network policies — all of which are critical for container security.” This not only answers the question but also shifts the focus to your expertise, making you appear confident and resourceful. 3. Show Your Willingness to Learn Employers value candidates who are proactive about upskilling. If you’re already taking steps to bridge your knowledge gap, mention it. This shows initiative and a commitment to professional growth. For instance, you could say: “I’m actively expanding my skills in Kubernetes security and currently working through a Kubernetes security certification. I’ve also been following best practices in container orchestration to ensure I’m prepared to tackle similar challenges.” By framing your gap as an area of ongoing learning, you demonstrate a growth mindset — an essential quality for success in cybersecurity. 4. Pivot to Your Strengths After addressing the gap, steer the conversation toward your strengths. Highlight how your existing skills can be applied to the role or technology in question. For example: “My experience in container security has taught me to adapt quickly to new tools and frameworks. I’ve developed processes for securing complex environments, and I’m confident I could apply the same approach effectively to Kubernetes.” This reassures the interviewer that, while you may need some ramp-up time, you have the foundational skills and adaptability to succeed. Why This Approach Works Addressing knowledge gaps with honesty and professionalism has several advantages: Demonstrates Self-Awareness: Acknowledging what you don’t know shows confidence and maturity. It proves you’re not afraid to admit your limitations, which is a sign of integrity. Highlights Adaptability: Employers value candidates who are proactive about learning and can adapt to new challenges. By showcasing your willingness to upskill, you position yourself as a forward-thinking professional. Builds Trust: Integrity is paramount in cybersecurity. Employers need to trust you to protect their systems and data. Bluffing erodes that trust, while honesty reinforces it. Creates a Positive Impression: Pivoting to your strengths and expressing a clear desire to learn leaves the interviewer with a strong impression of your professionalism and enthusiasm. What Happens When You Bluff? Bluffing might seem tempting in the moment, but it can have serious consequences. If your bluff is uncovered during the interview, it damages your credibility and can cost you the opportunity. Worse, if you’re hired and later exposed as lacking the claimed expertise, it could harm your reputation and your team’s trust in your abilities. Cybersecurity is a field where trust and accuracy are everything. If you can’t demonstrate integrity in an interview, how can an employer trust you with their critical systems? So .. next time you face a tough question, take a deep breath, be honest, and let your strengths shine. Good luck with your interviews! Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry. Taimur can be connected on LinkedIn or on his YouTube channel “ Cloud Security Guy ” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.

How to Choose a Cloud Security Certification? I recently wrote about how to start a career in Cloud Security in 2025 if you are starting from scratch. That is easily the number one question I get asked by professionals on LinkedIn and YouTube. The second most common is “which cloud security certification should I go for ??” There is honestly no one-size-fits-all answer to this. The right certification depends on what your career goals are PLUS your experience level. But to make this decision easy I have made this guide for you. This is How to Choose a Cloud Security Certification? In it, I am going to go over the major cloud security certs and which is the right one for you depending on your career level Cloud Security Certifications — Good or Bad ? Like them or hate them .. certifications are a necessary part of cybersecurity. It demonstrates to managers that you are serious about your area and have the necessary baseline of knowledge. But the question arises: Which Cloud Security Certification should you look at? One key point is that Cloud Security certifications fall into two categories. Platform agnostic and platform-specific Platform Agnostic : These are Certifications like CCSK and CCSP, which are not bound to any specific platform like Google, Azure, or AWS and instead focus more on technical concepts and creating a solid foundational knowledge of the cloud Platform Specific : Certifications like AWS security specialty or Azure Security Engineer are specific to a particular platform. These usually assume you know the platform you are trying to secure. If you have ZERO knowledge of cloud concepts, I would suggest going with a platform agnostic cert before attempting the platform ones. 1. Platform agnostic Certs ( CCSK or CCSP ) The discussion usually boils down to the CCSK or CCSP when discussing platform-agnostic cloud certifications. Let’s look at each in detail: CCSK ( Certificate of Cloud Security Knowledge ) Offered by the Cloud Security Alliance (CSA), the CSK gives an excellent in-depth overview of Cloud Security concepts such as Cloud Architecture, Identity and Access Management, Key Management, etc. The exam can be taken online and has around 60 questions. It requires you to show knowledge of fundamental cloud security concepts and has NO experience requirements. CCSP ( Certified Cloud Security Professional ) ISC2 is famous for introducing the gold standard in security certs, which is the CISSP, so everyone was quite excited when they introduced their own cloud security cert. The CCSP , similar to the CISSP, has become well respected in the industry for demonstrating cloud security expertise and is meant for people with a few years of experience in the field. It is NOT a beginner-level cert and covers the below domains in the cloud Domain 1. Cloud Concepts, Architecture, and Design Domain 2. Cloud Data Security Domain 3. Cloud Platform & Infrastructure Security Domain 4. Cloud Application Security Domain 5. Cloud Security Operations Domain 6. Legal, Risk and Compliance The CCSP benefits from the respect and credibility that ISC2 already has in the industry and that at least one year of that experience should have been in one of the above domains. CCSK or CCSP. Which one to go with? This one is tough to answer as both are excellent certifications backed by respected organizations. I have attempted to break it down as per the three criteria below: Experience : The CCSK does not have an experience requirement, and passing the exam is enough, while CCSP requires five years of experience in the cybersecurity industry, with one of those being in the cloud. The CCSK, therefore, is more suited to those who are at entry level and want to get into cloud security, whereas the CCSP is more geared towards experienced professionals. Cost : The CCSK exam is much cheaper than the CCSP, which can be pretty expensive, along with those pesky annual payments. Sometimes, companies are happy to reimburse the costs, so check with your employer before proceeding. Industry Standing : Both are respected certs with good standing in the industry. You cannot go wrong with either of them when validating your cloud security expertise. I think which you should go with depends on where you are in your career. If you are a mid to senior-level professional, you should go with the CCSP, while people new to Cloud security should go with the CCSK. 2. Platform-Specific Certs Let us move on to platform-specific certs, which show experience in a specific cloud provider. Cloud platforms like Azure, AWS, and GCP can have hundreds of services, and companies with critical workloads in the cloud want assurance that they can navigate them. A specialized cert will make you stand out in their eyes. Let’s take a look at what cloud security certification path you can take : AWS Certified Security — Specialty AWS is the most popular cloud platform in the world today, and demand for certified AWS professionals is not going down anytime soon. The AWS Certified Security specialty is an excellent certification to show you your way around the massive number of security services present and how to configure services like AWS GuardDuty, Config, Security Hub, etc. AWS recommends having a few years of experience before taking this test. If you do not have any experience with AWS, I would recommend first going with the AWS Solutions Architect Associate — Exam, as that gives you an excellent overview of the different AWS services and makes the AWS security specialty exam much more accessible, in my opinion. Microsoft Azure Security Engineer Associate For those on the Microsoft Azure platform, the Azure Security Engineer associate validates your expertise in configuring security services and data protection. You are expected to have a good knowledge of the platform and understand how the different services interact with each other as per the Microsoft guide : Candidates for this exam should have subject matter expertise implementing Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure. One advantage is that most people are usually familiar with Microsoft Services, so the learning curve is not as steep as those new to AWS or Google Platform. Professional Google Cloud Security Engineer Similar to the above two and rounding out the top three providers, the Google Security Engineer proves you can secure design and implement Google Cloud. The foundational elements are similar to Azure and AWS, with the requirement to know concepts like Identity and Access Management, Data protection, key management, etc. This is an excellent cert, and I recommend having it if you plan to work on the Google Cloud. It is also a stepping stone to one of the most in-demand certifications, the Google Professional Cloud Architect Cert ( GPCA ) . Although technically not a security cert, this is one of the hottest certifications year after year and one of the toughest. Choosing The Right Cloud Security Cert As I mentioned earlier which cert you should go for depends on your experience level and what your long term goals are. If you are a beginner then it would make zero sense to go for the CCSP as you will not have the experience requirements. The below roadmap would make more sense. On the other hand if you already have knowledge of Cybersecurity then the CCSK would hold zero value for you. Getting hands-on with a platform and getting the CCSP should be your long term goal similar to the below: Remember The Golden Rule The golden rule when getting any cert is that Skills >>> Certs Cert can validate your expertise and boost your career but remember they are not the end goal. The cloud is a highly challenging field, and you will not go far without hands-on experience. Having lots of certifications will only help during the interview process, but your hard work and experience will make a difference in the long run. Make sure that, along with the cert, you have the required skills to make your cloud career long-lasting and successful!

