Breaking Into Cybersecurity

Learn from cybersecurity experts and professionals and discover how they got their break.

So far, we've interviewed Cybersecurity Professionals and asked them their advice on how to start a career in Cybersecurity, and here's what they've said....


Their Advice...

Michael Santarcangelo

Professional Cybersecurity Trainer and Coach

While the salaries might be on the rise, this isn’t a gig to make a lot of money. If someone wants to get started in security, figure out what appeals to them and then map out how to exploit that to their advantage. The skills are teachable.

What matters are the aptitudes. Are you curious? Tenacious? Able to wrestle with problems that have a lot of moving pieces, some grey areas, and a variety of acceptable solutions? I advise people interested in security to study sales, communication, and leadership. Even in high school and college.

We need these skill sets more than ever – and they’ll serve you well.

March 2018

Sophie Sanderson

Lead Cyber Security Recruitment

I speak to graduates/juniors on a daily basis, whether it’s for an informal chat about the current market or to discuss potential entry level roles they may be interested in. My advice for someone looking to break into the industry would be to use absolutely everything that is available to you. There are always webinars, blogs and online courses available online which I strongly advise people to take part in. Social media is also an excellent avenue for getting involved in discussions about cyber security and recent InfoSec news/incidents.

The Open University also offers a free ‘Introduction to Cyber Security’ course, which is useful for someone wanting a very brief insight into the industry. And of course, getting a degree in a cyber security related subject is always beneficial. The nature of Cyber Security requires you to constantly stay up to date, due to how quickly it’s expanding and developing. Therefore, I always encourage candidates to research and monitor new technology and news.

June 2018

Jonathan Gibson

Penetration Tester

Just keep trying and never stop! the bad guys don’t stop so why should we. Learn one thing new each day take it slow at first and you’ll grow. the security sector of technology is vast so, to begin with, you might want to figure out what really interests you so the answer below might pertain to you or not but still it’s good to be well rounded that’s what working in this industry requires.

Start by learning your own and other operating systems: Windows, Linux, and Mac OS. Learn how to defend them and harden them, learn what makes them weak and what makes them strong and learn their local language PowerShell for windows and Bash for Linux.

With your gained knowledge about operating systems and how to defend them you should move onto networks. Routers, Switches, Hubs, Firewalls, IDS/ IPS etc. Learn how they work, communicate with each other and other things and how to properly configure them.

Next, depending on what you plan on doing a programming language can go a long way. Most high-end security jobs and even some entry level one’s require you to be able to know how to or at least have an understanding of coding. most popular languages for a job’s in the security industry range from Python/Ruby to C/C++ depending on what you’re doing. Knowing how to make a website via HTML/ CSS & JS is also very helpful. remember security covers all aspect of technology bad code is bad code no matter where or what it’s written in.

Now the fun part begins, you’ve learned how to defend your own computer and your network. You’ve learned a new programming language or two you can even now automate things with PowerShell so what’s next? this all depends on you… by now you could be ready to be a great blue team member- a person who defends networks and computer systems- with your knowledge of automation and some programming you can be on your way in the industry or you could take it one step further learn how to attack there are many Linux Distros to be used for penetration testing and I’ll leave the research up to you, but most people start out with Kali Linux.

May 2017

Balaji G

Security Analyst at Paladion

Build up your technical skills based on Network and Web Application knowledge and try to get anyone of the well recognized cyber certifications.

September 2017

Rajivarnan

Cyber Security Researcher

Make sure you learn the latest technologies and techniques.

April 2018

Jay Patel

Security Researcher at Hackerone

Three years ago, I play counter strike a lot, and some players do hacker things on it, so I became really curious about it, and Googled “How to hack counter strike”, then after several months, I want to learn how hack a Facebook account, and at that point I discovered that Facebook have a bug bounty program, and research about”what is bug bounty and all” and now I am here.

Don’t directly jump into bug bounty, first try to find some bug in that company who provide only hall of fame because only few hunters participate in that program, so it’s great chance to find some bug.

April 2018

Deyaa Deyab

Information Security Engineer (OSCP, OSCE)

Try to learn how to code at first! The More you deep into code, The more you can do hacking.

