10 bits of wisdom to thrive your career in CyberSecurity

CyberSecurity Expert: Javvad Malik, security advocate at AlienVault

Cybersecurity can be a demanding and rewarding field. Here are some tips for those just starting out, based on the experience of two seasoned security pros.

Book learning and technical training are essential elements for any IT-related profession, but some additional skills are essential to build due to the high level of complexity and ever-changing requirements behind a cybersecurity career.

Get Career Advice from CyberSecurity experts!

I spoke to Javvad Malik, security advocate at AlienVault, to get his take on what how to build a solid and stable cybersecurity career. Here are a few of his summarized insights after reflecting back on his career, along with some follow-up elaboration based on my own experiences in cybersecurity.

Malik recommended finding a mentor early in your career and use them to help work out a career strategy. He had no such strategy when he started his profession and feels it cost him a few years to make up for it and get up to speed. A mentor can be a friend, a colleague, a manager, an associate in an online group or forum, or anyone else with the know-how and experience as well as the willingness to share both.

He paraphrased Seth Godin, "If I try to explain why you need to do security and you don't get it, that's my failing, not yours"

Read: Career Path options and framework to becoming a CyberSecurity professional

In my experience, one good example here would be telling users why their computers have to automatically reboot once per month in order to install patches and what threats might befall them otherwise can help ease their frustration and lower resentment.

Malik expressed regret that he hadn't spent more time early on his career engaging in self-study and experimenting with systems and devices when he had the opportunity. A hands-on exposure to testing new concepts or applications can help you determine your own path and what you enjoy or want to focus on (or perhaps want to steer clear of).

In my view, this day and age provides opportunities involving virtualization, snapshots and cheap storage/hardware which all make it even easier to build a testing environment and really delve into the innards of how things work to help better understand how to apply security practices.

Malik advised interacting with industry peers from the onset of your cybersecurity career (conferences or otherwise). "Meeting different people from different geographies with different experiences and motives is a really good way to cram a ton of different perspectives and skills into a short timeframe," he observed.

I participate in online forums, Facebook, LinkedIn and Twitter groups, and professional organizations such as the International Information Systems Security Certification Consortium and the SANS Institute can all be helpful in building a peer network. However, it takes more than just joining the groups or bookmarking the links - it's important to actively participate to provide and absorb news, tips, technical details and other material related to the field.

Malik said that conferences are a great place to learn and network, but they can also be a negative experience if not managed well. He recommends them in moderation; there's no point in going to every single conference as many details will overlap and the experience can become redundant.

Acquire certifications to showcase your expertise to hiring manager.

It's important for people to exercise discipline and maintain clear boundaries to separate work from personal life - even more so for remote workers. The separation between work and personal life must also extend to social circles and hobbies. Your mentor can also help in this regard by highlighting the areas of work that are most important and how to create an effective work-life balance.

There's often a lot of pressure from other groups to roll out changes to satisfy compliance requirements or for security scans (such as Qualys) to pronounce a clean bill of health for systems. However, it's important to resist the pressure if it's too onerous or unreasonable.It's been my observation that all too often cybersecurity professionals cause inadvertent harm by rushing to roll out security changes such as patching or configuration changes. The irony here is they can cause more damage to an organization while trying to do good works than a malicious individual with immoral intentions might ever dream of accomplishing.

"Focus on your area of speciality and become proficient at it," Malik said. Avoid trying to influence areas you only think you know about; cybersecurity is a complex enough field without hanging your career on hypotheticals. Moreover, don't try to solve problems that may not even exist in your company. If there are security threats which aren't applicable to your business don't bother focusing on or worrying about them.

Stick to what's meaningful. I've found that vulnerabilities on test systems or expired certificates on unused servers might provoke concern (particular if these show up on a security scan) but it's best to stick to the genuine risks first and perform clean-up work on irrelevant systems later. Don't be a perfectionist; sometimes good enough is good enough. You have to remain focused on the big picture to remain successful.

Malik concluded our talk with a parting thought: "Everyone makes mistakes. Learn how to deal with them and move on."

https://www.mytechlogy.com/IT-career-development-services/