Directionality of SIEM Logs So you've just picked up your first ticket in the SOC. What do you do now? I hope you're beginning by writing the 5-steps in the 5-step SOC Methodology. Reason Supporting Evidence Analysis Conclusion Next Steps For a reason, you put in the signature or a particular reason why this alarm was triggered. Begin documenting all of the supporting evidence for the alarm, adding source and destination to their appropriate categories as you do so. You are doing this because it's imperative to know the directionality of SIEM logs. The traffic comes from where, to where, over what port, and by what protocol. Let me say that again: the traffic is coming from what IP, to what IP, over what port, and over what protocol? When you get down, you can visualize the primary intent of the traffic. With networking, the destination port will be the open service that the source IP address is trying to contact from the source IP address. If no service is running at that port, or if it's not open, then the source IP address cannot connect to the destination IP address. So, the next thing you want to see is if the connection was successful. Just because an attacker tried to connect to a service doesn't mean it was there and accepted the connection. It can get rejected by the firewall or the host itself if the port is closed, and there is usually evidence of that in the packets or flow data. In our Cyber Range, you can see that the dionaea_action accepted the connection, resulting in a successful connection to the honeypot. This is a field generated by the honeypot in the log to let us know that the traffic was allowed into the host. So there's no host-based firewall preventing the traffic from entering and making a connection. There may be a similar log if a firewall in front of this honeypot says that the connection was allowed. If the connection was rejected, you can likely close the alert as benign or false positive. Benign meant the activity happened but couldn't hurt anything. It's essential to know the directionality of traffic and where a connection started. If you see that the source port is 80 and the destination port is 3932, then it is likely to be return traffic , and you're not looking at the first packet in the sequence. You know this because port 80 is a lower port (typically below 1024), and these are reserved for host services. Port 80 is typically a web server, so it only makes sense that this is a web server that is returning traffic and you need to then verify that. However, it is common sometimes to land on an event where this might be the particular packet that caused the alarm to trigger. Still, it wasn't the origin of the traffic, and the SIEM has got its directionality backward. Now you know that this traffic should be reversed and that the true source IP address is the one that has a high source port. You can typically close these out as false positives quickly after you understand the traffic flow and if it matches the intent of the reason it fired. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Many threat intelligence companies are out there trying to sell you on the idea that they have the best threat intelligence indicators and will charge a fortune for them. In this KB, as a future analyst, I want to clarify that most indicators have a shelf life of four hours on average. That's right, and you can't find this number anywhere on the internet because it is buried under years of marketing material saying indicators are good for much longer time frames. It used to be common knowledge. Even AI will tell you: This is not true. This is how to determine the shelflife of IOCs and this is why it's not true: Let's start with IP addresses. Today, we use the cloud for most of our infrastructure, as do the bad guys. These bad guys spin up infrastructure, launch attacks, and destroy it, and by the time you're analyzing it in the SOC, it could belong to a completely different host. This window is even shorter than four hours for IP addresses in modern cybersecurity. It is very easy to change what is served at a particular IP address. Next, let's talk about domain names. Phishing websites often use spoofed or fat-fingered domains, launch an attack via email, and wait a little bit for responses. When they have a few, they redirect the domain to the legitimate domain. This window is often around four hours, but you can never be sure because they change what is served on that domain name in near real-time today. If you see a command and control at a domain, many use dynamic DNS, so the domains also change rapidly. File hashes are permanent. Once a file is hashed and on Virustotal, that exact file hash will live in infamy for the rest of the time, and you can verify its reputation. However, malware works in that attackers use slight variants of malicious files so that they have a completely different file hash. You can't say a file is suitable because it doesn't have a reputation on VirusTotal. You'll have to sandbox it yourself, and by the time those results are up, hackers will be using slight variants again with entirely different hashes. The AV game went to behavioral for this entire reason: how easy it was to bypass signature-based reputation checks. Changing a file to escape reputational checks or putting one file in another is very easy. Email addresses aren't good IOCs. It is elementary to change the email address you're sending from as an attacker. This AI stuff is such a mess. AI will believe any marketing material if you say it long enough. I want you to remember that even the best threat intelligence goes stale exceptionally quickly, and the best and most reliable threat intelligence will always come from internal to your network. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Cybersecurity Career Paths: Exploring Various Roles The cybersecurity field has a few different cybersecurity career paths for career opportunities. Each role has varying skill sets and focus. This article will show you the different jobs in cybersecurity, from entry-level positions like Security Analysts to more advanced jobs like Security Architects. Each role plays an important part in safeguarding information systems and responding to threats. Understanding the typical career progression - from Analyst to Engineer to Architect - can help you plan your own career path. Whether you are just starting your journey in cybersecurity or looking to advance your career, this article will help you understand the opportunities and challenges that come with each move. SOC Analyst What You Will Do A SOC Analyst helps keep a company's computer systems and information safe. They watch for any strange activity on the network and look into security problems. Security Analysts decide if something is malicious using data and doing response actions for everyday things. They often collaborate with other IT professionals to develop and maintain security protocols. At times, they may also be involved in incident response planning. Skills You Will Need SOC Analysts need to know a lot about cybersecurity basics. They should be good at using security tools and understanding how networks work. They also need to know how to spot and respond to threats. Being able to solve problems and think critically is essential. A good analyst can explain complicated security ideas to people who know little about technology. It's helpful if they know about laws that protect data and how to handle security incidents. Knowledge of regulatory frameworks, such as GDPR or HIPAA, and experience with incident management processes are also valuable assets. How Hard It Is to Get This Job This is often a starting job in cybersecurity. Unfortunately, this does not mean it will be so easy to land. Because there is fierce competition for these entry-level roles, you may need to take a role that is less than ideal. To break into the field you may have to take an overnight role. The good news is that because it is an entry-level role, there is turnover. After a few years of working as an entry-level analyst, most will try to move into a more senior role. Some companies will hire people just starting if they know the basics of IT and cybersecurity. Looking for internships or entry-level IT jobs to gain experience can also help. You will also need to have certifications like CompTIA Security+.  Career Progression Junior SOC Analyst to Senior SOC Analyst Career progression for SOC Analysts will begin with roles like Junior SOC (Security Operations Center) Analyst. You will start out by gaining hands-on experience in monitoring and responding to security incidents. Once you have acquired the necessary experience and expertise you can advance to the Senior SOC Analyst position. This is where you can take on more complex responsibilities, including handling more complex incidents and mentoring junior analysts. Expectation to Mentor Junior Team Members as a Senior As SOC Analysts progress to senior roles, they are often expected to mentor and train junior team members. You will directly or indirectly mentor new talent within the organization. In doing so you will reinforce your leadership skills. When experienced analysts share what they know, they contribute to building a strong defense against cyber threats for their organization, while also enhancing their own professional growth. Security Engineer What You Will Do A Security Engineer builds and takes care of an organization's security systems. In this role, you will create security plans, set up security tools, and make sure data stays safe across all systems. The job includes finding possible security risks and implementing systems that spot intruders. You will often work with other IT teams to deploy and maintain security tools. Security Engineers design a company's digital defenses, always working to stay ahead of the bad guys. Skills You Will Need Understanding security tools and how networks work is crucial. You should also know about security rules like NIST or ISO 27001. Being able to write code in languages like Python and learning how to use security software like SIEM systems is essential. Good problem-solving skills and critical thinking are needed for this job. You'll also need to communicate well, especially when explaining tech stuff to non-tech people. It's helpful to keep learning about new security threats and how to stop them because there are always new ones popping up. How Hard Is It to Get This Job Becoming a Security Engineer is not an entry-level job. Companies want people who already know a lot about cybersecurity and have some experience. The typical expectation is that you will have about 3 to 5 years of Analyst experience before qualifying for an engineering role. Most Security Engineers start as SOC Analysts. This helps them learn the basics before moving up. Working on personal projects is a good way to show off your skills. Being eager to learn new things can also help you stand out because there will always be constant changes. Career Progression As a SOC Analyst, you learn how to spot and respond to security threats. This experience is really useful when you become an engineer and start designing security systems. As you grow in your career, you'll take on more complex projects. You might lead big security initiatives or help plan the overall security strategy for your company. After working as a Security Engineer for a while, you might aim to become a Security Architect. This is a higher-level job where you design the big-picture security plan for an organization. You'll need to understand both the technical side of security and how it fits into the business goals of the company. To move up to this role, you'll need to keep improving your technical skills, learn more about business strategy, develop leadership skills, and get experience managing large-scale security projects. Within cybersecurity, there's always more to learn. Staying curious and open to new ideas can help you go far in this career! Security Architect What You Will Do A Security Architect designs the big picture of an organization's security system. They figure out what security measures a company needs and create plans to put those measures in place. You would need to make sure the company's security setup matches its business goals. As with the other roles, you will still look for weak spots in the company's systems and come up with ways to make them