May 2017

Sahil Tembhare

Bug Bounty Participant

Yep, well I am also learner I am no master that I can guide the New peoples. But yeah, I can tell what I did when I was Newbee. I used to read and understand as much as I can, Read Blogs of Security Researchers. And learn everything from Scratch otherwise you’ll face False Positives. In Web Application Pentesting field there is a great platform to start and to learn also “HackerOne”. Read the Publicly Disclosed Reports from HackerOne and Understand the Exploitations. Learn OWASP Testing Methodology. Read Books and all. Reading and Understanding is the most Important Thing to kick start.

June 2017

Clara Martínez

Intelligence Analysis Masters Student

To self-learn and investigate on their own account as much as possible and to be open minded about the roles and positions they can take within the Cybersecurity world, because you can learn a lot, and even more than you expected in a role that you didnt even know you could enjoy.

June 2017

Mike Monnik

Senior Cyber Security Consultant

It’s really hard to translate a business trying to make money through cybersecurity into a theoretical, or even practical sense in a pre-work context. That’s simply the truth – you don’t come in knowing how to consult, write business-excellence reports or make calls on what you should say to a customer asking you to make calls about their security posture.

What you can do however, is expose yourself to some things which make this transition a super easy one, allow you to learn quickly and get the job in the first place by proving it to the interviewers.

If you’re applying for cybersecurity in general (technical such as penetration testing, or general such as GRC), become aware of the landscape. This includes the people (twitter, linkedin, facebook groups), the current events and info (blogs, daily news, hacker cons) and the skills (CTF’s, wargames, competitions such as CySCA).

Most web developers show up with a portfolio of websites they’ve designed for their interview – what about a hacking portfolio? My perspective of this would be a github account with a tool or script you’ve made, or even a list of hacker tools you’ve tried or used in CTFs. A list of CTF events and some of your favorite challenges and why, how you solved it and how it might be fixed (writeups). Possibly you’ve tried your hand at Bug Bounties – put down your findings and explain why they might be important. Most importantly, take advantage of your two feet and get yourself to a hacker conference – the people you meet there will become friends for life and will certainly welcome you into the community. Many incredible opportunities, experiences and learning can come from human interaction.

Finally, I would say apply for positions. Go to the interviews and learn what they’re looking for, what you may be missing and ask for feedback. If you can demonstrate learning from a few failed interviews, this equally demonstrates your persistence with say attempting a buffer overflow that won’t work the first ten times. Connect with people on LinkedIn – ask them questions, ask questions on quora, soak everything up like a sponge.

Finally, start learning linux. It’s not an absolute must some may argue, but it demonstrates your ability to learn technical concepts and provides powerful functionality for when used (and quite often). You want to gain experience with many tools, concepts and software that might not even relate to security – one day you might be testing it and wish you knew it better. Understand how things work and then you can start working towards exploiting it.

June 2017

Thomas Bennett

Solicitor (Cybersecurity)

Find an area within info sec which is in high demand.

June 2017

Abel Iglesias Iglesias

IT Security Analyst at INDRA

The first thing that does not despair, is a very wide world and can be complicated. But with desire and effort is taken. Otherwise, it is necessary to have a base of everything that compose the computer science, systems, programming, networks, etc.

July 2017

Rajatkumar Karmarkar

Security Analyst at Nota

Stay updated with new exploits, methods and CVE’s.

February 2018

Diego Durantes Toribio

Senior Information Technology Security Consultant

A desire to learn.

February 2018

Saul Arias

Cybersecurity Professional

Knowing computer security implies knowing the technology in deep. And this implies A LOT of hours learning, EACH day. If you love it this won’t matter to you, but if you don’t you will fail. Another important thing; the University won’t help you very much, you have to study and practice by yourself.

February 2018

Umesh Gorakh Hande

Penetration Tester

Try to learn at least one programming language that might be Ruby, Pythod, PHP etc. Build your own computer and security lab(Virual) using old PCs, your own wireless router with firewall, network switch, etc. Practice securing the computer and network, then try hacking it. Participate in cyber security contests and training games. e.g. Wargames. Look for vulnerabilities on open source projects and sites with bug bounties and document your work and findings. Have knowledge about OS, Network controls or devices, Protocols, Ports. Additionally how Cryptography function works etc.