stronger. You will collaborate even more with the different teams in the company to make sure everyone understands and follows the security plans. Since you will be working with the Director level and above more frequently you will need to translate business goals into technical solutions. Skills You Will Need To be a good Security Architect, you should be knowledgeable in several areas of security. You should understand how networks, applications, and cloud systems stay secure. It will also be important to know the security rules and standards like ISO 27001 or NIST by heart. At this point, you should have extensive practice and skill at solving complex problems and thinking critically. You will need to be a great communicator when explaining what you are doing because you'll often talk to people who aren't tech experts. Planning big projects and thinking about long-term strategies will become part of your day-to-day. How Hard It Is to Get This Job Becoming a Security Architect is not easy. It's a high-level job that usually requires a lot of experience. Most companies look for people who have worked in cybersecurity for at least 7 to 10 years. You often need to have worked as a Security Engineer or in a similar role first. This is because the job needs someone who really understands how security systems work in the real world. It can be a challenging position to get. But for those who put in the time and effort to build their skills and experience, it's incredibly rewarding. Career Progression Many Security Architects start out as Security Engineers, who started out as SOC Analysts. As you continue in your career you gain more knowledge, hands-on experience, and critical thinking skills. You should also continue to think about the big picture in everything you do and always plan for the long term. Some Security Architects move into roles like Chief Information Security Officer (CISO) where they're in charge of all of the company's security efforts. These roles require more and more leadership skills. In this role, you will not only plan and execute the security strategy but also oversee many employees. The key is to keep learning and improve at both the technical side of security and the business side of running a company. DFIR Teams What is a DFIR Team? A Digital Forensics and Incident Response (DFIR) team is a specialized group of cybersecurity experts who focus on identifying, investigating, stopping, reversing the damage, and analyzing security incidents and data breaches. This team will include Incident Responders, Forensic Analysts, Tier III Incident Response practitioners, the Chief Information Security Officer (CISO), Security Operations Center (SOC) staff, IT personnel, Privacy Officers, and legal teams.  Incident Responders are the 'firefighters' in the team because they work on active threats. While the Forensic Analysts are like the 'detectives' because their focus is on collecting and analyzing digital evidence.  DFIR teams need to detect and respond to cyber threats and at the same time preserve digital evidence that can be used in legal proceedings. They follow a structured process that includes preparation, detection and analysis, containment, eradication, recovery, and post-incident activities. They need to make sure that the evidence they gather will be admissible in court cases, useful for insurance claims, or during regulatory audits. Their work can be used in criminal proceedings so they need to follow a strict chain of custody when collecting and handling any potential evidence. The combination of digital forensics (DF) and incident response (IR) skills makes it so the DFIR teams can provide a comprehensive report of security incidents, from initial breaches to full remediation and future prevention. Their detailed investigations and reports can help find the source of specific attacks or threats and support legal actions against cybercriminals. Incident Responder What You Will Do An Incident Responder is like a firefighter for computer systems. When there's a more serious security problem, you're the first one to jump in to fix it. You'll look for signs of trouble in the company's networks and computers. When you find a problem, you’ll work quickly to stop it from getting worse. Your job is to figure out what's going wrong and how to fix it fast. After the crisis is over, you will make sure it doesn't happen again by writing reports and suggesting ways to improve security. Skills You Will Need To be a good Incident Responder, you need to have extensive knowledge of how computer systems work and how they can be attacked. You should be good at solving puzzles and thinking critically and be able to stay calm when under pressure. Knowing how to use tools that detect threats and protect systems is essential for the role. You must also be familiar with different types of attacks and how to stop them. Being able to explain technical things in simple terms will be an invaluable skill as you relay information to individuals who may be unfamiliar with technical terms.  How Hard Is It to Get This Job Getting a job as an Incident Responder can be challenging, but it's not impossible. Most companies want people who already have some experience in cybersecurity or IT. Many started out in roles like SOC Analyst to learn the basics first. Sometimes, companies will train their own employees to become Incident Responders. This can be a good way to move into the role if you're already working in IT at a company. Having certifications like GIAC Certified Incident Handler (GCIH) or CompTIA CySA+ can also help you stand out. And, most Incident Responders start out as SOC analysts. Career Progression As you grow in your career as an Incident Responder, you might take on more complex cases or start leading teams. You could move up to become a Senior Incident Responder or an Incident Response Team Lead. Some Incident Responders go on to become Security Managers or even Chief Information Security Officers (CISOs). If you enjoy solving problems and keeping people safe online, this could be a great career path for you. Don't forget to work on your leadership skills as well. Forensic Analyst What You Will Do A Forensic Analyst is like a detective for digital crimes. When something bad has happened to a computer system, you're the one who looks for clues to figure out exactly what occurred. You might need to recover deleted files or look through lots of data to find evidence. Your work often helps with legal cases, so you need to be very careful and accurate. You'll use specialized tools to examine computers, phones, and other devices to understand what happened during a security incident or cybercrime. Skills You Will Need To be a good Forensic Analyst, you need to be very detail-oriented and patient. You should be comfortable using special software to look at data closely. You'll also need to know about the legal rules for handling evidence because your work might be used in legal proceedings. Being good writer will help you create clear reports that can be easily understood by both technical and non-technical people. In some cases, knowledge of programming and scripting can be helpful for automating some of your tasks. How Hard Is It to Get This Job Becoming a Forensic Analyst can be tricky because it's a specialized job. Most companies look for people who already have a background in cybersecurity and often want some experience in IT or security roles. You will need special training or certifications in digital forensics, like the GIAC Certified Forensic Examiner (GCFE) or the EnCase Certified Examiner (EnCE). Some people start out as Incident Responders or SOC Analysts and then move into forensics as they gain more experience. While it can be challenging to get into this field the more skilled you become the closer you will be to qualifying to be a Forensic Analyst. Career Progression As you advance in your career as a Forensic Analyst, you might specialize even more. For example, you could specialize in financial crimes or mobile device forensics. You could move up to become a Senior Forensic Analyst or a Digital Forensics Team Lead. It's common to see a Forensics analyst have a law enforcement background - they've come from law enforcement, worked in the SOC, and then moved into forensics. Others might move into roles like Security Consultant or Digital Forensics Manager. With experience, you could even start your own digital forensics consulting firm. Because cyber crime never stops there will always be opportunities to learn and grow in this career. Penetration Tester  What You Will Do A Penetration Tester is also called an Ethical Hacker. You can compare it to a professional burglar hired by the good guys. Your job is to try to break into a company's computer systems but with permission. You'll look for weak spots in networks, websites, and apps that bad hackers could use to cause trouble. When you find these weak spots, you'll tell the company how to fix them. As a result, you will write reports explaining what you found and how the company can make its systems safer. Skills You Will Need To be a good Penetration Tester, you need to think like a hacker but act like a guardian. You should be great at solving puzzles and thinking creatively. Knowing how to write computer code is important, especially in languages like Python. You'll need to understand how networks and computer systems work because you will be using hacking tools to break into them but in a safe and legal way. Not unlike the other roles mentioned, you will absolutely need to know how to explain complex technical concepts in basic terms. You will need to help people understand what you've found and how to fix those security risks. How Hard Is It to Get This Job Becoming a Penetration Tester is one of the toughest jobs to get in cybersecurity. It's like trying to become a professional athlete - lots of people want to do it, but only a few make it. Most companies want someone who already knows a lot about cybersecurity and has experience finding and fixing security problems. Most will have worked as SOC Analysts first. Certifications like Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) can help you out. But even with these, it can be hard to get your foot in the door. Many successful Penetration Testers start by practicing their skills in safe, legal ways, like participating in bug bounty programs or working on their own test systems. Career Progression As you grow in your career as a Penetration Tester, you might focus on specific types of systems or security problems. You could become a specialist in testing web applications, mobile apps, or even internet-connected devices like smart home gadgets. Some Penetration Testers move up to lead teams or become security consultants. As a consultant, your work would entail advising big companies on how to improve their defenses. The field of ethical hacking is always changing because new technologies and new types of attacks are always being created. This means you'll need to keep learning throughout your career. If you enjoy the challenge of outsmarting tricky security problems and helping to make the digital world safer, this could be an exciting career path for you, but it will not be without challenges. Conclusion The cybersecurity field offers a few career paths, each with its unique challenges and opportunities. From entry-level SOC Analysts to advanced roles like Security Architects, and specialized positions such as Incident Responders, Forensic Analysts, and Penetration Testers, getting hands-on experience is key for professional growth. Each role demands a specific set of skills, ranging from technical expertise in network security and coding to soft skills like problem-solving, critical thinking, and effective communication. The career progression in cybersecurity is marked by continuous learning, real-world experience, and the ability to adapt. Even though the path can be challenging, your passion for cybersecurity can help you overcome any obstacles that may arise.  The competition for entry-level positions can be intense, but your dedication, persistence, and commitment will help you advance to higher roles.  Whether you're just starting out or looking to advance your career, don't be discouraged by the challenges. Instead, view them as opportunities to hone your skills, gain valuable experience, and prove your worth in the field.

At-home Windows Hardening Security Project Hanging out with fellow hackers is part of our job. Most of us white hats dabble in a little curiosities from time to time, and you're typically just surrounded by more people skilled enough technically to raise the risks for you a bit. Below is a guide. the At-home Windows Hardening Security Project that I created to help you harden your Windows 10/11 system but not make it so secure that it is unusable. Disable Remote Access Attackers can use Microsoft Remote Desktop's remote access feature to gain control of your device, steal information, and install malware. You'll want to be able to launch R emote D esktop C onnection to log into various things (including the lab here), but you do not wish to host a remote desktop service. The easiest graphical way to disable Remote Desktop is by using Settings. Start by launching Settings using Windows+i. From the left sidebar, select "System." On the right pane, scroll down and choose "Remote Desktop." On the following screen, turn off the "Remote Desktop" toggle. The Windows 11 Home edition doesn't support remote desktops. Use Antivirus Windows' Virus & threat protection is good enough. It is on by default. Go to Start, type in "Virus & Threat Protection," then go to "Manage settings." Make sure that all toggles are in the "on" position. If you do choose to handle malware on your computer, you will want to take note of the "Exclusions" and add exclusions to the folders you don't wish to scan. Create Strong Passwords Passwords should be in a password manager, and I don't care what anyone says; you should invest in a good one like LastPass. Always be careful who you're giving your data to and their financial situation. You should also purchase two YubiKeys, ensure the password manager's 2-factor authentication is enabled, and set up with your primary and backup YubiKey. Buy a YubiKey Nano to stick in your laptop and keep a YubiKey on your keyring. Share your master password with a loved one and make your password vault part of your digital inheritance if something should happen to you. I know I am bleeding into other subjects, but someone needs access to your digital identities if something were to happen to you. There is a line of cybersecurity that is too secure for no one to access anything, and that isn't where you need to draw the line. It's something you need to consider seriously. You'll already be maintaining your digital life. Enable File Backups Regular file backup can help prevent data loss during malware attacks or hardware failures. Go back to Start, then "Virus & Threat Protection," scroll down to "Ransomware protection," click the option to "Set up OneDrive," and follow the prompt to choose which folders to back up. Turn on Core Isolation This feature adds virtualization-based security to protect against malicious code and hackers. It isolates core processes in memory and prevents hackers from taking control of unsecured drivers.  To turn on core isolation in Windows 11, do the following: Click the Start button Type "Windows Security" Select Device security Select Core isolation details  Turn on: Local Security Authority protection Microsoft Vulnerable Driver Blocklist Turn on Bitlocker Drive Encryption If you have Windows 11 Pro, go ahead and set up Bitlocker Drive Encryption. That way, when your computer starts up, you will be prompted with a password, which will encrypt your data at rest. Optional PUA protection I've never turned this on, and it may be an annoyance as we tend to play with many applications, but you do have the ability to turn on "Reputation-based protection," which will protect you from potentially unwanted applications. Windows Update Settings Go to Windows Update Settings and ensure "Get the latest updates as soon as they are available" is OFF. Even with this setting off, you will still receive important security updates automatically to protect your device.  Then click on "Advanced Options" and turn on "Receive updates for other Microsoft Products." That should do it. Make sure you stay updated with Windows updates and use your password manager. Also, make sure you turn on 2-factor authentication everywhere! Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to Get a Job in Cybersecurity from IT No one tells you the truth about how difficult it is to land even an entry-level role in cybersecurity. What I’ve seen in the job market in the past years is that even an entry-level role requires experience. Without that, even getting an interview can be a challenge.  But if you have previous IT experience, you are already ahead of the crowd. The skills and experience you may have gained in IT roles provide a solid foundation for transitioning into the world of cybersecurity. IT is considered one of the easiest and most natural paths in the cybersecurity field. In this article, I would like to share how IT positions can be a springboard into a cybersecurity career. It will be important to highlight your transferable skills and take advantage of your IT experience when making this career transition. The Natural Progression from IT to Cybersecurity The IT field can include a range of roles. The most common IT positions are Help Desk Technician, Network Administrator, Systems Administrator, Database Administrator, IT Support Specialist, Cloud Engineer, and DevOps Engineer. Each of these roles contributes to the design, implementation, and maintenance of an organization's technology infrastructure.  Overlap Between IT and Cybersecurity Responsibilities While IT and cybersecurity are distinct fields, there is a natural bridge between IT and cybersecurity roles.  Because IT tasks also involve security, there is a big overlap in the responsibilities and knowledge of these two areas. Some of this overlap happens when IT professionals work on configuring firewalls and network security devices. They will also manage user access and maintain secure systems and applications. IT professionals must also regularly conduct system updates, monitor anomalies, and respond to technical incidents. Why IT Professionals are Well-Positioned for Cybersecurity Careers IT professionals have significant advantages over other jobseekers who are new to the job market. Because they already have a strong technical foundation and understanding of IT systems, networks, and infrastructure. This basic knowledge and experience is needed in all cybersecurity roles. The experience from troubleshooting IT issues directly translates to mitigating security threats. Understanding how various components of a system interact is a skill used every day in IT. Because technology keeps changing, IT professionals have already learned to be adaptable and keep up with it. They require less training than individuals from non-technical backgrounds or with no experience. Core Technical Skills Gained in IT IT professionals develop a range of technical skills that are directly applicable to cybersecurity roles. These skills cover anything from networking fundamentals to system administration, and scripting and automation. Networking Fundamentals Understanding the TCP/IP protocols governing internet communication is necessary in the  IT field. This knowledge is also used to analyze network traffic, identify potential threats, and secure network structures in the cybersecurity field. A common task in IT is firewall configuration which directly translates to configuring and managing firewalls in network defense. Remote work has also increased the use of VPN setup and IT management. Cybersecurity roles also work on the maintenance of secure remote access to corporate resources. System Administration Skills in managing computer systems are very useful when moving to cybersecurity jobs. Cybersecurity experts need to understand how to work with Windows and Linux in order to find weak spots, make them safer, and fix problems.  Experience in handling user accounts is also necessary. IT professionals have a lot of experience in making new accounts, changing them, and removing old ones, which is essential. Typically, they will know how to set up who  can access what . This skill helps keep systems secure by giving people only the access they need. Another important task they have is keeping systems up-to-date. Having experience here will help them fix known problems and keep the whole organization safer when working in a cybersecurity role. Scripting and Automation Scripting and automation skills developed in IT roles are transferable to cybersecurity. Being proficient in PowerShell allows for efficient system administration and automation.  PowerShell skills in cybersecurity are useful for threat hunting, incident response, and automating security tasks. Experience with Bash scripting in Linux environments is needed for log analysis, system hardening, and automating security checks. IT professionals who have used Python for automation tasks will be valuable because they can use this experience to develop security tools, analyze data, and automate repetitive security processes. How These Skills Translate to Cybersecurity Roles The skills you learn in IT jobs are really helpful for many cybersecurity jobs. For example, network security experts use what they know about networks to keep them safe. System security experts use their knowledge of computers to make them stronger against attacks. Security automation engineers use their programming skills to create tools that increase security. Incident response teams use their broad tech knowledge to solve security problems. People who work in IT can move into cybersecurity jobs more easily than others because they already know a lot of the basics. This natural move from IT to cybersecurity is good. It creates security experts who understand both how technology works and how to use it safely in real situations. They are great at keeping digital spaces secure because they see the big picture of tech and security. Hands-on experience with Systems and Networks One of the most valuable assets IT professionals bring to cybersecurity roles is their hands-on experience with systems and networks. They have a deep understanding of how technologies work in real-world scenarios.  IT professionals develop strong troubleshooting and problem-solving skills through their daily work. They're often the first line of defense when systems malfunction or users encounter issues. They have experience thinking critically, analyzing complex situations, and developing effective solutions quickly. All these skills are directly useful to cybersecurity roles. Through their work, IT professionals also gain familiarity with common attacks. They understand how systems can become compromised, whether through social engineering, unpatched vulnerabilities, or misconfigurations. This knowledge helps them anticipate potential threats and implement proactive security measures. Understanding system vulnerabilities is another crucial skill that IT professionals develop. They know how to identify weak points in systems and networks.  In cybersecurity roles, this understanding is needed for conducting meticulous risk assessments and implementing security controls. Real-world scenarios where IT and cybersecurity collaborate are common. For instance, an IT professional troubleshooting a network performance issue might discover signs of a malware infection. They will collaborate with the security team to eliminate it. Or, during a system upgrade, they might identify and patch critical vulnerabilities. Their efforts directly contribute to the organization's overall security. Thanks to all their experience, IT professionals have a holistic view of how security integrates with broader IT operations. This perspective is highly valuable in cybersecurity roles. Understanding of Compliance and Regulations IT workers often learn about rules and standards for keeping digital information safe. They work with guidelines like ISO 27001 or NIST, which tell them how to protect data. They also know about laws like GDPR or HIPAA that explain how to handle private information. This knowledge is really useful in cybersecurity jobs, where following these rules is very important. IT workers understand how to apply these rules in real life, like setting up strong passwords or keeping data safe. IT professionals also help create safety rules at their work. They may include rules about how to use computers safely or set up ways to save important information. This experience helps them understand how to keep things safe in everyday work. In cybersecurity jobs, this knowledge is extremely necessary. With it, they can create and enforce safety rules, manage risks, and be ready for compliance auditing. This understanding of both the why and how of regulation makes IT workers great at cybersecurity jobs. Collaboration with Cybersecurity Teams IT professionals often have opportunities to collaborate with cybersecurity teams exposing them to security practices and methodologies. This collaboration can take various forms and is beneficial when transitioning to a cybersecurity career. Cross-functional projects involving security teams are common in many organizations. For example, an IT professional might work alongside security experts when implementing a new system. These projects provide insights into security methods, familiarizing IT professionals with cybersecurity practices. Incident response is another area where IT and cybersecurity teams often collaborate. When a security incident occurs, IT professionals may be called to help contain the threat, gather forensic data, or restore systems. This hands-on experience in dealing with security incidents is great when transitioning to cybersecurity roles. IT professionals may also be involved in security assessments and audits. They will work with security teams to evaluate the security of systems they manage, or assist in preparing for external audits. Having this experience shows them how security professionals approach risk assessment and mitigation.  