March 2018

Aaditya Purani

Independent Security Researcher

To break something, you need to know what it is build upon. For that, the first step is information gathering. In the first step of every smaller or large assessment, a researcher should know about the architecture of the system and sufficient information on what the blackbox system is built upon. After having necessary information, the next step is to identify the potentially targetable endpoints or inputs. I believe, the more inputs your application have, the higher chances to getting hacked. The third step should be testing or fuzzing & the last one should be exploiting. If everything is planned well, then success is inevitable. There is a thin line between White Hat Hacking & Black Hat Hacking, I suggest new comer researchers to first ask the organizations / clients whether they are comfortable with them pentesting their network and then proceed.

February 2018

Esther George

Cybersecurity Trainer

Be aware that there are a number of qualifications out there at the moment which may not necessarily get you employed in the sector. Contact companies which you are interested in working with and find out what they are actually looking for / would recommend.

  • Consider joining a cyber security related association so you can network with experienced members of the industry.
  • Consider joining cybersecurity LinkedIn groups.
  • Manual Source Code Review (C,Java,PHP,JSP/Shell)
  • Consider attending Cyber Security conferences.
  • Consider going through The Cyber Highway. This would help students understand what businesses need to do at a basic security level to protect themselves better.
March 2018

Samrat Das

Cybersecurity Professional

Take the first steps to learn programming! The first and foremost tool to become a hacker. Start with Python/ C language. Then next take a grasp on basics in networking and database. Enrol in online video courses from Cybrary/ Security Tube. These helps you learn a lot. Download Vulnerable Web apps/ mobile apps into Virtual Machines and practise them with Linux OS (preferably Kali). The more hands-on, the better you grow! Learn from great hackers posts from Hacker-One and bug-crowd.

April 2018

Dhillon Kannabhiran

Founder, CEO at Hack In The Box

Pick a research area that interests you (reverse engineering, exploitation, application security, malware) and learn everything you can about it .

May 2018

Saif Ali

Founder & CEO at MedMee

Well this is a kicker. If you are trying to break in just for fun while harming someone or some entity or organization, I wouldn’t support that and I would advice you rather do it with their permission (permission to break in here means you found a loophole and now you are just seeing how far can this escalate without harming the system’s integrity and how to come up with a patch eventually). This way would earn you respect and experience and even $$ in most cases, so it’s a win-win situation.

If you are one of those Black Hats, I suggest you to slowly put on new White Fedora, it’s about time you did that.

April 2018

Jiehong Liu

Security Researcher - China Cyber Security (CETC 30th Institute)

Yeah, Cyber Security is become more and more complicated. In my junior high school hoodtime, many people use hacker tools can hacks anyone computers, but nowadays, various new technologies (IoT & AI)and the emergence of new attack vectors,this is Challenges and opportunities for all the industry not just cyber security. So keep learning is the right way,and finding the right way to learn is another right way and stay hungry, stay foolish.

April 2018

Jerome Galerne

Cofounder & CEO at Premedit

Like any indutry, cybersecurity offers a large panel of jobs and personal development oppportunities. Identify your strenghts, your career objective and know in which field where you can perform the most: technical, marketing, sales, management, consulting. Whatever your field of expertise, cybersecurity is moving fast and is demanding. It requires to continuously learn and keep pace with changing situational needs. Last but not least, do not forget the “why” (not only the “what” and “how”). It’s a current trap I often see with people getting enclosed in their high-expertise and loosing the sense of purpose.

April 2018

Hasan Alqawzai

Cyber Threat Hunter & Penetration Testing

Read basic network or CCNA, Security+, Basic Linux, CEH.

April 2018

Deepak Kumar Nath

Ethical Hacker | Security Researcher | Entrepreneur | Speaker

Just Go with your passion, Be updated with latest technology, exploits, methods, research with your innovation, checking out POCs of others will make your process to break anything easier.

May 2018

Renzon Cruz

Senior Security Engineer

Stay curious. Learn to master logic and critical thinking. Cyber Security is an endless learning and you should learn everyday. Master the basic and fundamentals starting from Operating system, basic networking stuff, basic programming techniques and analogy, web programming and some basic database command and queries. That would help you to understand how computer works from different perspective and it would be essential to learn security with this strong basic knowledge. In our current IoT (Internet of things) set up, cyber security is a fast pace module where in everybody is involve and everybody can be a target. Also consider to expand your network, attend conferences nearby, do not hesitate to ask questions from the experts and try to get a mentor. I always use this quote whenever I want to clarify something: “When in doubt, just ask.