Through these collaborations, IT professionals have the opportunity to build relationships with security professionals. They can learn from seasoned security experts, understand the challenges faced by security teams, and understand the day-to-day responsibilities of various cybersecurity roles. These relationships can also be valuable when seeking mentorship or job opportunities in the cybersecurity field. Working alongside cybersecurity teams teaches them to view systems and processes through a security lens. IT professionals will consider potential threats and vulnerabilities in every aspect of their IT operations. This shift in perspective is necessary for those transitioning into cybersecurity roles. Pursuing Certifications and Training If you're in IT wanting to move into cybersecurity, getting special certificates and training is really important. These show that you know your stuff and are serious about the job. A good certificate to start with is the Network+, which teach you about networks. You can get certificates like CompTIA Security+ as you learn more about cybersecurity. These teach you how to keep computers safe and how hackers think. For mid-level and advanced positions, certificates like the CEH and CISSP are good to have. But remember, certificates aren't everything. You need to keep learning all the time because cybersecurity changes fast. You can take online classes, go to workshops, and practice at home. Try setting up your own computer lab to test security tools. You can also join capture-the-flag contests where you solve security puzzles. It's important to keep up with new security news and threats too. Doing all these things will help you get better at cybersecurity and be ready for a new job in this field. Networking and Professional Development Building a strong professional network is invaluable when transitioning from IT to cybersecurity. Networking provides opportunities for learning, mentorship, and career advancement that can significantly help the transition process. When moving from IT to cybersecurity, making good connections with other professionals is super important. This helps you learn new things, find mentors, and grow your career. One great way to do this is by joining groups like ISACA or (ISC)². These organizations have local chapters where you can meet cybersecurity experts in your area. They also offer training and resources to help you learn more about the field.  Another way to build connections is by going to big conferences like DEF CON. These events let you learn about new security tools and methods, and meet lots of people working in cybersecurity. If big conferences seem too much at first, you can start with smaller local meetups. Don't forget about online communities too! Places like Reddit's cybersecurity forum, the CNE Discord, the BHIS Discord, or LinkedIn groups are great for asking questions and sharing what you know. Being active in these online spaces can help you make a name for yourself in the field. Building a professional network that spans both IT and cybersecurity is particularly valuable for those in transition. Maintaining connections with IT colleagues while building new relationships in the cybersecurity field can lead to unique opportunities that can utilize your cross-domain expertise. These connections can help you find out about job openings, offer mentorship, and stay informed about developments in both fields. Strategies for Transitioning from IT to Cybersecurity Making the leap from IT to cybersecurity requires strategy. Start by identifying your transferable skills. As an IT professional, you will have many skills that are directly applicable to cybersecurity roles.  Connect these skills to common cybersecurity job requirements so you can identify your strengths and areas you need to improve. Seek internal opportunities within your current organization. Express your interest in cybersecurity to your manager and HR department. Look to take on security-related tasks or projects in your current role.  Volunteering for security-related projects, such as assisting with security audits or implementing new security tools, can also help you. Building a personal lab for hands-on cybersecurity practice is crucial for skill development. Set up a home or cloud network with virtual machines to experiment with various security tools, practice penetration testing techniques, or analyze malware in a safe environment. Platforms like Hack The Box, TryHackMe, OWASP WebGoat, and our Cyber NOW® Cyber Range can provide structured environments for practicing cybersecurity skills. You can gain hands-on experience by taking on side projects or freelance work related to cybersecurity. Build a portfolio of security-related work so you can share when applying for cybersecurity positions.  Conclusion The path from IT to cybersecurity is not only viable but often advantageous. IT professionals can maximize their transferable skills and experience to form a solid foundation for a career in cybersecurity. From networking fundamentals and system administration to hands-on troubleshooting and compliance knowledge, IT experience helps you build a toolkit that aligns with cybersecurity job functions.  For those with IT experience considering a move into cybersecurity, don't hesitate to take the leap! Your background gives you a significant head start in understanding the complexities of technology infrastructures and the potential risks they face. Your IT knowledge is a unique strength. Focus on building upon it with cybersecurity-specific skills and certifications. Network with professionals in the field, seek out mentorship opportunities and don't be afraid to start with entry-level cybersecurity positions that allow you to gain experience. To those without experience in either IT or cybersecurity but aspiring to enter the cybersecurity field, consider starting your journey in IT. Since landing a cybersecurity role directly may be more challenging, gaining IT experience can be an excellent stepping stone. IT roles provide invaluable hands-on experience with systems, networks, and technologies that are fundamental to cybersecurity. This experience will not only make you a stronger candidate for future cybersecurity positions but also help you develop a holistic understanding of technology ecosystems. Every step forward in IT is a step closer to your cybersecurity goals. Tyler Wall is the founder of Cyber NOW Educati on. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to Network in Cybersecurity Networking in cybersecurity offers far more than just potential job leads. Good networking helps you gain insider knowledge and stay updated on industry trends. You gain access to a wealth of collective experience and insights by engaging with peers and thought leaders. Cybersecurity can be a challenging and high-pressure field. Building a professional network provides you with an invaluable support system. You will become part of a community of like-minded professionals who understand the unique demands of the job and the job search process. This network can offer guidance, mentorship, and emotional support, helping you navigate career challenges, combat burnout, and find encouragement in difficult times. Effective networking in cybersecurity will open doors to new opportunities. It will foster continuous learning and create a support system to help your long-term success in this field. LinkedIn for Your Brand LinkedIn is more than a social media platform. It can be the first impression you give to a potential employer. Your LinkedIn profile is like an actor’s calling card. The profile should make them want to hire you. Professional Profile Picture Some of us may be shy about taking pictures, but this is one moment when you really need to get over that fear and post a profile picture. They say, “A picture is worth a thousand words.” Take a high-quality headshot where you are dressed professionally. Select a neutral background that doesn’t distract from your face. Consider customizing your background image or banner using a tool like Canva to reflect your personal brand. In addition, create a custom professional URL for your profile (e.g.,   linkedin.com/in/yourname ). This URL looks much more polished when it is included in job applications and resumes. Make sure your contact info is up-to-date so recruiters can easily reach you.  If you do not want to spend a bunch of money on a professional headshot, this is an area where AI can excel. We have found the AI company Dreamwave AI to offer an affordable package for producing professional quality headshots from a number of your less professional selfies.  They will send you hundreds of AI-generated images, and one or two are bound to look just like you. Headliners Craft a catchy headline that goes beyond your job title. Include your expertise and what you bring to the table. Look at this from the point of view of what the hiring manager is hiring for.  For instance, they’re not hiring for an engaging creative artist; they’re hiring for an Entry-Level or Aspiring SOC Analyst and the skills associated with it. Incorporate industry-specific keywords to enhance search visibility. You can find specific keywords by looking over job postings and taking some of their content to describe your experience.  Remember, hiring managers are always more inclined to employ likable employees. Do not be afraid to make it personal and authentic when you share your career goals, motivations, and values in the About Section. Use storytelling to connect with your audience. Work Experience and Key Skills List relevant work experiences and use specific keywords related to your industry. As much as possible, highlight your achievements rather than the tasks you did in each role. Focus on quantifiable results (show them the data!) and use action verbs.  Identify and list 10-20 relevant skills used for each position.  When recruiters search LinkedIn, they are searching for these skills; if they aren’t there, they can’t search for you. And, as you write each experience, make sure to show how you used those skills in practice.  Do not hesitate to list any internships or volunteer experiences that are relevant to the roles you are seeking.  Endorsements and Recommendations Do not be afraid to ask those you have worked with you for LinkedIn recommendations. You will build credibility with every personalized recommendation and skill endorsement from colleagues and supervisors. Recruiters will read through any recommendations to gauge your ability to work with them. They will also take time to look into your skills and qualifications. But to be successful, remember: don’t just take! Networking is an equal parts dance, so offer to write recommendations for others to encourage reciprocity. Multimedia Content & Projects Add multimedia elements like videos, presentations, or portfolios to showcase your work. Ensure all content is professional and aligns with your brand. Use the Projects section to detail key initiatives you’ve worked on. Include measurable outcomes to demonstrate your impact. The featured section is critical to your LinkedIn profile.  This is an opportunity to link to your blog, GitHub, and other websites so that the recruiter or hiring manager spends more time considering you as a candidate.  Don’t waste this opportunity. Optimizing your LinkedIn To maximize your networking potential on LinkedIn, start by optimizing your profile for cybersecurity roles. Highlight relevant skills, certifications, and experiences that showcase your expertise in the field. When job hunting, leverage the "Open to Work" feature strategically. When you are still employed, consider setting its visibility to "Recruiters Only" – this discreet option signals your availability to recruiters without alerting your current employer or colleagues. You can maintain confidentiality while still opening doors to new opportunities. However, making your job search public has potential advantages since it could prompt your network to share leads. While there are fervent teams on each side of the “Open to Work” banner, it seems that when the profile meets the qualifications, the recruiters will reach out. Remember, your LinkedIn profile is often your first impression on employers, so ensure it accurately reflects your cybersecurity focus and career aspirations. Connecting with Recruiters There are two general strategies for recruiters and LinkedIn, the first is to reach out to recruiters, and the second is to make recruiters come to do, and you need to be doing both.  By optimizing your LinkedIn profile above, you will occasionally get targeted messages from recruiters who are looking to fill a role that matches your profile.  To reach out, the first thing you need to do is identify relevant recruiters.  The easiest way to do this is to find them from job postings on LinkedIn, but you can also do a text search for recruiters who have posted that they’re hiring for positions.  Once you've identified relevant recruiters, the next step is to reach out and establish a connection. Here's how to do it effectively: Sample Message Template When contacting a recruiter, keep your message concise, professional, and tailored to your situation. Here's a template you can adapt: Subject: [Your Job Title] Seeking New Opportunities Hi [Recruiter's Name], I hope this message finds you well. I'm a [Your Job Title] with [X] years of experience in [Your Industry/Field], currently exploring new opportunities in [Target Industry/Role]. I noticed that you are recruiting/hiring for a [Specific role], and I'd love to connect to discuss how my skills in [Your Key Skills] might align with your client's needs. Would you be open to a brief conversation about potential opportunities or reviewing my resume?  Thank you for your time and consideration. Best regards, [Your Name] Remember to personalize this template based on your research of the recruiter and their specialization. Keep your message under 100 words for higher response rates. Follow-up Strategies Don't be discouraged if you don't receive a response to your initial message. Follow these strategies for effective follow-up: Wait about one to two weeks before sending a follow-up message. Be polite and professional. Maintain a courteous tone, acknowledging that recruiters are often very busy. In your follow-up, provide new information to reiterate your interest, but always keep it brief. Your follow-up should be even shorter than your initial message. Example follow-up message: Hi [Recruiter's Name], I hope you're having a great week. I just wanted to follow up on my previous message about potential opportunities in [Target Industry/Role]. I've recently [completed a relevant project/earned a new certification], which I thought might be of interest. I'm still very interested in connecting. If now isn't a good time, please let me know when would be better to reach out again. Thank you for your time. Best regards, [Your Name] If you don't receive a response after your follow-up, it's best to focus your efforts elsewhere for the time being. Remember, building relationships with recruiters is a long-term strategy. Even with no immediate opportunities, maintaining professional connections can be valuable for your future career moves. Networking with Others While connecting with recruiters is crucial, networking with fellow cybersecurity professionals can be equally valuable for your career growth and job search. When reaching out to peers, focus on building genuine relationships rather than immediately asking for job leads.  Here's a sample template for connecting with cybersecurity professionals: "Hi [Name], I came across your profile and was impressed by your work in [specific area of cybersecurity]. I am also in the field, I'd love to connect and share about [relevant topic]. Would you be open to a brief chat?"  OR "Hi [Name], I was reading your post on [chose something recent] and appreciated it because [mention something you liked]. I am also in the field, I'd love to connect here." When interacting on LinkedIn, maintain professional etiquette. Always personalize your connection requests and engage meaningfully with others' posts. Share valuable content related to cybersecurity, and be respectful of others' time and boundaries. Avoid hard-selling yourself or your services in initial interactions. Instead, focus on building rapport and establishing yourself as knowledgeable and collaborative. This approach can lead to organic opportunities and valuable professional relationships over time. Your connections will also notice when you engage with their content. So, actively participate in their posts before you reach out to them. You will have a higher chance they will want to connect with you, and you will have something to talk about with them right away!     LinkedIn Groups Engaging with LinkedIn groups is necessary if you want to expand your network and improve your job prospects. By actively participating in relevant cybersecurity groups, you can connect with like-minded individuals, industry experts, and potential employers. Within these groups, actively share insights so you can position yourself as a knowledgeable contributor in the field. Contribute valuable content, ask thoughtful questions, and engage in meaningful conversations. You can build relationships that may lead to job opportunities and collaborations, strengthening your presence in the competitive job market.   Here are some LinkedIn Groups you can consider joining: - SOC Analyst Jobs - Cloud Security Alliance   - Information Security Careers Network (ISCN) - Information Security Network - Cyber Security Forum Initiative (CSFI) Industry Conferences and Events Attending industry conferences and events is an essential aspect of networking in the cybersecurity field. These are great opportunities to connect with peers, learn about the latest trends, and showcase your expertise. Several high-profile conferences stand out in the cybersecurity field. I want to recommend some of the best below. Major Cybersecurity Conferences Black Hat : Known for its technical focus, it attracts security professionals, researchers, and hackers worldwide. It features cutting-edge research presentations and hands-on training sessions. It's expensive. DEF CON : The world's largest hacker convention, DEF CON is famous for its informal atmosphere and various activities, including capture-the-flag contests, lock-picking villages, and social engineering competitions. Due to its affordability, this is likely the first big conference you will go to, and it is one you won’t likely forget. RSA Conference : This conference is one of the largest in the industry, covering a wide range of cybersecurity topics. It's a valuable opportunity to network with vendors and learn about new security products and services. Local and Regional Cybersecurity Meetups While large conferences are important, don't overlook the value of smaller, local events. They’re nearby, and you can get to them easily and more frequently.  OWASP Chapters :  Many cities have local chapters of the Open Web Application Security Project, which organize regular meetups and workshops. BSides Events : These community-driven conferences occur in many cities worldwide and offer a more personal setting for networking and knowledge sharing. Industry-Specific Meetups: Look for gatherings that focus on your particular area of interest within cybersecurity, such as cloud security or incident response. Virtual Conferences and Webinars In recent years, virtual events have become increasingly popular and offer unique networking opportunities as well: Online Conferences: Many major conferences now offer virtual attendance options, allowing you to network globally without travel. Webinars : Regular webinars hosted by companies (including our own at Cyber NOW®), educational institutions, or industry leaders can be excellent opportunities to learn and connect with speakers and attendees. Networking Tips for In-Person Events Like with online networking, you will create connections with peers and potential employers. Since you will be interacting in person, it can be helpful if you have come up with a couple of ways to introduce yourself. If you are more introverted, practice introducing yourself at home with family and friends. This will help you feel less anxious and look relaxed when interacting. Your introduction to the employer can highlight your passion for the industry and what you hope to gain from the event. Preparing Your Elevator Pitch Craft a concise, engaging introduction that highlights: Your name and current role Your key skills or areas of expertise What you're passionate about in cybersecurity What you're hoping to gain from the event For example, you might say, "Hi, I'm Alex Johnson, a recent graduate with a background in computer science and a strong passion for network security. I specialize in threat detection and vulnerability assessment, and I'm eager to learn more about the latest trends in cybersecurity. "  Make sure you take a notebook and pen to the in-person events. Ask everyone you meet for their contact information. Most people will happily provide you with their LinkedIn and email addresses. Write down this information and a brief note on what you discussed with the person.  I suggest this method over using your phone because it is more personal. Follow-Up Techniques Post-Event In-person networking is only as effective as your follow-up strategy. The goal is to turn conference connections into lasting professional relationships.  Within 48 hours of meeting someone in person, send them a personalized connection request on LinkedIn. You can reference your specific conversation or shared interests in your follow-up message. If you promised to share relevant articles, resources, or your resume during your interaction, do so in your follow-up message. One way to track where and when you met each contact is by reiterating this information in your first message. If appropriate, suggest a virtual coffee chat to continue the conversation. Remember, the goal of attending these events is to collect business cards or LinkedIn connections and build meaningful professional relationships that can enhance your career in cybersecurity. Joining Professional Organizations Becoming a member of professional cybersecurity organizations can significantly increase your networking opportunities and career development. These associations offer many resources, educational opportunities, and platforms for connecting with industry peers. Cybersecurity Associations to consider: (ISC)² (International Information System Security Certification Consortium) (ISC)² is renowned for its prestigious Certified Information Systems Security Professional (CISSP) certification, which is highly regarded in the industry. In addition to the CISSP, the organization offers a variety of other certifications, including the Systems Security Certified Practitioner (SSCP), Cloud Security Professional (CCSP), and Certified Secure Software Lifecycle Professional (CSSLP). (ISC)² focuses on developing and maintaining high professional standards in information security, providing members with access to a wealth of resources and a global network of security professionals.  ISC(2) has chapter meetings in most cities with a membership that isn’t related to being a credential holder.  Many people attend ISC(2) meetings without having one of their certifications.  Membership to an ISC(2) requires dues that are collected separately from ISC(2) themselves. ISACA (Information Systems Audit and Control Association) ISACA is known for providing globally recognized certifications such as the Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC). The organization emphasizes the importance of governance, risk management, and information systems control, making it a valuable resource for IT governance professionals. ISACA also offers extensive resources, including research, training, and networking opportunities, to help members stay current in an ever-evolving field. ISSA (Information Systems Security Association) The Information Systems Security Association (ISSA) is a not-for-profit international organization dedicated to information security professionals and practitioners. ISSA promotes management practices that ensure the confidentiality, integrity, and availability of information resources. The association facilitates interaction and education among its members, fostering a collaborative environment that enhances global information systems security. Through various events and resources, ISSA aims to create a more successful and secure information security landscape. OWASP (Open Web Application Security Project) The Open Web Application Security Project (OWASP) is a nonprofit foundation dedicated to improving software security. It is best known for its Top 10 Web Application Security Risks report, which highlights the most critical security issues in web applications. OWASP offers local chapter meetings and global events that bring together security professionals to share knowledge and best practices. By fostering a community focused on improving application security, OWASP plays a crucial role in enhancing the overall security posture of organizations worldwide. Benefits of Membership and Participation Joining and actively engaging with professional cybersecurity organizations can significantly boost your career development and networking opportunities. These associations offer a wealth of resources for professional growth, including access to cutting-edge training, workshops, and conferences that keep your skills sharp and current. Many organizations provide pathways to earn industry-recognized certifications, often at discounted rates for members, adding to your credibility and marketability. The networking potential is immense, with opportunities to connect with peers, mentors, and potential employers through both in-person events and online forums. Members typically gain access to exclusive career resources, including specialized job boards, career guidance, and salary surveys specific to the cybersecurity field. Online Communities Online platforms have become invaluable tools for networking in the cybersecurity field. These virtual spaces offer unique opportunities to connect with professionals, share knowledge, and stay updated on the latest trends and threats in the industry. Discord  is a very popular platform for cybersecurity communities, offering real-time communication and collaboration. The Cyber NOW Education (CNE) Discord server is too quiet sometimes, and we’re waiting for you to come to add value. Another Discord community you can join is the Black Hills Information Security (BHIS) server. This much larger discord is often very active and offers a great place to meet other professionals just like you. The BHIS Discord has a library of resources, including access to webcasts, tools, and discussions with experienced professionals.  Def Con also has its own very active Discord server.  Darknet Diaries is also a good place to meet folks and an excellent podcast to listen to! There is one called InfoSec Community , and Wild Wild West Hacking Fest gets active around the time of their conference.  Reddit  serves as another powerful platform for cybersecurity networking and information sharing. The r/netsec subreddit is a goldmine for technical discussions on network and information security. It's an excellent place to find in-depth analyses of recent vulnerabilities, tools, and research papers. You can also join r/cybersecurity for a mix of news, career advice, and industry trends. Take time to engage with experts and peers through comments and discussions.  But be careful here; Reddit can be very toxic, so watch for trolls and remember to let the water roll off your back. By actively participating across these platforms – sharing insights, asking questions, and engaging in discussions – you can expand your network, enhance your knowledge, and stay up-to-date with the field. By a general rule of thumb, the smaller a group you participate in, the more impact you have in making meaningful connections. There is nothing more potent than a one-on-one conversation with someone. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here . and winner of the 2024 Cybersecurity Excellence Awards.