June 2018

Raju Patil

Information Security Consultant

Do some certifications.

August 2018

Francois Gratiolet

Cybersecurity Professional

Think about the value you can bring (IT, networks, business, communication skills…)

September 2018

Juan Carlos Montes Senra

Security Analyst

Start by focusing on one thing (forensic, malware, pentesting etc) and master that.

October 2018

Niels Groeneveld

Principal Threat Intelligence Analyst at RedSocks Malware Labs (Bitdefender)

Get relevant experience in system/ network administration first.

October 2018

Shreyas Parikh

Risk Management Specialist at Reliance Industries Limited

It was all part of career plan. I would say I took it as a hobby. as I grow watching some hacking movies. I was inspired to enroll in the same field and luckily I was able to follow my passion.

June 2017

Mayank Yadav

Senior Associate Consultant at Paladion

Try to focus on one domain at first to kick start and do some certifications for that and apply for same post. Don’t run for money, just gain experience and money will follow you (off-course if you are good).

October 2018

Ajay Anand

Founder | CTG Security Solutions

Proper Focus on Programming Langauge: php, perl, python, etc. Also knowledge of Linux platform is must better you go for Kali Linux and other open source based latest security focused distros.

April 2018

Akash Mahajan

Co-Founder Appsecco | Ex OWASP BLR Lead

Learn how to learn as this field is wide and ever changing. The easiest way to ensure that you are learning and retaining information is to try everything in a hands-on manner. While you are doing that make sure you document. I recently did this workshop/ talk for people at OWASP Bangalore (GitHub) and may be useful on how to get started.

May 2017

Pukhraj Singh

Security Operations & Threat Intelligence Practitioner

Don’t depend upon certifications, but merit and aptitude.

May 2017

Miguel de la Torre Sanchez

Jefe de Proyecto en Bankinter Global Services

Passion and motivation is the most important but you need time. The knowledge is easy to find.

April 2018

Shobhit Pandey

Cyber Security Professional

Know Networks!! and then you will flow over Security!

May 2018

Divya Joshi

Information Security Consultant

If anyone wants to start their career in the cyber security domain they must realize that it is a very larg.subject and you cannot be an expert in each domain but you can aquire necessary knowledge and learn specific expertise.

January 2018

Jorge Blanco

IT Security Engineer

Self-learning in free time and perseverance. If you dont love security and computers, dont enter on this market, you will get bored very soon (some attacks and tasks are very technical and complex).

January 2018

Varun Chowdary

Cybersecurity Professional

Think broadly about your skills, network like mad, ask everyone what they need or desire and apply yourself to the most important demands you feel passionate about. Don’t get hung up on any job, everything is worth a try, everything teaches you something. Offer your services to everyone. Summarize your experiences constantly and remember that people only give work to the really busy people.

February 2018

Roberto Pérez Raba

Cybersecurity Systems Analyst

My advice is to learn something new everyday, that’s my philosophy. All the passionates of cybersecurity are lucky because security is not a job fur us, it’s a real hobby and we just need a pc to train our skills and learn something new. Fortunately we also have so many information sources like blogs, academies, tutorials, "free hacking tools". So look for your first cybersecurity job, make of security your hobby and keep forming you and that’s all, be patient and your cybersecurity career will build itself.

June 2018

Suranjit Paul

Technical Manager, Cyber Security (Secure-IT/SIEM Practice) at Jolera Inc.

Keen interest to learn about ongoing security related events/issues/breaches/new technologies. Initially taking cyber security related courses which are freely available (for example, cybrary.it) and find the area you enjoy the most. And finally, start working in a place where it will be related and at the same time you can expand your knowledge in future.

August 2018

Chintan Gurjar

Penetration Tester

You must have analytical and logical skills. How to determine bad and good? How to choose a good company. Whom to trust and whom not to etc…After some point of time in our field, it is must to have self-learning skills as no one will be mentoring you for your whole life. You read, you create environment, you test, you write blog this is simple approach for learning new things. Give priority to your search. First find youtube videos, if you can’t then go for google and find any website link, article if not then find that in darkweb, torrent or deepweb (only if torrent is legal in your country). If you follow this approach you will be a good Penetration Tester after 1/2 years.