How to Choose a Cloud Security Certification Let us talk about increasing your cloud security knowledge via certifications.  Getting certified has traditionally been the best way in Technology to demonstrate your knowledge about a subject and that you are serious about a particular topic—cloud security, in this instance. It is also a great way to build a foundational knowledge of cloud security if you are unfamiliar with the subject and to get your foot in the door for a career.    Certifications - Good or Bad?  Cybersecurity professionals often have a love/hate relationship with certifications. Some scoff at them and consider them no substitute for experience, while others believe they are a necessary validation of knowledge for every security pro. I believe cloud security certifications can be very useful in helping professionals get started and give a good baseline on which you can build your experience. However, one problem new entrants into this field face is the cloud security certification path they should choose. There are two paths for a Cloud Security Certification.  Platform Agnostic: Certifications that are not bound to any specific platform like Google, Azure, or AWS and instead focus more on technical concepts and creating a solid foundational knowledge of the cloud  Platform Specific: Certifications like AWS security specialty or Azure Security Engineer specific to a particular platform. These usually assume you know the platform you are trying to secure.  If you have ZERO knowledge of cloud concepts, I would suggest going with a platform agnostic cert before attempting the platform ones. Before focusing on a specific cloud provider, you must ensure your foundation is rock solid. Let's look at the most popular certs in the market.  Platform agnostic certifications  When talking about platform agnostic cloud certs, the discussion usually boils down to either the CCSK or CCSP. Let's look at each in detail:  CCSK (Certificate of Cloud Security Knowledge) Offered by the Cloud Security Alliance (CSA), the CCSK gives a great in-depth overview of Cloud Security concepts such as Cloud Architecture, Identity and Access Management, Key Management, etc. The exam can be taken online and has around 60 questions. It requires you to show knowledge of the below topics:  CSA Security Guidance for Critical Areas of Focus in Cloud Computing  CSA Cloud Control Matrix   Cloud Computing Risk Assessment  Below is the official description from CSA. The CCSK is an open-book, online exam completed in 90 minutes with 60 multiple-choice questions selected randomly from the CCSK question pool. Purchasing the exam costs $395 and provides two test attempts, which you will have two years to use. The minimum passing score is 80%.  The CCSK also has no prior work experience requirement to appear for the exam, however you should have a solid foundational knowledge of the cloud before attempting it. The CCSK is widely known and respected throughout the industry and is an excellent cert for getting your foot in the cloud security door. It has routinely been featured in the top certifications for Cloud Security, and you really cannot go wrong with getting CCSK certified if cloud security is something you are serious about. If you are serious, below are my top tips for getting CCSK certified.  Download the CCSK prep kit, which is free and gives all the prep material for Free!  Understand how the exam is structured.  It tests your knowledge about three key documents: the CSA Security Guidance for Critical Areas of Focus in Cloud Computing, the CSA Cloud Control Matrix, and the EU’s Agency for Cybersecurity’s Cloud Computing Risk Assessment.  Understand thoroughly the CSA Security Guidance for Critical Areas of Focus in Computing , which is a list of best practices recommended by security experts. 87% of the questions are based on this report, so know it inside out!  Read the ENISA risk assessment report , which comes with the prep kit. It is a thorough analysis of the risks and benefits of cloud computing. Know the guidance and the risk report inside out. Around 6% of the questions are based on this document.  I fully understand the Cloud Controls Matrix,   around 7% of the total exam. Enroll in self-paced training , which is easily available on Udemy. If you don't feel like shelling out $$$, there are some great videos freely available on YouTube.  Practice!  Please do not underestimate the exam and attempt to take it without taking a few practice exams. I suggest taking a month of prep for the CCSK cert. Make sure you have a solid foundation via the three documents and supplement it via training and practice tests. The exam itself is online and non-proctored, which makes it a more relaxing experience than other examinations. You usually find out the results immediately. Once you pass, the CCSK is a great stepping stone for other certs like the CCSP, AWS, Azure, etc.  CCSP ( Certified Cloud Security Professional )   ISC2 is famous for introducing the gold standard in security certs, the CISSP, so everyone was quite excited when they introduced their cloud security cert. The CCSP is similar to the CISSP and has become well respected in the industry for demonstrating cloud security expertise. It is meant for people with a few years of experience in the field.  The CCSP is structured as per the below domains:   Domain 1. Cloud Concepts, Architecture, and Design  Domain 2. Cloud Data Security  Domain 3. Cloud Platform & Infrastructure Security  Domain 4. Cloud Application Security  Domain 5. Cloud Security Operations Domain 6. Legal, Risk and Compliance  The CCSP also benefits from the respect and credibility that the CISSP already has in the industry, and at least one year of that experience should have been in one of the above domains.  The CCSP is not an entry-level cert like the CCSK.  Still, it has been made for information security leaders, cloud security managers, and experienced professionals with a few years under their belt. It proves you have an in-depth understanding of cloud security and how to secure applications. Unlike the CCSK, it has a five-year experience requirement, of which three must be in information security, and one must be in the six domains on the CCSP syllabus. If you are a junior engineer new to the cloud, I recommend the CCSK exam instead.  The official quote from (ISC)2 is“To qualify for the CCSP, candidates must pass the exam and have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security, and one year in one or more of the six domains of the (ISC)2 CCSP Common Body of Knowledge (CBK®). A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of (ISC)2 after successfully passing the CCSP exam. The Associate of (ISC)2 will then have six years to earn the experience needed for the CCSP certification.”  An important point to note is that the CCSK cert can be substituted for one year of experience in cloud security, and CISSP holders automatically meet the experience requirements. So, if you have invested time and effort in getting these certifications, you can reap the benefits of your hard work!  Like the CCSK, the first step is to download the CCSP body of knowledge  and fully understand the breakup of the domains on which you will be tested. If you pass the CCSP exam, your expertise in these areas will be validated. If you are serious about passing the CCSP, I recommend buying the official guide for the CCSP, going through it religiously, and making notes of the critical points to understand. Unlike the CISSP, which is an inch deep and a mile wide, the CCSP is focused on cloud security and goes into much deeper detail on its concepts. I am recommending the official guide, but you can look at other alternatives and keep in mind, like official training and Udemy courses tailored for this specific exam.  There is no single magic book or course that will make you pass the CCSP exam. It is all about studying, practicing, and giving yourself enough time to be ready.  The most critical part of preparing for this exam is to practice like crazy.  Most of the information you get from the study guide and courses you will forget unless you apply it in practice exams. The official guide comes with sample questions, but you should invest in getting more practice questions to build up your confidence in these areas.  Give yourself enough time, and I recommend setting aside at least one month of dedicated practice for these exams. A good resource is the ISC2 electronic flashcards for CCSP which you can get for free on their website. Remember that ISC2 exams require you to prove that you maintain a high standard with regular Continuing Professional Education (CPE) credits submissions over three years. An Annual Maintenance Fee (AMF) is also to be paid annually. While the CCSP may seem more difficult and expensive than the CCSK ( and it is ), the benefits are tremendous to your career, as the CCSP regularly shows up on the list of the most in-demand certs.  CCSP vs CCSK  This one is tough to answer as both are excellent certs backed by respected organizations. I have attempted to break it down as per the three criteria:  Experience:  The CCSK does not have an experience requirement, and passing the exam is enough, while CCSP requires 5 years of experience in the infosec industry, one of those being in the cloud. The CCSK, therefore, is more suited to those who are at entry level and want to get into cloud security, whereas the CCSP is more geared towards experienced professionals.  Cost: As of this lecture, the CCSK exam is cheaper than the CCSP, but the latter also has those pesky Annual Maintenance Fees. Sometimes, companies are happy to reimburse the costs, so do check with your employer before proceeding.  I ndustry Standing: Both are respected certifications with good industry standing. You cannot go wrong with either of them when validating your cloud security expertise. Which you should choose depends on your career stage. If you are a mid-to senior-level professional, you should select the CCSP, while people new to cloud security should choose the CCSK. Platform-specific certifications  Let us move on to platform-specific certs, which show experience in a specific cloud provider. Cloud platforms like Azure, AWS, and GCP can have hundreds of services, and companies with critical workloads in the cloud want assurance that they can navigate them. A specialized cert will make you stand out in their eyes. Let’s look at what cloud security certification path you can take:  AWS Certified Security – Specialty  AWS is the most popular cloud platform in the world today, and the demand for certified AWS professionals will not go down anytime soon. Numerous certification paths are available, and a specialized AWS security cert is present.  The AWS Certified Security specialty is an excellent certification that shows you know your way around the vast number of security services present and how to configure services like AWS GuardDuty, Config, Security Hub, etc. AWS does recommend that you have a few years’ experience before taking this test, so if you do not have any experience with AWS, I would recommend first going with the AWS Solutions Architect Associate – Exam, as that gives you an excellent overview of the different AWS services and makes the AWS security specialty exam much more accessible in my opinion.  As the name suggests, this is not a beginner certification  but is for those with experience in AWS security. AWS AWS Certified Security – Specialty is intended for individuals who perform a security role and have at least two years of hands-on experience securing AWS workloads. However, if you already know AWS and want to demonstrate expertise in AWS security, then this is the best certification to go for  The certification is still going strong as of 2024 and is in demand. The AWS cloud ecosystem is the biggest among the major cloud providers, and cyber-security remains a top concern. You really cannot go wrong with having this on your resume.  According to the official exam guide on the AWS Certified Security Specialty page, the exam is pass or fail, with a minimum passing score of 750 out of 1000.  How to prepare for the AWS Security Specialty Certification  This is not a platform-agnostic cert like the CCSP and the CCSK, so it must be approached slightly differently. These are my key tips for preparing for it. Know your level:  While nothing is stopping you from making this your first AWS certification, if you are just starting out, I would recommend doing a beginner-level AWS certification like the AWS Certified Solutions Architect—Associate first. This will create an excellent foundation for AWS services such as IAM, KMS, and other concepts you will need in the future. The AWS security specialty assumes that you are already familiar with AWS terminology, which can become a big challenge if you attempt this as your first AWS cert.  Get hands-on with AWS Services : Another critical step would be to set up a home lab environment and start playing around with the AWS services so you can start understanding them. A vast number of AWS services are covered in the exam, and you should know all of them. Without having hands-on experience, you will not be able to understand questions that involve IAM Policies, EC2 instances, etc. Create an AWS free tier account and start playing around in the AWS cloud environment.  