September 2018

Shubham Mittal

CTO at Neotas Ltd

Instead of going for classes, look for finding solutions on your own through resources available online. Read blogs, keep an eye on Security trends on twitter, follow security channels like reddit(netsec), news.ycombinator, and also if possible join a local security meetup chapter to keep yourself motivated and networking.

September 2018

Akansha Kesharwani

Security Consultant at Payatu Technologies

Basics should be clear: if the person is not having there basics well placed then its a bit difficult to clear the interview process.

October 2018

Ignacio Sorribas

Senior Security Consultant en NCC Group

Today there’s plenty of information about cybersecurity on the Internet. My advice is to read as much as you can and to take specialized training courses. Some of them are really expensive, but if you have the lucky to get a job on cyber security after that, then it’s worth it. Other recommendable path is to join the graduate program that some companies in UK are offering.

November 2018

Dr. Burzin P. Bharucha

CISO

Go with the flow, as nothing comes and lands into your hands. You need to put your best foot always forward and believe in yourself, by putting “trust in your core talents, following of your passions sincerely with focus and commitment, and silencing all your fears and facing all roadblocks head-on in resolving them.

December 2017

Derek Ellington

Certified Forensic Examiner

Be well rounded and like computers. You need to like tech and be prepared to immerse yourself in tech not just at work. You also need to have an investigative personality and like solving puzzles.

January 2018

Simon Crawley

Global Project Manager at MSAB

Go for it, if you have an interest in a subject, keep persuing it – it took me 24 years to finally get into the role – although, to be fair, for a large part of that time the role didn’t exist.

January 2018

Dauda Sule

Cybersecurity Professional

If you make up your mind and are sure you want to venture into this field then just go for it. Don’t be discouraged by the many drawbacks and disappointments you will encounter; for example when I was starting out I go into contact with Concise to do a presentation on Forensic readiness, sent the video, and then didn’t hear from them; would have expected some feedback at to improve on the presentation, but nothing and that was darn right disheartening, could have even at least just told me to get lost and that would have been polite and encouraging. That almost made me give up hope, but I didn’t subsequently I got other platforms that were interested and some of work were included in their top rankings. That example is not nearly the tip of the iceberg of what you would run into. Don’t feel you can only progress in your career by getting a job, before that you can build yourself and experience by doing things on your own to help improve your employability; and who knows, you may even become the employer and build your own empire.

June 2018

John Irvine

Cybersecurity Executive

Don’t ignore the “people” side of computer forensics because it’s in a technology field. To do the job really well, you need to understand people as much as you understand the technology, because if you don’t, you won’t know the right “questions” to ask of the computer you’re examining. My education and training in sociology, psychology, and investigation is just as relevant to my skill as a computer forensic examiner as my education in IT.

July 2018

Deepak Kumar

Pentester

At the start of your career I would suggest that you spend time understanding the Networking, OS, Basic Programming, Tools, Cyber Law, IT/ Evidence Act, Hacking modules and more for additional skills. Try to use all opensource, shareware’s tools and benchmark as per efficiency and learning purposes. Read blogs and white papers resources, videos webinars from vendors. Forensics and Cyber security professionals need deep experience and classified information and in this domain no one is an expert.

August 2018

Ronak Gajendrabhai Patel

Penetration Tester

I would always suggest to start for the basic to advance for any stream relate to Cyber security instead of just learning Tools, i.e. Computer Forensic, Penetration Testing, Malware Analysis, Security Analyst etc. Learning basics or fundamentals gives you a strong foundation and then moving to the tools and practicing these will help you with ‘real life’ scenarios.

September 2018

Antonio Fernandes

Renaissance Technologist | CEH, ISO27001LA, CCNA CyberOps

Get your hands dirty!

Nowadays, it seems that certifications are required by hiring : if you have time and money, knowledge is always welcome!

June 2018

Rishabh Bhardwaj

Information Security Manager at Advanced Structures India

To enhance your career in cyber security, you have to work for increase your skills, think about the technology, update yourself from time to time, start with CEH and CHFI courses also for the basic skill set in this domain and practical closer is much required.

November 2018

Recommended Cybersecurity Skills & Certifications

These are skills that the professionals have referred to.

Programming Languages & Tools
Cybersecurity Certifications
  • CEH
  • CISSP
  • OSCP
  • CompTIA Security+