Learn AWS IAM inside and out:  AWS Identity and Access Management is one of the most challenging areas in the exam, requiring you to understand how policies are evaluated and in what order. Know the policy flow and evaluation logic and how IAM elements work. Start experimenting with the IAM policies in your AWS IAM account.  Be ready for “MOST” and “LEAST” questions : Many questions will attempt to trick you by providing correct responses, so you must pick the most suitable one. Understand the pros and cons of each AWS service so you can respond to these questions accurately, as there is no single wrong answer here.  Deep dive into Encryption and Logging : Many questions will cover scenarios pertaining to KMS keys and which type of encryption to use in a particular scenario. Additionally, you are expected to know the logging and alerting use cases of AWS CloudTrail and CloudWatch and how they differ from each other, along with best practices.  My tips for passing the exam  In addition to the above, these are the steps I took to pass my AWS security specialty exam:   Training:  Invest in training so you understand AWS security concepts in a structured way. I used A Cloud Guru training, which is one of the best ones around, but there are several good ones on Udemy and even YouTube. AWS also provides a free readiness course that goes over the essentials of the exam and is definitely recommended as a refresher.  Practice!  No amount of studying will prepare you for the exam without practice tests, so they are a must. Cloud Guru and Udemy courses have some excellent practice tests, but I recommend going for the one on WhizLabs as they were ( in my opinion ) the closest to the actual exam.  AWS Whitepapers:  AWS has some amazing whitepapers that go into great detail about security best practices and their security services. These are not mandatory but are recommended to be read once before the actual exam.  AWS Labs:  Lastly, AWS provides some great labs based on its well-architected framework, which I would suggest everyone go through once as they slowly build up their hands-on experience. These can be a great supplement to any training courses you take on and range from Foundational to intermediate to Advanced.  I hope this gave you a good overview of how to prepare for the AWS Security Specialty exam. The exam is not easy by any means, and there is no magic bullet or solution for passing it. Build up a solid base of technical knowledge and supplement it with practice exams, and you should ace it on the first try.  Microsoft Azure Security Engineer Associate  For those on the Microsoft Azure platform, the Azure Security Engineer associate validates your expertise in configuring security services and data protection. You are expected to have a good knowledge of the platform and understand how the different services interact with each other as per the Microsoft guide:  “Candidates for this exam should have subject matter expertise implementing Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.”  One advantage is that most people are usually familiar with Microsoft Services, so the learning curve is not as steep as those new to AWS or Google Platform. You can get certified by passing the AZ-500 exam. However, one key point to note is that Microsoft has added lab questions to the Az-500 exam, so do not try this exam without first having some hands-on experience  with the platform and the different services that Azure offers.  When it comes to passing this, you can still pretty much apply the advice I gave for AWS Security Specialty to an Azure environment.  Google Cloud Security Engineer  Like the above two and rounding out the top three providers, the Google Security Engineer proves you can securely design and implement Google Cloud. The foundational elements are like Azure and AWS, which require knowledge of identity and access management, data protection, key management, etc. This is an excellent certification, and I recommend it if you plan to work on Google Cloud. It is also a stepping stone to one of the most in-demand certifications, the Google Professional Cloud Architect Cert (GPCA). Although technically not a security cert, this is a very in-demand cert, and professionals must have a firm knowledge of Google Cloud, one of the highest-paying certifications . Having the Google Cloud Security engineer gives you a great foundation to try this exam. As with the previous, when it comes to passing this, you can still pretty much use the advice I gave for AWS Security Specialty and apply it to an Azure environment.  Summary  I hope you got a better idea of the different cloud security certification paths in the market. These are great ways to show your expertise and boost your career but remember that they are not the end goal. Certifications get your foot in the door, but the cloud is a highly challenging field, and you will not go far without hands-on experience. Having many certifications will only help during the interview process, but your hard work and expertise will make a difference in the long run. Make sure that, along with the certification, you have the required skills to make your cloud career a long-lasting and successful one!  Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Is cybersecurity a good career? Is Cybersecurity a Good Career? Over the last few years, the job market has shifted drastically across all industries, making it difficult to land the dream role. The field of cybersecurity is no exception. With more and more candidates being added to the pool every year, the competition has become increasingly intense. You might be asking yourself is cybersecurity a good career? Because you are considering this field, it is only fair to give you realistic advice about the industry so you don’t get blindsided as you try to find the proper role. With the increase in competition, entering cybersecurity may require some sacrifices. To land a role and succeed in this field, you need to be ready for the long haul. It will help if, like an Olympic athlete, you have an intense passion for the work, you don’t give up at the first challenge, and you are quick to adapt.  Unfortunately, with the current job market, having a fundamental interest in cybersecurity and a degree is not enough. These things will not necessarily make you stand out to recruiters and hiring managers. There are just too many other people entering the job market in that same situation. Consider these three  areas to see if you will be a good fit in the Cybersecurity space: Passion Resilience Adaptability Passion Now more than ever, you need a passion for cybersecurity to succeed. Because job searching can be long and tedious, love for the topic and the work are essential. Some sacrifice is involved in making it.  I’m sure you have heard the saying, “You are what you consume.” This also applies when it comes to showing passion for cybersecurity. Someone with a passion for the industry will live and breathe this field. You will stay informed on industry news by regularly reading articles and journals. In addition, you will surround yourself with like-minded people. Following and interacting with cybersecurity experts on social media and in person can go a long way. Connecting with those already in the field can speed up landing a role. A great place to find these thought leaders is on sites like Medium and LinkedIn.  Engage as much as you can in cybersecurity forums and online communities. Try to create genuine relationships with these professionals and learn as much as possible from those who have already reached your goal. Participating in cybersecurity conferences and continuing your education through webinars or online courses can deepen your knowledge. These activities can help you create real-life examples of your work to showcase to recruiters. If recruiters and hiring managers can’t see that you exude passion for the field, they might pass you up. You will stand out and prove you are passionate when you have tangibles to prove it. Don’t keep everything you are learning to yourself. Share it anywhere. A cybersecurity community is ready to listen, and it is in a place like LinkedIn where you know headhunters are around.  Those who genuinely have a passion for the field and are ready to give 110% to the job search process will have no problem being resilient when things don’t happen immediately. Resilience Resilience is a soft skill you will need to develop early in this career. You will encounter many setbacks during the job search and even in your day-to-day role at any company. You can practice resilience by learning to manage your emotions effectively. When there are setbacks or complex challenges, it's essential to self-regulate. A resilient person does not let their negative emotions eclipse them. You will need to learn to cope with disappointments and failures effectively. To stay employable in this field, it’s good to develop the ability to bounce back quickly from setbacks and keep moving forward. Like riding a bike, this skill is acquired through consistent practice. Whenever you encounter a challenge or setback, practice not focusing on the feelings of failure or disappointment. Instead, analyze what went wrong in the situation, what you learned, and how you can prevent this in the future.  Practice focusing on the positive part of every situation. Consider what invaluable knowledge you have gained from the experience and remind yourself that you are constantly learning new things. There will be moments when you may not have the best answer right away, and let’s face it, sometimes we just get it wrong. Setting realistic goals and expectations is critical. Everyone in the field started at zero, just like you. Resilience can give you the added motivation not to give up when you face a challenge that a senior-level professional could solve quickly. You have to be realistic about what you can do at your level and continue to have the drive to keep learning and improving.   Managing feelings of disappointment, focusing on lessons learned, and having realistic expectations will improve your resilience and help you embody adaptability, another skill crucial to cybersecurity. Adaptability Every Cybersecurity professional has to be adaptable. Since this field changes and develops constantly, you must be ready to change. Adaptability will be a skill you use continually in your day-to-day role. However, it can even benefit you in the job search process. Years back, there was a significant need for additional professionals to join the job market in this field. However, the landscape has changed drastically in recent years. Landing an entry-level role by simply applying with basic qualifications is no longer feasible. Though not impossible, you will have to be adaptable. For example, you may have a role in mind in a specialty you enjoy, but when you apply, you find out that the experience requirements are far greater than you expected. You can adapt by looking for roles that fit your current qualifications. Initially, you may have to assume an entry-level role with a less-than-ideal shift. Then, with time, transition to the specialty and change of your choice. This may take more time and effort, but by adjusting, you can land a role and gain the additional experience and knowledge you need to be competitive in the job market. Another thing that can help is to build a support system of colleagues and friends. Those who have gone through a similar experience can give you tips and “tricks of the trade” to help you get through these situations.  Being willing to adjust your career plan is a way to practice resilience. Remember, there is a solution for every problem, but it may not be what you initially thought of. This can help you stay motivated in this career. Since there will be ups and downs in the job search process, being able to quickly shift and take in feedback from others who have made it to where you want to go is invaluable. Navigating the cybersecurity field and its job market will require a deep-seated passion, resilience, and adaptability on your part. As the job market becomes increasingly competitive, it's crucial to cultivate these skills to stand out. Passion will drive you to stay informed and engaged. Resilience will help you bounce back from setbacks and maintain a positive outlook. Being adaptable ensures that you can pivot your strategies and expectations in response to the changes in the industry. By actively practicing these skills, you can position yourself for success in the job search process and your future career. I don't want to leave this KB article without leaving it on a high note. We can summarize the recent demand for cybersecurity changes to AI and automation, but I want you to see the big picture. The big picture is that the demand for cybersecurity persons is an ebb and flow, and right now, we're just ebbing. In the next few years, there will be another flow, another significant demand for cybersecurity, and that is when quantum will make its leap, and there will be a massive need for individuals to fix the encryption that will break overnight. This is but one example, one we know of, that will shift the demand, but there is always that groundbreaking technology that will come up when we least expect it. The demand isn't stagnant. Stick with it.